witness: lock_object uninitialized: 0xffff800001310028 Starting stack trace... witness_checkorder(ffff800001310028,9,0) at witness_checkorder+0x1af witness_debugger sys/kern/subr_witness.c:2522 [inline] witness_checkorder(ffff800001310028,9,0) at witness_checkorder+0x1af sys/kern/subr_witness.c:779 rw_enter_write(ffff800001310018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001310000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroyStopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001310028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff800001310018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001310000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff8000371fdb30) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff80002a06e7b8,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a06e7b8,ffff80002a1003b0,ffff80002a100300) at sys_exit+0x1a syscall(ffff80002a1003b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a1003b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f12c1c69110, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a100080 rbx 0 rdx 0 rcx 0xffff80002a06e7b8 rax 0xffffffff8349fff0 cpu_info_full_primary+0x1ff0 r8 0xffff80002a100020 r9 0x8080808080808080 r10 0x2774357774d4b8e0 r11 0xf1528669ac9ad509 r12 0 r13 0x1 r14 0xffff800001310028 r15 0x3 rip 0xffffffff81610e15 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a100070 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=495507 pid=95043 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a06e7b8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff8000371b3468,0xffff80002a06ecd8 process=0xffff8000371fdb30 user=0xffff80002a0fb000, vmspace=0xfffffd806c2288d8 estcpu=36, cpticks=11, pctcpu=0.0, user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27232 322897 30732 0 2 0 syz-executor 27232 483368 30732 0 3 0x4000080 fsleep syz-executor 96437 176299 16180 0 2 0 syz-executor 96437 3077 16180 0 3 0x4000080 fsleep syz-executor 96437 73811 16180 0 3 0x4000080 fsleep syz-executor 76924 66590 78422 0 2 0 syz-executor 76924 373929 78422 0 2 0x4000000 syz-executor 63762 284243 21450 0 2 0 syz-executor 63762 299726 21450 0 2 0x4000000 syz-executor 63762 210473 21450 0 3 0x4000080 fsleep syz-executor 63762 87670 21450 0 2 0x4000000 syz-executor 1822 181204 18658 0 2 0 syz-executor 1822 340577 18658 0 2 0x4000000 syz-executor 1822 159580 18658 0 3 0x4000080 fsleep syz-executor 1822 263575 18658 0 3 0x4000080 fsleep syz-executor 33184 317389 1 0 3 0x100083 ttyin getty 78422 453195 57704 0 2 0x482 syz-executor 98608 167093 57704 0 2 0x2 syz-executor 30732 235185 57704 0 2 0x482 syz-executor 21450 374131 57704 0 2 0x482 syz-executor 76875 272392 57704 0 2 0x2 syz-executor 36172 459186 0 0 3 0x14200 bored sosplice 18658 272244 57704 0 2 0x482 syz-executor 3052 12656 57704 0 2 0x482 syz-executor 16180 66340 57704 0 2 0x482 syz-executor 57704 472725 3373 0 3 0x82 kqread syz-executor 3373 46035 28691 0 3 0x10008a sigsusp ksh 28691 484766 16876 0 3 0x98 kqread sshd-session 16876 506399 62613 0 3 0x92 kqread sshd-session 62613 236230 1 0 3 0x88 kqread sshd 60041 155962 24599 74 3 0x1100092 bpf pflogd 24599 452194 1 0 3 0x80 sbwait pflogd 97392 419628 17445 73 2 0x1100090 syslogd 17445 144630 1 0 3 0x100082 sbwait syslogd 53469 299589 1 0 3 0x100080 kqread resolvd 97705 459380 39155 77 3 0x100092 kqread dhcpleased 88155 135570 39155 77 3 0x100092 kqread dhcpleased 39155 482841 1 0 3 0x80 kqread dhcpleased 61475 199306 0 0 3 0x14200 bored smr 46436 6175 0 0 2 0x14200 zerothread 74415 478744 0 0 3 0x14200 aiodoned aiodoned 33743 102703 0 0 3 0x14200 syncer update 22864 498233 0 0 3 0x14200 cleaner cleaner 31214 413338 0 0 3 0x14200 reaper reaper 99315 425420 0 0 3 0x14200 pgdaemon pagedaemon 67805 36263 0 0 3 0x14200 bored viomb 46551 407478 0 0 3 0x40014200 acpi0 acpi0 67953 311612 0 0 7 0x40014200 idle1 39952 470397 0 0 3 0x14200 bored softnet3 4440 