witness: lock_object uninitialized: 0xffff800000f9f028 Starting stack trace... witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000f9f018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:95 [inline] unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:105 unveil_destroy(ffff80002e3df200) at unveil_destroy+0xad sys/kern/kern_unveil.c:186 exit1(ffff8000ffff3a48,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000ffff3a48,ffff80002e3f17a0,ffff80002e3f1800) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e3f1870) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3f1870) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: 249 End of stack trace. Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000f9f018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:95 [inline] unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:105 unveil_destroy(ffff80002e3df200) at unveil_destroy+0xad sys/kern/kern_unveil.c:186 exit1(ffff8000ffff3a48,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000ffff3a48,ffff80002e3f17a0,ffff80002e3f1800) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e3f1870) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3f1870) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002e3f1540 rbx 0x3 rdx 0 rcx 0 rax 0xffff8000ffff3a48 r8 0xffff80002e3f14e0 r9 0x8080808080808080 r10 0x8838f8f8eb2dc7b3 r11 0x558f4fdd5480f96f r12 0xffff800000f9f001 r13 0xffff800000f9f028 r14 0 r15 0 rip 0xffffffff8101f938 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e3f1530 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=110695 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2008,0xffff8000ffff3cf8 process=0xffff80002e3df200 user=0xffff80002e3ec000, vmspace=0xfffffd805b2565e0 estcpu=36, cpticks=11, pctcpu=0.4 user=0, sys=7, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3692 375780 10692 0 2 0 syz-executor.4 3692 91529 10692 0 3 0x4000080 fsleep syz-executor.4 3692 294492 10692 0 3 0x4000080 fsleep syz-executor.4 2836 128458 57716 0 2 0 syz-executor.2 2836 230766 57716 0 3 0x4000080 fsleep syz-executor.2 2836 125658 57716 0 3 0x4000080 fsleep syz-executor.2 41014 66092 71315 0 2 0 syz-executor.0 41014 274605 71315 0 3 0x4000080 fsleep syz-executor.0 84224 291311 89926 0 2 0 syz-executor.5 84224 509269 89926 0 3 0x4000080 fsleep syz-executor.5 84224 158611 89926 0 3 0x4000080 fsleep syz-executor.5 53734 287959 69075 0 2 0 syz-executor.6 53734 322650 69075 0 3 0x4000080 fsleep syz-executor.6 563 220601 26376 0 2 0x480 syz-executor.7 563 207007 26376 0 3 0x4000080 fsleep syz-executor.7 563 288483 26376 0 3 0x4000080 fsleep syz-executor.7 51573 504350 29918 0 2 0x480 syz-executor.3 51573 157945 29918 0 3 0x4000080 fsleep syz-executor.3 51573 464853 29918 0 3 0x4000080 fsleep syz-executor.3 10692 430894 39335 0 2 0x482 syz-executor.4 26376 1287 39335 0 2 0x482 syz-executor.7 69075 311655 39335 0 2 0x482 syz-executor.6 13811 223061 39335 0 2 0x482 syz-executor.1 71315 68839 39335 0 2 0x482 syz-executor.0 89926 307884 39335 0 2 0x482 syz-executor.5 29918 78288 39335 0 2 0x482 syz-executor.3 57716 373653 39335 0 2 0x482 syz-executor.2 65323 516789 0 0 3 0x14200 bored sosplice 39335 200347 16891 0 3 0x82 thrsleep syz-fuzzer 39335 219650 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 287363 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 233440 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 176535 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 232351 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 303355 16891 0 3 0x4000082 thrsleep syz-fuzzer 39335 257582 16891 0 3 0x4000082 kqread syz-fuzzer 39335 39778 16891 0 3 0x4000082 thrsleep syz-fuzzer 16891 420744 59173 0 3 0x10008a sigsusp ksh 59173 435546 44611 0 3 0x9a poll sshd 70746 255357 1 0 2 0x100083 getty 44611 357746 1 0 3 0x88 poll sshd 2370 