Warning: Permanently added '10.128.10.57' (ED25519) to the list of known hosts. 2024/05/09 07:05:10 ignoring optional flag "sandboxArg"="0" 2024/05/09 07:05:10 parsed 1 programs 2024/05/09 07:05:11 executed programs: 0 2024/05/09 07:05:16 executed programs: 83 2024/05/09 07:05:21 executed programs: 168 2024/05/09 07:05:26 executed programs: 291 2024/05/09 07:05:31 executed programs: 367 2024/05/09 07:05:37 executed programs: 448 2024/05/09 07:05:42 executed programs: 519 panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/jobs/openbsd/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x1c panic(ffffffff8292d7e0) at panic+0x165 __assert(ffffffff828e13a1,ffffffff82856e6f,bc,ffffffff828683dc) at __assert+0x29 unveil_destroy(ffff8000ffff4ca0) at unveil_destroy+0x174 exit1(ffff80002a6ec7d0,0,0,1) at exit1+0x3c0 sys_exit(ffff80002a6ec7d0,ffff80002a7bba30,ffff80002a7bb980) at sys_exit+0x1a syscall(ffff80002a7bba30) at syscall+0x72a Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x734deaf1b3e0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/jobs/openbsd/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8292d7e0) at panic+0x165 __assert(ffffffff828e13a1,ffffffff82856e6f,bc,ffffffff828683dc) at __assert+0x29 unveil_destroy(ffff8000ffff4ca0) at unveil_destroy+0x174 exit1(ffff80002a6ec7d0,0,0,1) at exit1+0x3c0 sys_exit(ffff80002a6ec7d0,ffff80002a7bba30,ffff80002a7bb980) at sys_exit+0x1a syscall(ffff80002a7bba30) at syscall+0x72a Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x734deaf1b3e0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a7bb770 rbx 0xffff8000ffff4ca0 rdx 0 rcx 0 rax 0xffff80002a6ec7d0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x28f06f4d7f4dce25 r11 0x7da24d5409e74146 r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff81813efc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a7bb760 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) tid=229141 pid=44444 tcnt=1 stat=onproc flags process=8001008 proc=2000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a6ec7d0 forw=0xffffffffffffffff, list=0xffff80002a67d218,0xffff80002a6ec2c0 process=0xffff8000ffff4ca0 user=0xffff80002a7b6000, vmspace=0xfffffd80697ac570 estcpu=34, cpticks=13, pctcpu=0.4, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 8244 459555 32788 0 2 0x8000000 syz-executor.6 8244 226358 32788 0 3 0xc000080 fsleep syz-executor.6 80803 315519 2565 0 2 0x8000000 syz-executor.3 80803 482566 2565 0 3 0xc000080 fsleep syz-executor.3 23368 512407 48047 0 2 0x8000000 syz-executor.0 23368 33703 48047 0 3 0xc000080 fsleep syz-executor.0 23368 410479 48047 0 3 0xc000080 fsleep syz-executor.0 61097 381706 2643 0 2 0x8000000 syz-executor.2 61097 316981 2643 0 3 0xc000080 fsleep syz-executor.2 61097 105260 2643 0 3 0xc000080 fsleep syz-executor.2 24463 285902 96992 0 2 0x8000002 syz-executor.7 32788 223616 96992 0 2 0x8000482 syz-executor.6 2643 157202 96992 0 2 0x8000482 syz-executor.2 682 310871 96992 0 2 0x8000482 syz-executor.5 3814 468749 96992 0 2 0x8000482 syz-executor.4 2565 514064 96992 0 3 0x8000082 nanoslp syz-executor.3 80695 36176 96992 0 2 0x8000482 syz-executor.1 48047 383278 96992 0 2 0x8000482 syz-executor.0 96992 504067 84182 0 3 0x1a000082 wait