panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292bfde) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e13f2,ffffffff828b0af6,bc,ffffffff82863e17) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff8000ffff5930) at unveil_destroy+0x174 sys/kern/kern_unveil.c:188 exit1(ffff80002a63ed18,0,0,1) at exit1+0x3c0 sys/kern/kern_exit.c:218 sys_exit(ffff80002a63ed18,ffff80002a6e3a00,ffff80002a6e3950) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002a6e3a00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c4e28d1d840, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292bfde) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e13f2,ffffffff828b0af6,bc,ffffffff82863e17) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff8000ffff5930) at unveil_destroy+0x174 sys/kern/kern_unveil.c:188 exit1(ffff80002a63ed18,0,0,1) at exit1+0x3c0 sys/kern/kern_exit.c:218 sys_exit(ffff80002a63ed18,ffff80002a6e3a00,ffff80002a6e3950) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002a6e3a00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c4e28d1d840, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a6e3740 rbx 0xffff8000ffff5930 rdx 0 rcx 0 rax 0xffff80002a63ed18 r8 0x101010101010101 r9 0x8080808080808080 r10 0xba4711bfebd97750 r11 0x636ed73c05d997d8 r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff821bdc7c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a6e3730 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=53399 pid=94080 tcnt=1 stat=onproc flags process=8001008 proc=2000 runpri=17, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a63ed18 forw=0xffffffffffffffff, list=0xffff80002a63e048,0xffff80002a6794b0 process=0xffff8000ffff5930 user=0xffff80002a6de000, vmspace=0xfffffd806b64dae8 estcpu=36, cpticks=9, pctcpu=0.4, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 58916 141357 63976 0 2 0x8000000 syz-executor.7 58916 282137 63976 0 2 0xc000000 syz-executor.7 19122 473661 77302 0 2 0x8000000 syz-executor.2 7358 239746 67875 0 2 0x8000000 syz-executor.5 7358 399829 67875 0 3 0xc000080 fsleep syz-executor.5 81500 351022 8441 0 3 0x8003000 suspend syz-executor.1 81500 10960 8441 0 2 0xc081000 syz-executor.1 66600 24857 573 0 2 0x8000010 syz-executor.4 66600 32492 573 0 3 0xc000090 fsleep syz-executor.4 66600 21488 573 0 3 0xc000090 fsleep syz-executor.4 77302 375132 35841 0 3 0x8000082 nanoslp syz-executor.2 8441 138498 35841 0 3 0x8000082 nanoslp syz-executor.1 54480 240778 0 0 3 0x14200 acct acct 34753 299661 4175 0 3 0x18100082 netio arp 4175 144957 54617 0 3 0x810008a sigsusp sh 573 290026 35841 0 3 0x8000082 nanoslp syz-executor.4 54617 182064 35841 0 3 0x8000082 wait syz-executor.6 67875 464756 35841 0 3 0x8000082 nanoslp syz-executor.5 63976 413760 35841 0 3 0x8000082 nanoslp syz-executor.7 81410 45670 35841 0 3 0x8000082 nanoslp syz-executor.3 48076 348090 35841 0 2 0x8000002 syz-executor.0 90016 305960 0 0 3 0x14280 nfsidl nfsio 20360 347756 0 0 3 0x14280 nfsidl nfsio 27690 365288 0 0 3 0x14280 nfsidl nfsio 36164 520227 0 0 3 0x14280 nfsidl nfsio 95447 277781 0 0 3 0x14280 nfsidl nfsio 86370 10726 0 0 3 0x14280 nfsidl nfsio 84903 3997 0 0 3 0x14280 nfsidl nfsio 4826 131832 0 0 3 0x14280 nfsidl nfsio 7101 175149 0 0 3 0x14280 nfsidl nfsio 6118 393763 0 0 3 0x14280 nfsidl nfsio 92288 474936 0 0 3 0x14280 nfsidl nfsio 34526 214164 0 0 3 0x14280 nfsidl nfsio 31655 57793 0 0 3 0x14280 nfsidl nfsio 14565 365506 0 0 3 0x14280 nfsidl nfsio 87021 27445 0 0 3 0x14280 nfsidl nfsio 97495 408361 0 0 3 0x14280 nfsidl nfsio 61774 184929 0 0 3 0x14280 nfsidl nfsio 3994 80738 0 0 3 0x14280 nfsidl nfsio 26965 439070 0 0 3 0x14280 nfsidl nfsio 20084 57555 0 0 3 0x14280 nfsidl nfsio 73014 110647 0 0 3 0x14200 bored sosplice 35841 356927 6920 0 3 0x1a000082 thrsleep syz-fuzzer 35841 437159 6920 0 3 0x1e000082 nanoslp syz-fuzzer 35841 292977 6920 0 3 0x1e000082 wait syz-fuzzer 35841 169587 6920 0 3 0x1e000082 thrsleep syz-fuzzer 35841 95481 6920 0 3 0x1e000082 kqread syz-fuzzer 35841 26478 6920 0 3 0x1e000082 wait syz-fuzzer 35841 130618 6920 0 3 0x1e000082 wait syz-fuzzer 35841 185613 6920 0 3 0x1e000082 thrsleep syz-fuzzer 35841 356692 6920 0 3 0x1e000082 wait syz-fuzzer 35841 296003 6920 0 3 0x1e000082 wait syz-fuzzer 35841 156613 6920 0 3 0x1e000082 thrsleep syz-fuzzer 35841 58431 6920 0 3 0x1e000082 wait syz-fuzzer 35841 438544 6920 0 3 0x1e000082 wait syz-fuzzer 35841 25701 6920 0 3 0x1e000082 wait syz-fuzzer 35841 425813 6920 0 3 0x1e000082 thrsleep syz-fuzzer 6920 405680 36261 0 3 0x810008a sigsusp ksh 36261 113917 61816 0 3 0x1800009a kqread sshd 61376 51110 1 0 3 0x18100083 ttyin getty 61816 366370 1 0 3 0x18000088 kqread sshd 79183 226570 99625 73 3 0x19100090 kqread syslogd 99625 386315 1 0 3 0x18100082 sbwait syslogd 76329 397587 1 0 3 0x18100080 kqread resolvd 35621 438368 8523 77 3 0x18100092 kqread dhcpleased 52646 164510 8523 77 3 0x18100092 kqread dhcpleased 8523 24794 1 0 3 0x18000080 kqread dhcpleased 31172 519362 0 0 3 0x14200 bored smr 99249 54407 0 0 2 0x14200 zerothread 73462 308080 0 0 3 0x14200 aiodoned aiodoned 88791 245375 0 0 2 0x14600 update 14695 458802 0 0 3 0x14200 cleaner cleaner 25602 46364 0 0 3 0x14200 reaper reaper 19199 64569 0 0 3 0x14200 pgdaemon pagedaemon 80018 458103 0 0 3 0x14200 bored viomb 72768 109006 0 0 3 0x40014200 acpi0 acpi0 32253 156714 0 0 3 0x14200 bored softnet3 63262 94303 0 0 3 0x14200 bored softnet2 89284 184526 0 0 3 0x14200 bored softnet1 74933 522250 0 0 3 0x14200 bored softnet0 80249 280410 0 0 3 0x14200 bored systqmp 21394 170953 0 0 3 0x14200 bored systq 19648 156388 0 0 2 0x40014200 softclock 11374 425329 0 0 3 0x40014200 idle0 1 236800 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10180 6430K 7059K 166960K 12804 0 pcb 17 18K 19K 166960K 691 0 rtable 194 6K 7K 166960K 3678 0 pf 31 9K 10K 166960K 348 0 ifaddr 40 12K 13K 166960K 512 0 ifgroup 54 2K 2K 166960K 639 0 sysctl 4 1K 1K 166960K 12 0 counters 31 17K 17K 166960K 172 0 ioctlops 0 0K 2K 166960K 337 0 iov 0 0K 16K 166960K 380 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1396 88K 88K 166960K 4508 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 117 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 363 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 101K 166960K 5120 0 sigio 0 0K 0K 166960K 88 0 proc 62 75K 124K 166960K 3782 0 subproc 104 6K 8K 166960K 1563 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 491 0 in_multi 76 5K 7K 166960K 1308 0 ether_multi 1 0K 0K 166960K 30 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 2K 166960K 2008 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 366 624K 633K 166960K 44097 0 UVM aobj 143 6K 6K 166960K 144 0 pinsyscall 40 80K 108K 166960K 9050 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 273 0 NDP 12 0K 2K 166960K 374 0 temp 77 6812K 7008K 166960K 143410 0 kqueue 12 18K 34K 166960K 524 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 667 0 662 3 2 1 3 0 8 0 rtentry 112 1312 0 1226 3 0 3 3 0 8 0 unpcb 144 3410 0 3394 7 5 2 6 0 8 1 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 59 0 59 1 1 0 1 0 8 0 tcpcb 808 1600 0 1595 15 10 5 11 0 8 4 arp 88 242 0 225 1 0 1 1 0 8 0 ipq 40 6 0 6 2 1 1 1 0 8 1 ipqe 40 10 0 10 2 1 1 1 0 8 1 inpcb 360 4828 0 4819 24 16 8 13 0 8 7 ip6q 72 1 0 1 1 1 0 1 0 8 0 nd6 104 359 0 339 1 0 1 1 0 8 0 pkpcb 40 27 0 27 2 1 1 1 0 8 1 kcovpl 48 120 0 112 1 0 1 1 0 8 0 ppxss 1072 7 0 7 2 1 1 1 0 8 1 art_heap8 4096 2 0 1 2 0 2 2 0 8 1 art_heap4 256 5267 0 4932 69 47 22 25 0 8 1 art_table 32 5269 0 4933 4 0 4 4 0 8 1 art_node 16 1305 0 1228 1 0 1 1 0 8 0 sysvmsgpl 40 33 0 26 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 355 0 345 1 0 1 1 0 8 0 shmpl 112 141 0 1 4 0 4 4 0 8 0 dirhash 1024 59 0 42 3 0 3 3 0 8 0 dino2pl 256 8026 0 6494 96 0 96 96 0 8 0 ffsino 240 8027 0 6494 91 0 91 91 0 8 0 nchpl 144 14334 0 12607 66 0 66 66 0 8 0 uvmvnodes 80 8777 0 0 180 0 180 180 0 8 0 vnodes 216 8777 0 0 488 0 488 488 0 8 0 namei 1024 60525 0 60524 4 2 2 3 0 8 1 vcpupl 3904 44 0 0 6 0 6 6 0 8 0 vmpool 664 46 0 2 4 0 4 4 0 8 0 kstatmem 264 306 0 282 2 0 2 2 0 8 0 scsiplug 72 9 0 9 2 1 1 1 0 8 1 scxspl 216 86577 0 86577 9 7 2 8 1 8 2 plimitpl 152 990 0 975 1 0 1 1 0 8 0 sigapl 424 5216 0 5148 9 0 9 9 0 8 0 futexpl 64 59979 0 59976 1 0 1 1 0 8 0 knotepl 120 37602 0 37518 52 41 11 18 0 8 7 kqueuepl 184 1124 0 1116 4 3 1 4 0 8 0 pipepl 288 1000 0 972 7 4 3 7 0 8 0 fdescpl 432 5175 0 5146 6 1 5 5 0 8 1 filepl 120 33470 0 33227 16 6 10 15 0 8 2 lockfpl 104 976 0 974 1 0 1 1 0 8 0 lockfspl 48 314 0 312 1 0 1 1 0 8 0 sessionpl 144 128 0 112 1 0 1 1 0 8 0 pgrppl 48 182 0 166 1 0 1 1 0 8 0 ucredpl 104 5172 0 5160 1 0 1 1 0 8 0 zombiepl 144 5847 0 5845 1 0 1 1 0 8 0 processpl 1072 5216 0 5148 5 0 5 5 0 8 0 procpl 656 10859 0 10771 10 1 9 9 0 8 0 sosppl 168 100 0 100 2 1 1 1 0 8 1 sockpl 504 9034 0 9004 102 91 11 29 0 8 7 mcl64k 65536 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 39 0 39 2 1 1 1 0 8 1 mcl4k 4096 58 0 58 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 1 1 0 1 0 8 0 mcl2k 2048 47566 0 47464 47 26 21 35 0 8 7 mtagpl 96 58 0 58 2 1 1 1 0 8 1 mbufpl 256 147342 0 147114 115 94 21 61 0 8 2 bufpl 280 16366 0 7587 628 0 628 628 0 8 0 anonpl 24 709161 0 703011 109 43 66 90 0 188 12 amapchunkpl 152 140625 0 139931 56 12 44 44 0 158 15 amappl16 200 14447 0 14329 60 45 15 20 0 8 8 amappl15 192 16 0 16 1 1 0 1 0 8 0 amappl14 184 473 0 460 2 1 1 2 0 8 0 amappl13 176 22 0 22 1 1 0 1 0 8 0 amappl12 168 7419 0 7386 4 1 3 3 0 8 1 amappl11 160 78 0 68 1 0 1 1 0 8 0 amappl10 152 179 0 168 1 0 1 1 0 8 0 amappl9 144 177 0 177 1 1 0 1 0 8 0 amappl8 136 294 0 264 2 0 2 2 0 8 0 amappl7 128 77 0 62 1 0 1 1 0 8 0 amappl6 120 1840 0 1824 2 1 1 2 0 8 0 amappl5 112 582 0 570 1 0 1 1 0 8 0 amappl4 104 1193 0 1158 3 1 2 2 0 8 0 amappl3 96 26177 0 26089 3 0 3 3 0 8 0 amappl2 88 5970 0 5893 5 2 3 4 0 8 1 amappl1 80 31425 0 30905 24 9 15 22 0 8 1 amappl 88 42650 0 42413 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 143 0 1 3 0 3 3 0 8 0 uaddrrnd 24 5221 0 5147 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5220 0 5147 1 0 1 1 0 8 0 vmmpekpl 168 42869 0 42804 4 0 4 4 0 8 0 vmmpepl 168 351121 0 349171 123 24 99 112 0 357 6 vmsppl 344 5220 0 5147 8 0 8 8 0 8 1 rwobjpl 24 94761 0 84689 62 0 62 62 0 8 0 pdppl 4096 10448 0 10338 432 322 110 122 0 8 0 pvpl 32 1994761 0 1982272 417 242 175 362 0 265 53 pmappl 216 5220 0 5147 5 0 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 992 0 602 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292bfde) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e13f2,ffffffff828b0af6,bc,ffffffff82863e17) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff8000ffff5930) at unveil_destroy+0x174 sys/kern/kern_unveil.c:188 exit1(ffff80002a63ed18,0,0,1) at exit1+0x3c0 sys/kern/kern_exit.c:218 sys_exit(ffff80002a63ed18,ffff80002a6e3a00,ffff80002a6e3950) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002a6e3a00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c4e28d1d840, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292bfde) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e13f2,ffffffff828b0af6,bc,ffffffff82863e17) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff8000ffff5930) at unveil_destroy+0x174 sys/kern/kern_unveil.c:188 exit1(ffff80002a63ed18,0,0,1) at exit1+0x3c0 sys/kern/kern_exit.c:218 sys_exit(ffff80002a63ed18,ffff80002a6e3a00,ffff80002a6e3950) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002a6e3a00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c4e28d1d840, count: -8