198016 30891 74 3 0x100092 bpf pflogd 30891 519540 1 0 3 0x80 netio pflogd 49671 324115 97228 73 2 0x100090 syslogd 97228 322674 1 0 3 0x100082 netio syslogd 57043 411857 1 0 3 0x100080 kqread resolvd 97187 198964 16198 77 3 0x100092 kqread dhcpleased 31478 186968 16198 77 3 0x100092 kqread dhcpleased 16198 452098 1 0 3 0x80 kqread dhcpleased 83295 24014 0 0 3 0x14200 bored smr 45552 71964 0 0 2 0x14200 zerothread 8789 276675 0 0 3 0x14200 aiodoned aiodoned 8190 364035 0 0 3 0x14200 syncer update 88510 189678 0 0 3 0x14200 cleaner cleaner 48552 396687 0 0 2 0x14200 reaper 15577 250712 0 0 3 0x14200 pgdaemon pagedaemon 90744 517175 0 0 3 0x14200 bored viomb 10241 147218 0 0 3 0x40014200 acpi0 acpi0 75436 50351 0 0 7 0x40014200 idle1 28018 207801 0 0 3 0x14200 bored softnet 83168 493265 0 0 3 0x14200 bored systqmp 5738 340047 0 0 3 0x14200 bored systq 86107 474561 0 0 2 0x40014200 softclock 81416 208963 0 0 3 0x40014200 idle0 1 206665 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 2836 (syz-executor.2) thread 0xffff8000ffff3508 (128458) exclusive rwlock vmmaplk r = 0 (0xfffffd805cf51468) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvmfault_lookup+0xb9 sys/uvm/uvm_fault.c:1752 #4 uvm_fault_check+0x603 uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] #4 uvm_fault_check+0x603 sys/uvm/uvm_fault.c:712 #5 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #6 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #7 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #8 recall_trap+0x8 Process 48552 (reaper) thread 0xffff8000210f97a0 (396687) exclusive rwlock kmmaplk r = 0 (0xffffffff82a550b0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvm_unmap+0x78 sys/uvm/uvm_map.c:2068 #4 uvm_uarea_free+0x35 sys/uvm/uvm_glue.c:287 #5 reaper+0x158 sys/kern/kern_exit.c:451 #6 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10246 6649K 7484K 78643K 92193 0 pcb 13 20K 25K 78643K 7723 0 rtable 177 15K 17K 78643K 5246 0 ifaddr 86 24K 30K 78643K 2013 0 sysctl 2 0K 0K 78643K 6 0 counters 56 35K 36K 78643K 682 0 ioctlops 0 0K 8K 78643K 16147 0 iov 0 0K 32K 78643K 3493 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1567 98K 98K 78643K 41087 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 307 0 VM map 2 1K 1K 78643K 2 0 sem 18 28K 56K 78643K 638 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 89K 78643K 39342 0 sigio 0 0K 0K 78643K 235 0 proc 85 112K 124K 78643K 4175 0 subproc 104 6K 7K 78643K 1199 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2676 0 in_multi 65 4K 6K 78643K 2802 0 ether_multi 1 0K 0K 78643K 718 0 mrt 2 0K 0K 78643K 131 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 355 1579K 1579K 78643K 355 0 exec 0 0K 2K 78643K 6677 0 pfkey data 0 0K 0K 78643K 7 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 817 1792K 1806K 78643K 487002 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 4210 0 NDP 13 0K 2K 78643K 565 0 temp 146 4721K 8817K 78643K 298008 0 kqueue 10 14K 23K 78643K 1868 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1342 0 1339 13 12 1 3 0 8 0 rtentry 112 1514 0 1443 7 4 3 4 0 8 0 unpcb 136 18662 0 18645 209 208 1 10 0 8 0 syncache 296 130 0 130 31 31 0 1 0 8 0 tcpqe 32 73 0 73 15 15 0 1 0 8 0 tcpcb 736 15607 0 15603 582 581 1 17 0 8 0 arp 120 218 0 208 1 0 1 1 0 8 0 inpcb 304 41840 0 41833 737 736 1 21 0 8 0 rttmr 72 63 0 63 10 10 0 1 0 8 0 nd6 48 370 0 350 1 0 1 1 0 8 0 pkpcb 40 112 0 112 24 24 0 1 0 8 0 kcovpl 48 91 0 83 1 0 1 1 0 8 0 ppxss 1248 115 0 115 27 27 0 1 0 8 0 pffrag 232 184 0 184 21 21 0 1 0 482 0 pffrnode 88 183 0 183 21 21 0 1 0 8 0 pffrent 40 1494 0 1494 25 25 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 32 0 29 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 61 0 59 1 0 1 1 0 8 0 pfstkey 112 61 0 59 1 0 1 1 0 8 0 pfstate 320 61 0 59 2 1 1 2 0 8 0 pfrule 1360 355 0 264 