442500 0 0 3 0x14200 bored softnet2 19073 221827 0 0 3 0x14200 bored softnet1 29885 204097 0 0 3 0x14200 bored softnet0 88169 6066 0 0 3 0x14200 bored systqmp 72693 301206 0 0 3 0x14200 bored systq 64988 67691 0 0 3 0x14200 tmoslp softclockmp 36569 71450 0 0 2 0x40014200 softclock 55877 70289 0 0 3 0x40014200 idle0 1 165633 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 1822 (syz-executor) thread 0xffff80002a06e020 (340577) exclusive rwlock vmmaplk r = 0 (0xfffffd806c228f10) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5255 #2 uvm_map+0x400 sys/uvm/uvm_map.c:1021 #3 uvm_mmapfile+0x40b sys/uvm/uvm_mmap.c:1129 #4 sys_mmap+0xeae sys/uvm/uvm_mmap.c:391 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 98608 (syz-executor) thread 0xffff80002a06ef50 (167093) exclusive rwlock vmmaplk r = 0 (0xfffffd806c2282d0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5255 #2 uvmspace_fork+0x12b sys/uvm/uvm_map.c:3820 #3 process_new+0x553 sys/kern/kern_fork.c:279 #4 fork1+0x3ea sys/kern/kern_fork.c:405 #5 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #5 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 exclusive rwlock vmmaplk r = 0 (0xfffffd806bf532d8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5255 #2 uvmspace_fork+0x44 sys/uvm/uvm_map.c:3811 #3 process_new+0x553 sys/kern/kern_fork.c:279 #4 fork1+0x3ea sys/kern/kern_fork.c:405 #5 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #5 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 76875 (syz-executor) thread 0xffff80002a06f460 (272392) exclusive rrwlock inode r = 0 (0xfffffd806bd09a30) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:169 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806bd094e0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3084 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10195 11122K 15340K 166960K 15665 0 pcb 18 16K 18K 166960K 642 0 rtable 190 6K 7K 166960K 1050 0 pf 39 18K 27K 166960K 235 0 ifaddr 37 6K 8K 166960K 130 0 ifgroup 56 2K 2K 166960K 181 0 sysctl 3 0K 1K 166960K 9 0 counters 64 36K 37K 166960K 150 0 ioctlops 0 0K 4K 166960K 1811 0 iov 0 0K 20K 166960K 199 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1516 95K 96K 166960K 3363 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 48 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 167 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 89K 166960K 2561 0 sigio 0 0K 0K 166960K 141 0 proc 78 115K 116K 166960K 969 0 subproc 104 6K 6K 166960K 169 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 513 0 in_multi 78 5K 7K 166960K 294 0 ether_multi 1 0K 0K 166960K 21 0 mrt 2 0K 0K 166960K 14 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 858 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 243 73K 87K 166960K 26000 0 UVM aobj 103 7K 7K 166960K 115 0 pinsyscall 42 84K 102K 166960K 3776 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 103 0 NDP 12 0K 2K 166960K 97 0 temp 148 6829K 6956K 166960K 95075 0 kqueue 13 20K 29K 166960K 406 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 205 0 202 1 0 1 1 0 8 0 rtentry 112 350 0 267 4 0 4 4 0 8 0 unpcb 144 2141 0 2124 21 20 1 6 0 8 0 syncache 336 4 0 4 3 3 0 1 0 8 0 tcpcb 808 560 0 556 6 5 1 2 0 8 0 arp 120 57 0 44 1 0 1 1 0 8 0 inpcb 336 2646 0 2638 24 22 2 9 0 8 1 nd6 136 55 0 32 2 0 2 2 0 8 0 pkpcb 40 11 0 11 7 6 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 ppxss 1168 26 0 26 9 8 1 1 0 8 1 pfstscr 40 4 0 4 3 3 0 1 0 8 0 pffrag 232 13 0 11 1 0 1 1 0 482 0 pffrnode 88 12 0 10 1 0 1 1 0 8 0 pffrent 40 33 0 31 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 5 0 1 2 1 1 1 0 8 0 pfstitem 24 208 0 146 1 0 1 1 0 8 0 pfstkey 128 339 0 277 4 0 4 4 0 8 0 pfstate 376 269 0 210 11 1 10 11 0 8 0 pfrule 1344 31 0 23 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 1192 0 776 36 6 30 32 0 8 1 art_table 32 1195 0 776 5 1 4 5 0 8 0 art_node 16 277 0 203 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 