login: panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/jobs/openbsd/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83119100) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830cd9c5,ffffffff8303bb6e,bc,ffffffff8304d710) at __assert+0x29 unveil_destroy(ffff8000ffffaae0) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a48af48,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a48af48,ffff80002a54bd40,ffff80002a54bc90) at sys_exit+0x1a syscall(ffff80002a54bd40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b0d5dfa6e10, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/jobs/openbsd/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83119100) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830cd9c5,ffffffff8303bb6e,bc,ffffffff8304d710) at __assert+0x29 unveil_destroy(ffff8000ffffaae0) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a48af48,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a48af48,ffff80002a54bd40,ffff80002a54bc90) at sys_exit+0x1a syscall(ffff80002a54bd40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b0d5dfa6e10, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a54ba90 rbx 0xffff8000ffffaae0 rdx 0x3fd rcx 0 rax 0x89 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8c1bfcedae19d3d4 r11 0xf03ad139a5bb61b5 r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff82e04c65 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a54ba80 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=488453 pid=67263 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a48af48 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80002a4a0f40,0xffffffff8352e268 process=0xffff8000ffffaae0 user=0xffff80002a546000, vmspace=0xfffffd806f61edc8 estcpu=36, cpticks=17, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2505 222648 97348 0 3 0x82 nanoslp syz-executor.0 97348 113107 69326 0 3 0x82 thrsleep syz-execprog 97348 515368 69326 0 3 0x4000082 thrsleep syz-execprog 97348 486680 69326 0 3 0x4000082 thrsleep syz-execprog 97348 58958 69326 0 3 0x4000082 thrsleep syz-execprog 97348 288532 69326 0 3 0x4000082 kqread syz-execprog 97348 188995 69326 0 3 0x4000082 thrsleep syz-execprog 97348 21544 69326 0 3 0x4000082 wait syz-execprog 97348 238611 69326 0 3 0x4000082 thrsleep syz-execprog 97348 53355 69326 0 3 0x4000082 thrsleep syz-execprog 69326 108683 80147 0 3 0x10008a sigsusp ksh 80147 259257 94241 0 3 0x98 kqread sshd-session 94241 510015 11551 0 3 0x92 kqread sshd-session 18217 147076 1 0 3 0x100083 ttyin getty 11551 129185 1 0 3 0x88 kqread sshd 46680 142206 92345 73 3 0x1100090 kqread syslogd 92345 12360 1 0 3 0x100082 sbwait syslogd 6312 446558 1 0 3 0x100080 kqread resolvd 47963 28 7140 77 3 0x100092 kqread dhcpleased 21066 435192 7140 77 3 0x100092 kqread dhcpleased 7140 423009 1 0 3 0x80 kqread dhcpleased 96467 137709 0 0 3 0x14200 bored smr 91378 419730 0 0 3 0x14200 pgzero zerothread 3993 457154 0 0 3 0x14200 aiodoned aiodoned 417 200314 0 0 3 0x14200 syncer update 82185 183994 0 0 3 0x14200 cleaner cleaner 54853 366640 0 0 3 0x14200 reaper reaper 37462 24229 0 0 3 0x14200 pgdaemon pagedaemon 31436 114111 0 0 3 0x14200 bored viomb 46411 111845 0 0 3 0x40014200 acpi0 acpi0 48929 420316 0 0 3 0x14200 bored softnet3 61030 247737 0 0 3 0x14200 bored softnet2 9722 151752 0 0 3 0x14200 bored softnet1 9755 122081 0 0 3 0x14200 bored softnet0 94781 523759 0 0 3 0x14200 bored systqmp 27004 32929 0 0 3 0x14200 bored systq 86406 328647 0 0 3 0x40014200 tmoslp softclock 59112 312861 0 0 3 0x40014200 idle0 1 256929 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10144 11023K 11052K 166960K 11225 0 pcb 17 12K 12K 166960K 17 0 rtable 80 2K 2K 166960K 172 0 pf 16 10K 10K 166960K 19 0 ifaddr 14 2K 2K 166960K 18 0 ifgroup 22 1K 1K 166960K 27 0 counters 23 16K 16K 166960K 24 0 ioctlops 0 0K 2K 166960K 23 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1260 79K 79K 166960K 1276 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 2 4K 12K 166960K 46 0 proc 61 75K 75K 166960K 343 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 22 1K 1K 