panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 196
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 479921  99462      0           0  0x4000000    0  syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f98711,ffffffff81f9cd8c,c4,ffffffff81f5c06e) at __assert+0x2e sys/kern/subr_prf.c:159
unveil_destroy(ffff800020b8cd38) at unveil_destroy+0x19f sys/kern/kern_unveil.c:196
exit1(ffff800020b38bd0,0,1) at exit1+0x354 sys/kern/kern_exit.c:216
sys_exit(ffff800020b38bd0,ffff800020c4b280,ffff800020c4b2f0) at sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800020c4b360) at syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020c4b360) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,1,0,1,431bde82d7b634db,7f7fffffac68) at Xsyscall+0x128
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 196
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f98711,ffffffff81f9cd8c,c4,ffffffff81f5c06e) at __assert+0x2e sys/kern/subr_prf.c:159
unveil_destroy(ffff800020b8cd38) at unveil_destroy+0x19f sys/kern/kern_unveil.c:196
exit1(ffff800020b38bd0,0,1) at exit1+0x354 sys/kern/kern_exit.c:216
sys_exit(ffff800020b38bd0,ffff800020c4b280,ffff800020c4b2f0) at sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800020c4b360) at syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020c4b360) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,1,0,1,431bde82d7b634db,7f7fffffac68) at Xsyscall+0x128
end trace frame: 0x0, count: -8
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800020c4b080
rbx               0xffff800020c4b130
rdx               0xffff800020b38bd0
rcx                                0
rax                                0
r8                0xffffffff812d2ac3    kprintf+0x173
r9                               0x1
r10                             0x25
r11               0x23678c425f22f3c1
r12                     0x3000000008
r13               0xffff800020c4b090
r14                            0x100
r15                              0x1
rip               0xffffffff816ce868    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020c4b070
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=88968 stat=onproc
    flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
    pri=50, usrpri=83, nice=20
    forw=0xffffffffffffffff, list=0xffff800020b38e28,0xffff800020b38280
    process=0xffff800020b8cd38 user=0xffff800020c46000, vmspace=0xfffffd807effe708
    estcpu=33, cpticks=7, pctcpu=0.0
    user=0, sys=2, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 99462  396721  68892      0  2           0                syz-executor.1
 99462  479921  68892      0  7   0x4000000                syz-executor.1
 68892  341002  21015      0  3        0x82  nanosleep     syz-executor.1
 94263   40880      0      0  3     0x14200  bored         sosplice
 63455  171311  21015      0  3        0x82  nanosleep     syz-executor.0
 21015   31081  80280      0  3        0x82  thrsleep      syz-fuzzer
 21015  375965  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  302226  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  164765  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  440533  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  399308  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  518092  80280      0  3   0x4000082  kqread        syz-fuzzer
 21015  364739  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  179181  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 21015  430008  80280      0  3   0x4000082  thrsleep      syz-fuzzer
 80280   31341  36233      0  3    0x10008a  pause         ksh
 36233  411443  29949      0  3        0x92  select        sshd
 71996  440389      1      0  3    0x100083  ttyin         getty
 29949  170395      1      0  3        0x80  select        sshd
 74050  222575  41377     74  3    0x100092  bpf           pflogd
 41377  386138      1      0  3        0x80  netio         pflogd
 77277  307438  60073     73  3    0x100090  kqread        syslogd
 60073   20261      1      0  3    0x100082  netio         syslogd
 30889  401851      1     77  3    0x100090  poll          dhclient
 27075  135262      1      0  3        0x80  poll          dhclient
 89128  218748      0      0  3     0x14200  pgzero        zerothread
 72277  305458      0      0  3     0x14200  aiodoned      aiodoned
 36648  158890      0      0  3     0x14200  syncer        update
 40832  122118      0      0  3     0x14200  cleaner       cleaner
 95876  236776      0      0  3     0x14200  reaper        reaper
 30996  467063      0      0  3     0x14200  pgdaemon      pagedaemon
 99773    3526      0      0  3     0x14200  bored         crynlk
 14322   76981      0      0  3     0x14200  bored         crypto
 58010  497486      0      0  3  0x40014200  acpi0         acpi0
 11193  249887      0      0  3  0x40014200                idle1
 71648  147097      0      0  3     0x14200  bored         softnet
 15429  269403      0      0  3     0x14200  bored         systqmp
 58756   17060      0      0  3     0x14200  bored         systq
 37479  335325      0      0  3  0x40014200  bored         softclock
 94853  213113      0      0  3  0x40014200                idle0