11 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 164 0 154 1 0 1 1 0 8 0 shmpl 112 112 0 12 3 0 3 3 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 5704 0 4190 95 0 95 95 0 8 0 ffsino 272 5704 0 4190 102 0 102 102 0 8 0 nchpl 144 9293 0 7603 64 0 64 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 33042 0 33040 3 2 1 1 0 8 0 percpumem 16 89 0 43 1 0 1 1 0 8 0 kstatmem 264 110 0 86 5 3 2 3 0 8 0 scsiplug 72 13 0 13 5 5 0 1 0 8 0 scxspl 216 29865 0 29865 16 15 1 8 1 8 1 plimitpl 152 325 0 307 1 0 1 1 0 8 0 sigapl 424 2878 0 2828 9 1 8 9 0 8 0 futexpl 64 37759 0 37753 1 0 1 1 0 8 0 knotepl 120 613 0 0 18 0 18 18 0 8 0 kqueuepl 216 801 0 791 10 9 1 5 0 8 0 pipepl 320 491 0 464 13 10 3 8 0 8 0 fdescpl 496 2835 0 2805 5 0 5 5 0 8 0 filepl 152 18510 0 18262 29 17 12 17 0 8 0 lockfpl 104 982 0 978 2 1 1 2 0 8 0 lockfspl 48 413 0 409 1 0 1 1 0 8 0 sessionpl 144 30 0 21 1 0 1 1 0 8 0 pgrppl 48 82 0 65 1 0 1 1 0 8 0 ucredpl 104 3564 0 3550 1 0 1 1 0 8 0 zombiepl 144 3274 0 3273 3 2 1 1 0 8 0 processpl 1160 2878 0 2828 6 0 6 6 0 8 0 procpl 648 6999 0 6939 9 2 7 8 0 8 0 srpgc 96 10 0 10 4 3 1 1 0 8 1 sosppl 168 21 0 21 6 6 0 1 0 8 0 sockpl 664 5113 0 5085 45 41 4 14 0 8 0 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 138 0 0 18 0 18 18 0 8 0 mcl2k 2048 85 0 0 10 2 8 10 0 8 0 mtagpl 96 110 0 0 3 0 3 3 0 8 0 mbufpl 256 462 0 0 30 1 29 30 0 8 0 bufpl 280 11228 0 5053 442 0 442 442 0 8 0 anonpl 24 442442 0 438043 129 88 41 72 0 185 0 amapchunkpl 152 86618 0 86057 59 34 25 32 0 158 1 amappl16 200 11107 0 11071 66 59 7 24 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 143 0 130 1 0 1 1 0 8 0 amappl13 176 54 0 54 1 1 0 1 0 8 0 amappl12 168 3558 0 3528 3 1 2 2 0 8 0 amappl11 160 62 0 47 1 0 1 1 0 8 0 amappl10 152 55 0 55 1 1 0 1 0 8 0 amappl9 144 172 0 171 1 0 1 1 0 8 0 amappl8 136 33 0 30 1 0 1 1 0 8 0 amappl7 128 127 0 114 1 0 1 1 0 8 0 amappl6 120 281 0 279 1 0 1 1 0 8 0 amappl5 112 163 0 151 1 0 1 1 0 8 0 amappl4 104 337 0 318 1 0 1 1 0 8 0 amappl3 96 15691 0 15593 4 0 4 4 0 8 0 amappl2 88 3148 0 3063 3 0 3 3 0 8 0 amappl1 80 15413 0 14849 15 1 14 14 0 8 0 amappl 88 25373 0 25192 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 3 0 3 3 3 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 5 5 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 114 0 12 2 0 2 2 0 8 0 uaddrrnd 24 2835 0 2804 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2835 0 2804 1 0 1 1 0 8 0 vmmpekpl 168 23502 0 23450 3 0 3 3 0 8 0 vmmpepl 168 179447 0 177585 136 47 89 103 0 357 0 vmsppl 448 2834 0 2804 6 2 4 5 0 8 0 rwobjpl 56 53845 0 46861 110 10 100 103 0 8 0 pdppl 4096 5677 0 5608 133 62 71 83 0 8 2 pvpl 32 18168 0 0 146 0 146 146 0 265 0 pmappl 248 2834 0 2804 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 491 0 119 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001310028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff800001310018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001310000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff8000371fdb30) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff80002a06e7b8,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a06e7b8,ffff80002a1003b0,ffff80002a100300) at sys_exit+0x1a syscall(ffff80002a1003b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a1003b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f12c1c69110, count: -9 ddb{0}> machine ddbcpu 1 (ffff8000371fdb30) at unveil_destSroy+0xbd exit1(ffff80002a06e7b8,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exitt(ffff80002a06e7bo8,ffff80002a100p3b0,ffff80002a10p0300) at sys_exit+0x1a syscall(edffff80002a1003b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(edffff80002a1003b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() aatt Xsyscall+0x128 end of kernel end trace frame: 0x7f12c1c69110 , count: 249 End of stack trace . x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -5