Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x1c panic(ffffffff82927b8e) at panic+0x165 __assert(ffffffff828e10c6,ffffffff828b33eb,bc,ffffffff82866e64) at __assert+0x29 unveil_destroy(ffff8000ffff4010) at unveil_destroy+0x174 exit1(ffff80002a604ab0,0,0,1) at exit1+0x3d6 sys_exit(ffff80002a604ab0,ffff80002a665760,ffff80002a6656b0) at sys_exit+0x1a syscall(ffff80002a665760) at syscall+0x538 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x740961809ac0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x1c panic(ffffffff82927b8e) at panic+0x165 __assert(ffffffff828e10c6,ffffffff828b33eb,bc,ffffffff82866e64) at __assert+0x29 unveil_destroy(ffff8000ffff4010) at unveil_destroy+0x174 exit1(ffff80002a604ab0,0,0,1) at exit1+0x3d6 sys_exit(ffff80002a604ab0,ffff80002a665760,ffff80002a6656b0) at sys_exit+0x1a syscall(ffff80002a665760) at syscall+0x538 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x740961809ac0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a6654b0 rbx 0xffff8000ffff4010 rdx 0x3fd rcx 0 rax 0x8a r8 0x101010101010101 r9 0x8080808080808080 r10 0xb7a1e81a51ee1739 r11 0xf4e5a14ce68ef04e r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff811a086c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a6654a0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor2269761477) tid=330407 pid=66570 tcnt=1 stat=onproc flags process=8001008 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a604ab0 forw=0xffffffffffffffff, list=0xffff80002a5d6558,0xffffffff82e14630 process=0xffff8000ffff4010 user=0xffff80002a660000, vmspace=0xfffffd80074a2420 estcpu=36, cpticks=11, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 44207 453899 16710 0 3 0x8000082 nanoslp syz-executor2269761477 16710 375422 36781 0 3 0x810008a sigsusp ksh 36781 362871 57940 0 3 0x1800009a kqread sshd 38654 429732 1 0 3 0x18100083 ttyin getty 57940 312305 1 0 3 0x18000088 kqread sshd 85341 13763 60956 73 3 0x19100090 kqread syslogd 60956 219502 1 0 3 0x18100082 netio syslogd 3841 432820 1 0 3 0x18100080 kqread resolvd 47809 434522 73068 77 3 0x18100092 kqread dhcpleased 34716 320092 73068 77 3 0x18100092 kqread dhcpleased 73068 453173 1 0 3 0x18000080 kqread dhcpleased 92496 406398 0 0 3 0x14200 bored smr 52217 9050 0 0 3 0x14200 pgzero zerothread 48337 184428 0 0 3 0x14200 aiodoned aiodoned 36262 10713 0 0 3 0x14200 syncer update 22195 269322 0 0 3 0x14200 cleaner cleaner 5388 503820 0 0 3 0x14200 reaper reaper 39290 114086 0 0 3 0x14200 pgdaemon pagedaemon 98367 326106 0 0 3 0x14200 bored viomb 53215 320413 0 0 3 0x40014200 acpi0 acpi0 8325 92757 0 0 3 0x14200 bored softnet3 92924 319111 0 0 3 0x14200 bored softnet2 55792 247677 0 0 3 0x14200 bored softnet1 96076 167129 0 0 3 0x14200 bored softnet0 27513 175929 0 0 3 0x14200 bored systqmp 51866 166283 0 0 3 0x14200 bored systq 82378 345396 0 0 3 0x40014200 tmoslp softclock 88594 425982 0 0 3 0x40014200 idle0 1 80524 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10137 6382K 6413K 166960K 11215 0 pcb 15 10K 10K 166960K 15 0 rtable 58 1K 2K 166960K 112 0 pf 12 6K 6K 166960K 12 0 ifaddr 11 5K 5K 166960K 11 0 ifgroup 17 1K 1K 166960K 17 0 counters 22 16K 16K 166960K 22 0 ioctlops 0 0K 2K 166960K 21 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1259 79K 79K 166960K 1275 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 1 0K 0K 166960K 1 0 proc 59 74K 75K 166960K 1293 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 11 0K 0K 166960K 11 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 246 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 99 4K 5K 166960K 4227 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 