 74111  166272      0      0  3     0x14200  bored         smr
     1  190822      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim Kern Lim
         devbuf  9553   6425K    7072K  78643K     13171        0        0
            pcb    25      9K      10K  78643K       552        0        0
         rtable   108      4K       4K  78643K       398        0        0
         ifaddr    71     15K      15K  78643K       155        0        0
       counters    39     33K      33K  78643K        39        0        0
       ioctlops     0      0K       4K  78643K      1522        0        0
            iov     0      0K      24K  78643K       140        0        0
          mount     1      1K       1K  78643K         1        0        0
         vnodes  1193     75K      76K  78643K      2070        0        0
      UFS quota     1     32K      32K  78643K         1        0        0
      UFS mount     5     36K      36K  78643K         5        0        0
            shm     2      1K       5K  78643K        17        0        0
         VM map     2      1K       1K  78643K         2        0        0
            sem    12      1K       2K  78643K       180        0        0
        dirhash    12      2K       2K  78643K        12        0        0
           ACPI  1808    196K     290K  78643K     12628        0        0
      file desc     5     13K      25K  78643K      1264        0        0
          sigio     0      0K       0K  78643K        11        0        0
           proc    58     63K      91K  78643K       559        0        0
        subproc    64  65538K   69634K  78643K       106        0        0
    NFS srvsock     1      0K       0K  78643K         1        0        0
     NFS daemon     1     16K      16K  78643K         1        0        0
    ip_moptions     0      0K       0K  78643K       124        0        0
       in_multi    33      2K       2K  78643K        81        0        0
    ether_multi     1      0K       0K  78643K         6        0        0
            mrt     0      0K       0K  78643K         2        0        0
    ISOFS mount     1     32K      32K  78643K         1        0        0
  MSDOSFS mount     1     16K      16K  78643K         1        0        0
           ttys    72    318K     318K  78643K        72        0        0
           exec     0      0K       1K  78643K       278        0        0
        pagedep     1      8K       8K  78643K         1        0        0
       inodedep     1     32K      32K  78643K         1        0        0
         newblk     1      0K       0K  78643K         1        0        0
        VM swap     7     26K      26K  78643K         7        0        0
       UVM amap    93     21K      26K  78643K      4831        0        0
       UVM aobj    38      2K       2K  78643K        51        0        0
        memdesc     1      4K       4K  78643K         1        0        0
    crypto data     1      1K       1K  78643K         1        0        0
    ip6_options     0      0K       0K  78643K        52        0        0
            NDP    16      0K       0K  78643K        42        0        0
           temp   200   2732K    2860K  78643K      9570        0        0
         kqueue     0      0K       0K  78643K        19        0        0
      SYN cache     2     16K      16K  78643K         2        0        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64        8    0        2     1     0     1     1     0     8    0
inpcbpl    280     1092    0     1085     2     1     1     2     0     8    0
plimitpl   152       58    0       50     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtentry    112       56    0       12     2     0     2     2     0     8    0
syncache   264        4    0        4     1     1     0     1     0     8    0
tcpcb      544      198    0      194     1     0     1     1     0     8    0
nd6         48        9    0        3     1     0     1     1     0     8    0
ppxss      1128      17    0       17     5     5     0     1     0     8    0
pfosfp      40      846    0      423     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24       25    0       13     1     0     1     1     0     8    0
pfstkey    112       25    0       13     1     0     1     1     0     8    0
pfstate    328       25    0       13     2     0     2     2     0     8    0
pfrule     1360      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      235    0       44    12     0    12    12     0     8    0
art_table   32      236    0       44     2     0     2     2     0     8    0
art_node    16       55    0       15     1     0     1     1     0     8    0
sysvmsgpl   40       14    0        4     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112      174    0      164     1     0     1     1     0     8    0
shmpl      112       49    0       13     2     0     2     2     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128     3322    0     1892    47     0    47    47     0     8    0
ffsino     272     3322    0     1892    97     1    96    96     0     8    0
nchpl      144     5278    0     3653    61     0    61    61     0     8    0
uvmvnodes   72     3973    0        0    73     0    73    73     0     8    0