syz-execprog 96992 423128 84182 0 3 0x1e000082 thrsleep syz-execprog 96992 296978 84182 0 3 0x1e000082 wait syz-execprog 96992 149300 84182 0 3 0x1e000082 thrsleep syz-execprog 96992 17556 84182 0 3 0x1e000082 wait syz-execprog 96992 222544 84182 0 3 0x1e000082 wait syz-execprog 96992 57454 84182 0 3 0x1e000082 thrsleep syz-execprog 96992 208000 84182 0 3 0x1e000082 wait syz-execprog 96992 486712 84182 0 3 0x1e000082 thrsleep syz-execprog 96992 339791 84182 0 3 0x1e000082 wait syz-execprog 96992 213045 84182 0 3 0x1e000082 wait syz-execprog 96992 98536 84182 0 3 0x1e000082 wait syz-execprog 96992 275613 84182 0 3 0x1e000082 kqread syz-execprog 96992 428094 84182 0 3 0x1e000082 thrsleep syz-execprog 84182 22392 84013 0 3 0x810008a sigsusp ksh 84013 333446 13943 0 3 0x1800009a kqread sshd 44187 40126 1 0 3 0x18100083 ttyin getty 13943 11586 1 0 3 0x18000088 kqread sshd 14927 154325 52607 73 3 0x19100090 kqread syslogd 52607 224706 1 0 3 0x18100082 sbwait syslogd 683 398479 1 0 3 0x18100080 kqread resolvd 71366 186281 64355 77 3 0x18100092 kqread dhcpleased 8125 181619 64355 77 3 0x18100092 kqread dhcpleased 64355 393925 1 0 3 0x18000080 kqread dhcpleased 58777 366311 0 0 3 0x14200 bored smr 13313 347283 0 0 2 0x14200 zerothread 68262 52403 0 0 3 0x14200 aiodoned aiodoned 43171 56742 0 0 3 0x14200 syncer update 78899 106741 0 0 3 0x14200 cleaner cleaner 71336 351803 0 0 3 0x14200 reaper reaper 60814 360304 0 0 3 0x14200 pgdaemon pagedaemon 75524 29037 0 0 3 0x14200 bored viomb 49978 519917 0 0 3 0x40014200 acpi0 acpi0 43686 31526 0 0 3 0x14200 bored softnet3 7946 439660 0 0 3 0x14200 bored softnet2 83767 409443 0 0 3 0x14200 bored softnet1 54693 516060 0 0 3 0x14200 bored softnet0 14282 43076 0 0 3 0x14200 bored systqmp 41480 451302 0 0 3 0x14200 bored systq 88620 225316 0 0 3 0x40014200 tmoslp softclock 56576 416641 0 0 3 0x40014200 idle0 1 366395 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10155 6400K 6412K 166960K 11236 0 pcb 17 12K 12K 166960K 17 0 rtable 234 6K 6K 166960K 380 0 pf 29 8K 8K 166960K 32 0 ifaddr 43 11K 11K 166960K 49 0 ifgroup 50 2K 2K 166960K 55 0 counters 30 17K 17K 166960K 31 0 ioctlops 0 0K 2K 166960K 30 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1272 80K 80K 166960K 1288 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 73K 166960K 700 0 proc 59 74K 107K 166960K 2148 0 subproc 0 0K 0K 166960K 13 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 404 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 261 74K 75K 166960K 9695 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 35 70K 100K 166960K 1989 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 11 0K 2K 166960K 30 0 temp 1 6792K 6984K 166960K 5676 0 kqueue 12 18K 18K 166960K 34 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 38 0 35 1 0 1 1 0 8 0 rtentry 112 122 0 12 4 0 4 4 0 8 0 unpcb 144 45 0 32 1 0 1 1 0 8 0 syncache 336 8 0 8 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 808 12 0 8 1 0 1 1 0 8 0 arp 88 20 0 2 1 0 1 1 0 8 0 inpcb 352 66 0 59 1 0 1 1 0 8 0 nd6 104 27 0 3 1 0 1 1 0 8 0 kcovpl 48 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 501 0 48 29 0 29 29 0 8 0 art_table 32 502 0 48 4 0 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2136 