22 44K 48K 166960K 1197 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 3 0K 0K 166960K 3 0 temp 1 6788K 6852K 166960K 2930 0 kqueue 11 16K 18K 166960K 24 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 21 0 18 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 336 5 0 5 1 1 0 1 0 8 0 tcpqe 32 55 0 55 1 1 0 1 0 8 0 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 88 2 0 0 1 0 1 1 0 8 0 inpcb 360 26 0 20 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1502 0 40 92 0 92 92 0 8 0 ffsino 240 1502 0 40 86 0 86 86 0 8 0 nchpl 144 1686 0 47 61 0 61 61 0 8 0 uvmvnodes 80 1511 0 0 31 0 31 31 0 8 0 vnodes 216 1511 0 0 84 0 84 84 0 8 0 namei 1024 5748 0 5748 2 1 1 1 0 8 1 kstatmem 264 6 0 0 1 0 1 1 0 8 0 scxspl 216 5411 0 5411 9 1 8 8 1 8 8 plimitpl 152 16 0 10 1 0 1 1 0 8 0 sigapl 424 659 0 629 4 0 4 4 0 8 0 futexpl 64 1238 0 1238 1 0 1 1 0 8 1 knotepl 120 7455 0 7426 2 1 1 2 0 8 0 kqueuepl 184 20 0 13 1 0 1 1 0 8 0 pipepl 288 88 0 85 1 0 1 1 0 8 0 fdescpl 432 643 0 630 2 0 2 2 0 8 0 filepl 120 1136 0 1083 2 0 2 2 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 104 66 0 56 1 0 1 1 0 8 0 zombiepl 144 648 0 647 2 1 1 1 0 8 0 processpl 1072 659 0 629 3 0 3 3 0 8 0 procpl 680 1025 0 995 3 0 3 3 0 8 0 sockpl 488 80 0 58 3 0 3 3 0 8 0 mcl8k 8192 4 0 4 1 1 0 1 0 8 0 mcl4k 4096 10 0 10 1 1 0 1 0 8 0 mcl2k 2048 12505 0 12462 33 26 7 32 0 8 1 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 21181 0 21134 17 13 4 17 0 8 0 bufpl 280 2486 0 89 172 0 172 172 0 8 0 anonpl 24 169262 0 167424 23 11 12 22 0 188 0 amapchunkpl 152 14548 0 14397 7 1 6 7 0 158 0 amappl16 200 4096 0 4095 4 3 1 4 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 103 0 94 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 1140 0 1127 1 0 1 1 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 12 0 12 1 1 0 1 0 8 0 amappl9 144 78 0 78 1 1 0 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 358 0 355 1 0 1 1 0 8 0 amappl6 120 161 0 150 1 0 1 1 0 8 0 amappl5 112 122 0 110 1 0 1 1 0 8 0 amappl4 104 393 0 368 1 0 1 1 0 8 0 amappl3 96 3912 0 3881 1 0 1 1 0 8 0 amappl2 88 930 0 878 2 0 2 2 0 8 0 amappl1 80 10514 0 10100 11 0 11 11 0 8 0 amappl 88 3927 0 3873 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 643 0 629 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 643 0 629 1 0 1 1 0 8 0 vmmpekpl 168 7037 0 7020 1 0 1 1 0 8 0 vmmpepl 168 45505 0 44567 46 3 43 46 0 357 0 vmsppl 352 642 0 629 2 0 2 2 0 8 0 rwobjpl 24 22013 0 19883 14 0 14 14 0 8 0 pdppl 4096 1292 0 1258 48 14 34 40 0 8 0 pvpl 32 278205 0 274075 50 14 36 50 0 265 0 pmappl 216 642 0 629 1 0 1 1 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 299 0 59 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff82927b8e) at panic+0x165 __assert(ffffffff828e10c6,ffffffff828b33eb,bc,ffffffff82866e64) at __assert+0x29 unveil_destroy(ffff8000ffff4010) at unveil_destroy+0x174 exit1(ffff80002a604ab0,0,0,1) at exit1+0x3d6 sys_exit(ffff80002a604ab0,ffff80002a665760,ffff80002a6656b0) at sys_exit+0x1a syscall(ffff80002a665760) at syscall+0x538 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x740961809ac0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c panic(ffffffff82927b8e) at panic+0x165 __assert(ffffffff828e10c6,ffffffff828b33eb,bc,ffffffff82866e64) at __assert+0x29 unveil_destroy(ffff8000ffff4010) at unveil_destroy+0x174 exit1(ffff80002a604ab0,0,0,1) at exit1+0x3d6 sys_exit(ffff80002a604ab0,ffff80002a665760,ffff80002a6656b0) at sys_exit+0x1a syscall(ffff80002a665760) at syscall+0x538 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x740961809ac0, count: -8