166960K 33 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 318 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 154 14K 15K 166960K 3659 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 26 52K 104K 166960K 1193 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 6 0K 0K 166960K 9 0 temp 1 6860K 6924K 166960K 3878 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 25 0 22 1 0 1 1 0 8 0 rtentry 112 45 0 12 1 0 1 1 0 8 0 unpcb 144 67 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 1 1 0 1 0 8 0 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 88 6 0 2 1 0 1 1 0 8 0 inpcb 336 38 0 32 1 0 1 1 0 8 0 nd6 104 6 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 193 0 48 10 0 10 10 0 8 0 art_table 32 194 0 48 2 0 2 2 0 8 0 art_node 16 44 0 14 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1568 0 84 94 1 93 94 0 8 0 ffsino 240 1568 0 84 88 0 88 88 0 8 0 nchpl 144 1854 0 130 64 0 64 64 0 8 0 uvmvnodes 80 1577 0 0 33 0 33 33 0 8 0 vnodes 216 1577 0 0 88 0 88 88 0 8 0 namei 1024 6634 0 6634 3 2 1 2 0 8 1 kstatmem 264 10 0 2 1 0 1 1 0 8 0 scxspl 216 8447 0 8447 8 7 1 8 1 8 1 plimitpl 152 51 0 42 1 0 1 1 0 8 0 sigapl 424 409 0 377 5 1 4 5 0 8 0 futexpl 64 43 0 43 2 1 1 1 0 8 1 knotepl 120 7001 0 6964 2 0 2 2 0 8 0 kqueuepl 184 42 0 33 1 0 1 1 0 8 0 pipepl 288 156 0 149 1 0 1 1 0 8 0 fdescpl 432 393 0 378 4 2 2 4 0 8 0 filepl 120 1832 0 1764 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 27 0 18 1 0 1 1 0 8 0 pgrppl 48 27 0 18 1 0 1 1 0 8 0 ucredpl 104 111 0 100 1 0 1 1 0 8 0 zombiepl 144 381 0 380 2 1 1 1 0 8 0 processpl 1096 409 0 377 4 1 3 4 0 8 0 procpl 648 442 0 402 5 1 4 5 0 8 0 sockpl 504 130 0 106 4 1 3 4 0 8 0 mcl8k 8192 13 0 13 1 1 0 1 0 8 0 mcl4k 4096 11408 0 11352 17 9 8 16 0 8 0 mcl2k 2048 91 0 91 1 1 0 1 0 8 0 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 15581 0 15512 8 3 5 8 0 8 0 bufpl 280 4326 0 156 298 0 298 298 0 8 0 anonpl 24 326006 0 322493 50 16 34 50 0 187 0 amapchunkpl 152 14444 0 14102 25 8 17 25 0 158 0 amappl16 200 9746 0 9681 5 1 4 5 0 8 0 amappl15 192 24 0 24 1 1 0 1 0 8 0 amappl14 184 216 0 205 2 1 1 2 0 8 0 amappl13 176 25 0 25 1 1 0 1 0 8 0 amappl12 168 982 0 965 2 0 2 2 0 8 0 amappl11 160 73 0 63 1 0 1 1 0 8 0 amappl10 152 69 0 67 1 0 1 1 0 8 0 amappl9 144 349 0 347 1 0 1 1 0 8 0 amappl8 136 125 0 106 1 0 1 1 0 8 0 amappl7 128 198 0 183 2 0 2 2 0 8 0 amappl6 120 243 0 238 1 0 1 1 0 8 0 amappl5 112 160 0 152 1 0 1 1 0 8 0 amappl4 104 459 0 442 2 1 1 2 0 8 0 amappl3 96 4206 0 4157 2 0 2 2 0 8 0 amappl2 88 1166 0 1102 4 1 3 4 0 8 0 amappl1 80 13765 0 13289 27 16 11 22 0 8 0 amappl 88 2989 0 2898 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 393 0 377 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 393 0 377 1 0 1 1 0 8 0 vmmpekpl 168 10405 0 10384 2 0 2 2 0 8 0 vmmpepl 168 62550 0 61270 116 53 63 116 0 357 0 vmsppl 352 392 0 377 3 1 2 3 0 8 0 rwobjpl 24 30601 0 28258 20 1 19 20 0 8 0 pdppl 4096 792 0 754 102 64 38 62 0 8 0 pvpl 32 647490 0 639138 401 319 82 368 0 265 0 pmappl 216 392 0 377 2 1 1 2 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 339 0 85 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83119100) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830cd9c5,ffffffff8303bb6e,bc,ffffffff8304d710) at __assert+0x29 unveil_destroy(ffff8000ffffaae0) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a48af48,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a48af48,ffff80002a54bd40,ffff80002a54bc90) at sys_exit+0x1a syscall(ffff80002a54bd40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b0d5dfa6e10, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83119100) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff830cd9c5,ffffffff8303bb6e,bc,ffffffff8304d710) at __assert+0x29 unveil_destroy(ffff8000ffffaae0) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a48af48,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a48af48,ffff80002a54bd40,ffff80002a54bc90) at sys_exit+0x1a syscall(ffff80002a54bd40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b0d5dfa6e10, count: -8