vnodes     200     3973    0        0   210     0   210   210     0     8    0
namei      1024   14921    0    14921     1     0     1     1     0     8    1
percpumem   16       30    0        0     1     0     1     1     0     8    0
scsiplug    64        2    0        2     1     1     0     1     0     8    0
scxspl     192    29693    0    29693     7     6     1     6     0     8    1
sigapl     432     1460    0     1444     3     1     2     3     0     8    0
futexpl     56    14609    0    14609     1     0     1     1     0     8    1
knotepl    112      263    0      244     1     0     1     1     0     8    0
kqueuepl   104      247    0      245     1     0     1     1     0     8    0
pipepl     112      750    0      731     1     0     1     1     0     8    0
fdescpl    488     1461    0     1445     4     1     3     3     0     8    0
filepl     152     7738    0     7639     5     0     5     5     0     8    1
lockfpl    104      380    0      380     3     2     1     1     0     8    1
lockfspl    48      131    0      131     3     2     1     1     0     8    1
sessionpl  112       19    0        8     1     0     1     1     0     8    0
pgrppl      48       29    0       18     1     0     1     1     0     8    0
ucredpl     96      823    0      814     1     0     1     1     0     8    0
zombiepl   144     1445    0     1444     1     0     1     1     0     8    0
processpl  840     1477    0     1444     4     0     4     4     0     8    0
procpl     600     4049    0     4006     4     0     4     4     0     8    0
srpgc       64        6    0        6     1     0     1     1     0     8    1
sosppl     128       21    0       21     4     4     0     1     0     8    0
sockpl     384     1553    0     1534     3     0     3     3     0     8    1
mcl64k     65536     13    0        0     2     0     2     2     0     8    0
mcl16k     16384      3    0        0     1     0     1     1     0     8    0
mcl12k     12288     13    0        0     2     0     2     2     0     8    0
mcl9k      9216       5    0        0     1     0     1     1     0     8    0
mcl8k      8192       5    0        0     1     0     1     1     0     8    0
mcl4k      4096       8    0        0     1     0     1     1     0     8    0
mcl2k2     2112       1    0        0     1     0     1     1     0     8    0
mcl2k      2048     134    0        0    15     0    15    15     0     8    0
mtagpl      80        3    0        0     1     0     1     1     0     8    0
mbufpl     256      196    0        0    11     1    10    11     0     8    0
bufpl      256    29583    0    23372   392     0   392   392     0     8    0
anonpl      16   128477    0   119357    69    20    49    62     0   125    1
amapchunkpl 152    8211    0     8092    20    14     6    10     0   158    0
amappl16   192     6322    0     5689    48    15    33    42     0     8    1
amappl14   176      631    0      623     1     0     1     1     0     8    0
amappl13   168        7    0        7     2     2     0     1     0     8    0
amappl12   160       13    0       11     1     0     1     1     0     8    0
amappl11   152      680    0      661     2     1     1     2     0     8    0
amappl10   144       76    0       72     1     0     1     1     0     8    0
amappl9    136      615    0      610     1     0     1     1     0     8    0
amappl8    128      154    0      135     1     0     1     1     0     8    0
amappl7    120       38    0       35     1     0     1     1     0     8    0
amappl6    112      679    0      673     1     0     1     1     0     8    0
amappl5    104      136    0      120     1     0     1     1     0     8    0
amappl4     96     1704    0     1673     2     1     1     2     0     8    0
amappl3     88      163    0      153     1     0     1     1     0     8    0
amappl2     80    11746    0    11681     2     0     2     2     0     8    0
amappl1     72    41110    0    40661    25    15    10    20     0     8    0
amappl      72     4326    0     4285     1     0     1     1     0    75    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma64       64      259    0      259     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       17    0       17     1     1     0     1     0     8    0
aobjpl      64       50    0       13     1     0     1     1     0     8    0
uaddrrnd    24     1461    0     1444     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     1461    0     1444     1     0     1     1     0     8    0
vmmpekpl   168    14949    0    14923     2     0     2     2     0     8    0
vmmpepl    168   156488    0   154774   144    49    95   113     0   357   20
vmsppl     360     1460    0     1444     2     0     2     2     0     8    0
pdppl      4096    2930    0     2888     7     1     6     6     0     8    0
pvpl        32   386780    0   374387   167    40   127   152     0   265    6
pmappl     232     1460    0     1444     2     1     1     2     0     8    0
extentpl    40       39    0       25     1     0     1     1     0     8    0
phpool     112      549    0        6    16     0    16    16     0     8    0