witness: lock_object uninitialized: 0xffff8000013ce028 Starting stack trace... witness_checkorder(ffff8000013ce028,9,0) at witness_checkorder+0x1af witness_debugger sys/kern/subr_witness.c:2522 [inline] witness_checkorder(ffff8000013ce028,9,0) at witness_checkorder+0x1af sys/kern/subr_witness.c:779 rw_enter_write(ffff8000013ce018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff8000013ce000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff800037270da0) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff5c00,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff5c00,ffff8000371ef2b0,ffff8000371ef200) at sys_exit+0x1a syscall(ffff8000371ef2b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000371ef2b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76338d7f75a0, count: 249 End of stack trace. Stopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff8000013ce028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff8000013ce018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff8000013ce000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff800037270da0) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff5c00,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff5c00,ffff8000371ef2b0,ffff8000371ef200) at sys_exit+0x1a syscall(ffff8000371ef2b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000371ef2b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76338d7f75a0, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000371eef80 rbx 0 rdx 0 rcx 0xffff8000ffff5c00 rax 0xffffffff834ffff0 cpu_info_full_primary+0x1ff0 r8 0xffff8000371eef20 r9 0x8080808080808080 r10 0x777ce6a264673f9d r11 0x3fec3a600f842ab1 r12 0 r13 0x1 r14 0xffff8000013ce028 r15 0x3 rip 0xffffffff82b713d5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000371eef70 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=37112 pid=53329 tcnt=0 stat=onproc flags process=1018 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff8000ffff5c00 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003721a2c8,0xffff80003721acf8 process=0xffff800037270da0 user=0xffff8000371ea000, vmspace=0xfffffd806beb7aa0 estcpu=36, cpticks=27, pctcpu=0.0, user=0, sys=9, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 45197 344025 36751 0 7 0 syz-executor 63933 510969 37681 0 3 0 futex syz-executor 63933 282170 37681 0 3 0x4000080 fsleep syz-executor 75421 167724 38009 0 3 0 futex syz-executor 75421 55436 38009 0 2 0x4000000 syz-executor 8473 189632 67157 0 3 0 futex syz-executor 8473 403816 67157 0 3 0x4000080 fsleep syz-executor 8473 189260 67157 0 3 0x4000080 fsleep syz-executor 75744 82066 40968 0 3 0 futex syz-executor 75744 95975 40968 0 3 0x4000080 fifor syz-executor 75744 488085 40968 0 3 0x4000000 futex syz-executor 54770 86923 0 0 3 0x14280 nfsidl nfsio 24799 371094 0 0 3 0x14280 nfsidl nfsio 8304 257691 0 0 3 0x14280 nfsidl nfsio 10204 399867 0 0 3 0x14280 nfsidl nfsio 46559 363175 0 0 3 0x14280 nfsidl nfsio 48881 182815 0 0 3 0x14280 nfsidl nfsio 91821 357613 0 0 3 0x14280 nfsidl nfsio 95831 391425 0 0 3 0x14280 nfsidl nfsio 89266 76365 0 0 3 0x14280 nfsidl nfsio 42133 96832 0 0 3 0x14280 nfsidl nfsio 1265 74436 0 0 3 0x14280 nfsidl nfsio 89864 331204 0 0 3 0x14280 nfsidl nfsio 57732 436255 0 0 3 0x14280 nfsidl nfsio 12061 168395 0 0 3 0x14280 nfsidl nfsio 76900 466991 0 0 3 0x14280 nfsidl nfsio 31546 340640 0 0 3 0x14280 nfsidl nfsio 58210 404149 0 0 3 0x14280 nfsidl nfsio 24522 198170 0 0 3 0x14280 nfsidl nfsio 29179 464355 0 0 3 0x14280 nfsidl nfsio 68997 71317 0 0 3 0x14280 nfsidl nfsio 88045 55853 0 0 3 0x14200 acct acct 50495 286874 0 0 3 0x14200 bored sosplice 3474 366696 81803 0 2 0x482 syz-executor 35908 75496 81803 0 2 0x482 syz-executor 36751 91947 81803 0 2 0x482 syz-executor 37057 267307 81803 0 2 0x482 syz-executor 40968 267496 81803 0 2 0x482 syz-executor 37681 212067 81803 0 2 0x482 syz-executor 67157 372960 81803 0 2 0x482 syz-executor 38009 66768 81803 0 2 0x482 syz-executor 81803 254168 42364 0 3 0x82 kqread syz-executor 42364 173441 78058 0 3 0x10008a sigsusp ksh 78058 214144 6454 0 3 0x98 kqread sshd-session 6454 256127 70009 0 3 0x92 kqread sshd-session 12604 307550 1 0 2 0x100083 getty 70009 424243 1 0 3 0x88 kqread sshd 1049 139171 79226 74 3 0x1100092 bpf pflogd 79226 171375 1 0 3 0x80 sbwait pflogd 12706 510145 85500 73 2 0x1100090 syslogd 85500 230278 1 0 3 0x100082 sbwait syslogd 59620 1106 1 0 3 0x100080 kqread resolvd 42876 229085 76817 77 3 0x100092 kqread dhcpleased 62210 487258 76817 77 3 0x100092 kqread dhcpleased 76817 509226 1 0 3 0x80 kqread dhcpleased 65145 254742 0 0 2 0x14200 smr 11397 303276 0 0 3 0x14200 pgzero zerothread 40887 407735 0 0 3 0x14200 aiodoned aiodoned 92127 6679 0 0 3 0x14200 syncer update 60550 380341 0 0 3 0x14200 cleaner cleaner 92634 65109 0 0 3 0x14200 reaper reaper 79228 395980 0 0 3 0x14200 pgdaemon pagedaemon 86038 104488 0 0 3 0x14200 bored viomb 77957 490632 0 0 3 0x40014200 acpi0 acpi0 37844 396940 0 0 3 0x40014200 idle1 26154 133422 0 0 3 0x14200 bored softnet3 52783 72879 0 0 3 0x14200 bored softnet2 48203 392274 0 0 3 0x14200 bored softnet1 9892 197590 0 0 2 0x14200 softnet0 57276 58313 0 0 3 0x14200 bored systqmp 92777 139173 0 0 3 0x14200 bored systq 4165 451573 0 0 3 0x14200 tmoslp softclockmp 46688 424762 0 0 2 0x40014200 softclock 71269 131318 0 0 3 0x40014200 idle0 1 387134 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 75421 (syz-executor) thread 0xffff8000ffff4538 (55436) exclusive rwlock futex r = 0 (0xffffffff834f50d0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 sys_futex+0x69 sys/kern/sys_futex.c:98 #2 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline] #2 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #3 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 11275K 11533K 166960K 12397 0 pcb 18 12K 12K 166960K 127 0 rtable 193 5K 6K 166960K 437 0 pf 33 17K 18K 166960K 63 0 ifaddr 37 6K 7K 166960K 61 0 ifgroup 51 2K 2K 166960K 79 0 sysctl 1 0K 0K 166960K 1 0 counters 62 36K 36K 166960K 76 0 ioctlops 0 0K 4K 166960K 1540 0 iov 0 0K 28K 166960K 53 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1490 94K 94K 166960K 2047 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 16 5K 5K 166960K 34 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 97K 166960K 800 0 sigio 0 0K 0K 166960K 11 0 proc 79 115K 140K 166960K 597 0 subproc 105 6K 6K 166960K 105 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 77 0 in_multi 80 6K 7K 166960K 143 0 ether_multi 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 502 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 252 73K 77K 166960K 9358 0 UVM aobj 31 3K 3K 166960K 33 0 pinsyscall 43 86K 110K 166960K 1914 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 38 0 NDP 11 0K 2K 166960K 39 0 temp 76 6828K 6908K 166960K 32432 0 kqueue 13 20K 28K 166960K 140 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 150 0 147 3 2 1 3 0 8 0 rtentry 112 136 0 48 4 0 4 4 0 8 0 unpcb 144 616 0 597 5 4 1 5 0 8 0 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpqe 32 3 0 3 1 1 0 1 0 8 0 tcpcb 808 266 0 260 10 6 4 7 0 8 3 arp 120 19 0 2 1 0 1 1 0 8 0 inpcb 336 978 0 967 12 8 4 7 0 8 2 nd6 136 31 0 9 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1168 2 0 2 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 3 0 1 1 0 1 1 0 482 0 pffrnode 88 3 0 1 1 0 1 1 0 8 0 pffrent 40 7 0 5 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 59 0 16 1 0 1 1 0 8 0 pfstkey 128 63 0 20 2 0 2 2 0 8 0 pfstate 376 61 0 18 5 0 5 5 0 8 0 pfrule 1344 22 0 16 2 0 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 633 0 276 29 4 25 29 0 8 0 art_table 32 635 0 276 4 0 4 4 0 8 0 art_node 16 132 0 53 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 8 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 29 0 15 1 0 1 1 0 8 0 shmpl 112 30 0 2 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 2746 0 1242 95 0 95 95 0 8 0 ffsino 272 2746 0 1242 102 1 101 102 0 8 0 nchpl 144 3925 0 2233 63 0 63 63 0 8 0 uvmvnodes 80 3347 0 0 69 0 69 69 0 8 0 vnodes 216 3347 0 0 186 0 186 186 0 8 0 namei 1024 13223 0 13223 3 2 1 2 0 8 1 percpumem 16 52 0 7 1 0 1 1 0 8 0 kstatmem 264 36 0 14 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 15019 0 15019 11 10 1 8 1 8 1 plimitpl 152 264 0 247 1 0 1 1 0 8 0 sigapl 424 1133 0 1061 11 2 9 9 0 8 0 futexpl 64 10971 0 10967 1 0 1 1 0 8 0 knotepl 120 583 0 0 18 0 18 18 0 8 0 kqueuepl 216 280 0 270 5 4 1 5 0 8 0 pipepl 320 190 0 163 6 0 6 6 0 8 3 fdescpl 496 1092 0 1061 6 1 5 6 0 8 0 filepl 152 6846 0 6593 20 4 16 16 0 8 4 lockfpl 104 395 0 393 2 1 1 2 0 8 0 lockfspl 48 102 0 100 1 0 1 1 0 8 0 sessionpl 144 25 0 16 1 0 1 1 0 8 0 pgrppl 48 62 0 45 1 0 1 1 0 8 0 ucredpl 104 1110 0 1096 1 0 1 1 0 8 0 zombiepl 144 1123 0 1120 1 0 1 1 0 8 0 processpl 1160 1133 0 1061 7 1 6 6 0 8 0 procpl 648 2301 0 2223 9 1 8 8 0 8 0 srpgc 96 8 0 8 2 2 0 1 0 8 0 sosppl 168 7 0 7 1 0 1 1 0 8 1 sockpl 664 1758 0 1725 14 8 6 12 0 8 2 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 128 0 0 16 0 16 16 0 8 0 mcl2k 2048 25 0 0 4 0 4 4 0 8 0 mtagpl 96 15 0 0 1 0 1 1 0 8 0 mbufpl 256 242 0 0 15 0 15 15 0 8 0 bufpl 280 5800 0 101 408 0 408 408 0 8 0 anonpl 24 225884 0 221400 55 3 52 52 0 185 18 amapchunkpl 152 30322 0 29729 32 7 25 32 0 158 0 amappl16 200 6054 0 6019 29 17 12 15 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 126 0 114 1 0 1 1 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 1758 0 1726 4 1 3 3 0 8 0 amappl11 160 93 0 78 1 0 1 1 0 8 0 amappl10 152 20 0 20 1 1 0 1 0 8 0 amappl9 144 161 0 161 1 1 0 1 0 8 0 amappl8 136 19 0 15 1 0 1 1 0 8 0 amappl7 128 117 0 104 1 0 1 1 0 8 0 amappl6 120 170 0 168 1 0 1 1 0 8 0 amappl5 112 153 0 141 1 0 1 1 0 8 0 amappl4 104 327 0 308 1 0 1 1 0 8 0 amappl3 96 5680 0 5577 3 0 3 3 0 8 0 amappl2 88 1400 0 1315 3 0 3 3 0 8 0 amappl1 80 10410 0 9838 16 2 14 15 0 8 0 amappl 88 8907 0 8716 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 32 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1092 0 1060 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1092 0 1060 1 0 1 1 0 8 0 vmmpekpl 168 10240 0 10205 2 0 2 2 0 8 0 vmmpepl 168 75832 0 73899 97 1 96 96 0 357 8 vmsppl 448 1091 0 1060 6 2 4 5 0 8 0 rwobjpl 56 27939 0 23603 62 0 62 62 0 8 0 pdppl 4096 2191 0 2120 110 39 71 87 0 8 0 pvpl 32 16086 0 0 131 1 130 130 0 265 0 pmappl 248 1091 0 1060 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 418 0 68 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff8000013ce028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff8000013ce018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff8000013ce000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff800037270da0) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff5c00,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff5c00,ffff8000371ef2b0,ffff8000371ef200) at sys_exit+0x1a syscall(ffff8000371ef2b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000371ef2b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76338d7f75a0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8363b2e0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8363b2e0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80003599a2d0) at syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80003599a2d0) at syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x75389262d3e0, count: -6