9 1 8 8 0 8 0 art_heap8 4096 7 0 6 4 3 1 3 0 8 0 art_heap4 256 6532 0 6188 66 40 26 31 0 8 0 art_table 32 6539 0 6194 4 0 4 4 0 8 0 art_node 16 1464 0 1403 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 11 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 620 0 604 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 72460 0 70933 96 0 96 96 0 8 0 ffsino 272 72460 0 70933 102 0 102 102 0 8 0 nchpl 144 128965 0 127333 63 0 63 63 0 8 0 uvmvnodes 80 7692 0 0 157 0 157 157 0 8 0 vnodes 224 7692 0 0 453 0 453 453 0 8 0 namei 1024 494493 0 494493 11 10 1 2 0 8 1 percpumem 16 353 0 313 1 0 1 1 0 8 0 vcpupl 2048 234 0 2 29 0 29 29 0 8 0 vmpool 560 444 0 212 17 0 17 17 0 8 0 pfiaddrpl 120 15 0 9 1 0 1 1 0 8 0 scsiplug 72 16 0 16 4 4 0 1 0 8 0 scxspl 216 312983 0 312983 49 48 1 8 0 8 1 plimitpl 152 3630 0 3615 1 0 1 1 0 8 0 sigapl 424 39501 0 39455 8 2 6 8 0 8 0 futexpl 64 403090 0 403078 5 4 1 1 0 8 0 knotepl 112 325 0 0 4 0 4 4 0 8 0 kqueuepl 216 8114 0 8105 184 183 1 7 0 8 0 pipepl 336 8048 0 8020 255 252 3 10 0 8 0 fdescpl 496 39462 0 39432 7 3 4 5 0 8 0 filepl 152 358532 0 358286 672 661 11 24 0 8 0 lockfpl 104 10255 0 10252 22 21 1 2 0 8 0 lockfspl 48 2779 0 2776 1 0 1 1 0 8 0 sessionpl 144 107 0 90 1 0 1 1 0 8 0 pgrppl 48 497 0 480 1 0 1 1 0 8 0 ucredpl 96 111916 0 111899 1 0 1 1 0 8 0 zombiepl 144 39948 0 39947 3 2 1 1 0 8 0 processpl 1064 39501 0 39455 5 0 5 5 0 8 0 procpl 672 102688 0 102621 57 50 7 10 0 8 0 srpgc 96 109 0 109 38 38 0 1 0 8 0 sosppl 168 353 0 353 59 59 0 1 0 8 0 sockpl 480 61992 0 61965 1571 1567 4 36 0 8 0 mcl64k 65536 33 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 33 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 672 0 0 27 6 21 26 0 8 0 mtagpl 96 3047 0 0 31 0 31 31 0 8 0 mbufpl 256 9544 0 0 567 0 567 567 0 8 0 bufpl 288 61895 0 54201 550 0 550 550 0 8 0 anonpl 24 10818010 0 10793637 604 443 161 224 0 186 0 amapchunkpl 152 1223806 0 1222831 310 272 38 66 0 158 0 amappl16 200 96825 0 95859 271 217 54 70 0 8 0 amappl15 192 10966 0 10957 1 0 1 1 0 8 0 amappl14 184 11379 0 11365 1 0 1 1 0 8 0 amappl13 176 4184 0 4183 1 0 1 1 0 8 0 amappl12 168 3356 0 3342 1 0 1 1 0 8 0 amappl11 160 9587 0 9571 1 0 1 1 0 8 0 amappl10 152 1512 0 1502 1 0 1 1 0 8 0 amappl9 144 3736 0 3730 1 0 1 1 0 8 0 amappl8 136 5796 0 5578 8 0 8 8 0 8 0 amappl7 128 3037 0 3025 1 0 1 1 0 8 0 amappl6 120 3742 0 3707 3 1 2 2 0 8 0 amappl5 112 28630 0 28611 1 0 1 1 0 8 0 amappl4 104 24317 0 24268 2 0 2 2 0 8 0 amappl3 96 6094 0 6076 1 0 1 1 0 8 0 amappl2 88 7733 0 7666 3 1 2 3 0 8 0 amappl1 80 702563 0 701926 35 21 14 19 0 8 1 amappl 88 484172 0 483738 12 2 10 10 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 39906 0 39643 4 2 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 39906 0 39643 4 2 2 2 0 8 0 vmmpekpl 168 268979 0 268899 4 0 4 4 0 8 0 vmmpepl 168 3540679 0 3536952 886 718 168 198 0 357 0 vmsppl 368 39905 0 39643 29 5 24 24 0 8 0 rwobjpl 56 829196 0 819040 187 42 145 146 0 8 0 pdppl 4096 79819 0 79518 2066 1765 301 301 0 8 0 pvpl 32 18221356 0 18195129 1162 934 228 348 0 265 0 pmappl 248 39905 0 39643 19 2 17 17 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 4412 0 2666 51 1 50 50 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000f9f028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000f9f018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:95 [inline] unveil_delete_names(ffff800000f9f000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:105 unveil_destroy(ffff80002e3df200) at unveil_destroy+0xad sys/kern/kern_unveil.c:186 exit1(ffff8000ffff3a48,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000ffff3a48,ffff80002e3f17a0,ffff80002e3f1800) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e3f1870) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3f1870) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5