0 619 95 0 95 95 0 8 0 ffsino 240 2136 0 619 90 0 90 90 0 8 0 nchpl 144 3513 0 1742 66 0 66 66 0 8 0 uvmvnodes 80 2158 0 0 45 0 45 45 0 8 0 vnodes 216 2158 0 0 120 0 120 120 0 8 0 namei 1024 11775 0 11774 7 3 4 4 0 8 3 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 11609 0 11609 8 7 1 8 1 8 1 plimitpl 152 49 0 34 1 0 1 1 0 8 0 sigapl 424 1026 0 982 6 0 6 6 0 8 0 futexpl 64 5924 0 5918 1 0 1 1 0 8 0 knotepl 120 6943 0 6865 3 0 3 3 0 8 0 kqueuepl 184 30 0 22 1 0 1 1 0 8 0 pipepl 288 182 0 154 3 1 2 3 0 8 0 fdescpl 432 1010 0 985 4 0 4 4 0 8 0 filepl 120 3132 0 3004 5 0 5 5 0 8 1 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 32 0 16 1 0 1 1 0 8 0 pgrppl 48 32 0 16 1 0 1 1 0 8 0 ucredpl 104 93 0 83 1 0 1 1 0 8 0 zombiepl 144 1454 0 1451 2 1 1 1 0 8 0 processpl 1072 1026 0 982 4 0 4 4 0 8 0 procpl 656 2085 0 2022 7 0 7 7 0 8 0 sockpl 504 149 0 126 4 0 4 4 0 8 0 mcl8k 8192 4 0 4 1 1 0 1 0 8 0 mcl4k 4096 16 0 16 1 1 0 1 0 8 0 mcl2k 2048 24806 0 24699 90 74 16 54 0 8 0 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 39668 0 39420 48 32 16 29 0 8 0 bufpl 280 5776 0 187 400 0 400 400 0 8 0 anonpl 24 388127 0 383440 53 23 30 51 0 188 0 amapchunkpl 152 33650 0 33017 32 4 28 28 0 158 0 amappl16 200 10928 0 10846 5 0 5 5 0 8 0 amappl15 192 43 0 42 1 0 1 1 0 8 0 amappl14 184 230 0 217 2 1 1 2 0 8 0 amappl13 176 30 0 28 1 0 1 1 0 8 0 amappl12 168 1683 0 1656 2 0 2 2 0 8 0 amappl11 160 77 0 67 1 0 1 1 0 8 0 amappl10 152 73 0 63 1 0 1 1 0 8 0 amappl9 144 309 0 309 1 1 0 1 0 8 0 amappl8 136 140 0 117 1 0 1 1 0 8 0 amappl7 128 84 0 80 1 0 1 1 0 8 0 amappl6 120 416 0 403 2 1 1 2 0 8 0 amappl5 112 220 0 207 1 0 1 1 0 8 0 amappl4 104 692 0 660 2 0 2 2 0 8 0 amappl3 96 7791 0 7708 3 0 3 3 0 8 0 amappl2 88 1645 0 1575 4 2 2 4 0 8 0 amappl1 80 16138 0 15653 26 15 11 22 0 8 0 amappl 88 8979 0 8796 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1010 0 984 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1010 0 984 1 0 1 1 0 8 0 vmmpekpl 168 15999 0 15965 2 0 2 2 0 8 0 vmmpepl 168 93383 0 91764 116 39 77 112 0 357 1 vmsppl 344 1009 0 984 3 0 3 3 0 8 0 rwobjpl 24 40732 0 37599 21 1 20 20 0 8 0 pdppl 4096 2026 0 1968 108 44 64 68 0 8 6 pvpl 32 789665 0 779995 370 288 82 363 0 265 0 pmappl 216 1009 0 984 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 485 0 159 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8292d7e0) at panic+0x165 __assert(ffffffff828e13a1,ffffffff82856e6f,bc,ffffffff828683dc) at __assert+0x29 unveil_destroy(ffff8000ffff4ca0) at unveil_destroy+0x174 exit1(ffff80002a6ec7d0,0,0,1) at exit1+0x3c0 sys_exit(ffff80002a6ec7d0,ffff80002a7bba30,ffff80002a7bb980) at sys_exit+0x1a syscall(ffff80002a7bba30) at syscall+0x72a Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x734deaf1b3e0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff8292d7e0) at panic+0x165 __assert(ffffffff828e13a1,ffffffff82856e6f,bc,ffffffff828683dc) at __assert+0x29 unveil_destroy(ffff8000ffff4ca0) at unveil_destroy+0x174 exit1(ffff80002a6ec7d0,0,0,1) at exit1+0x3c0 sys_exit(ffff80002a6ec7d0,ffff80002a7bba30,ffff80002a7bb980) at sys_exit+0x1a syscall(ffff80002a7bba30) at syscall+0x72a Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x734deaf1b3e0, count: -8