witness: lock_object uninitialized: 0xffff800000c7d028 Starting stack trace... witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000c7d018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000211e6dc8) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212362a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212362a0,ffff800027bb3880,ffff800027bb38e0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027bb3950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027bb3950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: 249 End of stack trace. Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000c7d018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000211e6dc8) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212362a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212362a0,ffff800027bb3880,ffff800027bb38e0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027bb3950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027bb3950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9 ddb{1}> show registers rdi 0 rsi 0x4000000000000000 rbp 0xffff800027bb3620 rbx 0x3 rdx 0 rcx 0 rax 0xffff8000212362a0 r8 0xffff800027bb35c0 r9 0x8080808080808080 r10 0xffff800027bb3510 r11 0x2c90377953978e6 r12 0xffff800000c7d001 r13 0xffff800000c7d028 r14 0 r15 0 rip 0xffffffff81410c88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027bb3610 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.3) pid=119876 stat=onproc flags process=1018 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021237ce0,0xffff8000248eb270 process=0xffff8000211e6dc8 user=0xffff800027bae000, vmspace=0xfffffd8063669470 estcpu=36, cpticks=19, pctcpu=0.0 user=0, sys=8, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 70763 133369 3773 0 7 0 syz-executor.0 70763 125456 3773 0 2 0x4000000 syz-executor.0 58742 509516 61703 0 3 0x80 nanoslp syz-executor.2 58742 36421 61703 0 3 0x4000080 bell syz-executor.2 58742 385332 61703 0 3 0x4000080 fsleep syz-executor.2 58742 230117 61703 0 3 0x4000080 fsleep syz-executor.2 42642 5511 0 0 3 0x14280 nfsidl nfsio 76548 166983 0 0 3 0x14280 nfsidl nfsio 3236 453967 0 0 3 0x14280 nfsidl nfsio 36610 311121 0 0 3 0x14280 nfsidl nfsio 61605 87989 0 0 3 0x14280 nfsidl nfsio 69559 333891 0 0 3 0x14280 nfsidl nfsio 9206 404232 0 0 3 0x14280 nfsidl nfsio 21359 192833 0 0 3 0x14280 nfsidl nfsio 67391 4634 0 0 3 0x14280 nfsidl nfsio 57465 29792 0 0 3 0x14280 nfsidl nfsio 38884 229497 0 0 3 0x14280 nfsidl nfsio 25222 250572 0 0 3 0x14280 nfsidl nfsio 2983 18245 0 0 3 0x14280 nfsidl nfsio 86290 328769 0 0 3 0x14280 nfsidl nfsio 18245 516756 0 0 3 0x14280 nfsidl nfsio 55148 449365 0 0 3 0x14280 nfsidl nfsio 5709 380240 0 0 3 0x14280 nfsidl nfsio 71831 180704 0 0 3 0x14280 nfsidl nfsio 99002 260108 0 0 3 0x14280 nfsidl nfsio 89371 258876 0 0 3 0x14280 nfsidl nfsio 3773 51810 92287 0 3 0x82 nanoslp syz-executor.0 44581 29197 92287 0 2 0x2 syz-executor.1 61703 103203 92287 0 3 0x82 nanoslp syz-executor.2 22827 359969 0 0 3 0x14200 acct acct 47428 220819 92287 0 3 0x82 nanoslp syz-executor.3 60084 71511 1 0 3 0x100083 ttyopn getty 66995 1027 0 0 3 0x14200 bored sosplice 92287 276973 20165 0 3 0x82 thrsleep syz-fuzzer 92287 292184 20165 0 3 0x4000082 thrsleep syz-fuzzer 92287 491876 20165 0 3 0x4000082 kqread syz-fuzzer 92287 99923 20165 0 3 0x4000082 thrsleep syz-fuzzer 92287 209982 20165 0 3 0x4000082 thrsleep syz-fuzzer 92287 6290 20165 0 3 0x4000082 thrsleep syz-fuzzer 92287 471307 20165 0 3 0x4000082 thrsleep syz-fuzzer 92287 520379 20165 0 3 0x4000082 thrsleep syz-fuzzer 20165 47544 16239 0 3 0x10008a sigsusp ksh 16239 178357 1697 0 3 0x9a poll sshd 1697 28283 1 0 3 0x88 poll sshd 86835 369651 61252 74 3 0x100092 bpf pflogd 61252 411023 1 0 3 0x80 netio pflogd 3794 244792 75541 73 3 0x100090 kqread syslogd 75541 470361 1 0 3 0x100082 netio syslogd 27112 372135 1 0 3 0x100080 kqread resolvd 36200 395875 74292 77 3 0x100092 kqread dhcpleased 59254 471945 74292 77 3 0x100092 kqread dhcpleased 74292 15133 1 0 3 0x80 kqread dhcpleased 55452 77478 0 0 3 0x14200 bored smr 14178 355360 0 0 2 0x14200 zerothread 54608 505715 0 0 3 0x14200 aiodoned aiodoned 69747 342175 0 0 3 0x14200 syncer update 90573 404931 0 0 3 0x14200 cleaner cleaner 50272 405219 0 0 2 0x14200 reaper 90769 272558 0 0 3 0x14200 pgdaemon pagedaemon 40431 187208 0 0 3 0x14200 bored viomb 691 33158 0 0 3 0x40014200 acpi0 acpi0 95909 198477 0 0 3 0x40014200 idle1 34319 114701 0 0 3 0x14200 bored softnet 73053 103690 0 0 3 0x14200 bored systqmp 94213 474782 0 0 3 0x14200 bored systq 92754 505799 0 0 3 0x40014200 bored softclock 75455 17382 0 0 3 0x40014200 idle0 1 17691 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 70763 (syz-executor.0) thread 0xffff800021237500 (125456) exclusive rrwlock inode r = 0 (0xfffffd806558ba38) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 vn_open+0x188 sys/kern/vfs_vnops.c:113 #8 doopenat+0x26a sys/kern/vfs_syscalls.c:1128 #9 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #9 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #10 Xsyscall+0x128 Process 50272 (reaper) thread 0xffff8000211497a0 (405219) exclusive rwlock kmmaplk r = 0 (0xffffffff8298b1a0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvm_unmap+0x78 sys/uvm/uvm_map.c:2068 #4 uvm_uarea_free+0x35 sys/uvm/uvm_glue.c:287 #5 reaper+0x158 sys/kern/kern_exit.c:451 #6 proc_trampoline+0x1c ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10175 6546K 6921K 78643K 19315 0 pcb 13 16K 18K 78643K 841 0 rtable 149 12K 13K 78643K 2990 0 ifaddr 78 18K 18K 78643K 1230 0 sysctl 2 0K 0K 78643K 2 0 counters 48 34K 35K 78643K 244 0 ioctlops 0 0K 4K 78643K 3100 0 iov 0 0K 16K 78643K 677 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1303 82K 82K 78643K 5817 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 55 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 898 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 45K 78643K 7754 0 sigio 0 0K 0K 78643K 15 0 proc 72 111K 111K 78643K 1692 0 subproc 52 3K 3K 78643K 510 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 388 0 in_multi 32 2K 3K 78643K 799 0 ether_multi 1 0K 0K 78643K 79 0 mrt 0 0K 0K 78643K 28 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 91 413K 413K 78643K 91 0 exec 0 0K 2K 78643K 2075 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 409 433K 435K 78643K 100370 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 362 0 NDP 10 0K 1K 78643K 226 0 temp 121 4224K 4304K 78643K 59961 0 kqueue 10 14K 20K 78643K 290 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 537 0 534 8 7 1 3 0 8 0 rtentry 112 631 0 586 2 0 2 2 0 8 0 unpcb 136 3578 0 3563 50 47 3 7 0 8 2 syncache 296 38 0 38 15 15 0 1 0 8 0 tcpqe 32 75 0 75 6 6 0 1 0 8 0 tcpcb 736 1940 0 1936 84 80 4 12 0 8 3 arp 120 82 0 74 1 0 1 1 0 8 0 inpcb 304 6523 0 6515 136 129 7 16 0 8 6 rttmr 72 8 0 8 2 2 0 1 0 8 0 nd6 48 166 0 157 1 0 1 1 0 8 0 pkpcb 40 11 0 11 3 3 0 1 0 8 0 kcovpl 48 39 0 35 1 0 1 1 0 8 0 ppxss 1248 17 0 17 5 5 0 1 0 8 0 pfstscr 40 155 0 155 6 5 1 1 0 8 1 pffrag 232 44 0 44 4 4 0 1 0 482 0 pffrnode 88 44 0 44 4 4 0 1 0 8 0 pffrent 40 663 0 663 7 7 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 421 0 405 3 1 2 2 0 8 0 pftag 88 41 0 41 3 3 0 1 0 8 0 pfstitem 24 43 0 40 1 0 1 1 0 8 0 pfstkey 112 349 0 346 1 0 1 1 0 8 0 pfstate 320 193 0 190 3 2 1 3 0 8 0 pfrule 1360 811 0 748 6 0 6 6 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 2895 0 2717 31 17 14 18 0 8 0 art_table 32 2897 0 2717 3 0 3 3 0 8 0 art_node 16 630 0 592 1 0 1 1 0 8 0 sysvmsgpl 40 36 0 32 1 0 1 1 0 8 0 semapl 112 896 0 886 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 12380 0 10949 90 0 90 90 0 8 0 ffsino 272 12380 0 10949 97 1 96 96 0 8 0 nchpl 144 22521 0 20924 61 0 61 61 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 84338 0 84337 2 1 1 1 0 8 0 percpumem 16 134 0 98 1 0 1 1 0 8 0 vcpupl 2048 27 0 0 4 0 4 4 0 8 0 vmpool 560 27 0 0 2 0 2 2 0 8 0 pfiaddrpl 120 114 0 86 1 0 1 1 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 62161 0 62161 26 25 1 8 0 8 1 plimitpl 152 728 0 717 1 0 1 1 0 8 0 sigapl 424 7933 0 7875 9 2 7 7 0 8 0 futexpl 64 59109 0 59107 1 0 1 1 0 8 0 knotepl 112 120 0 0 3 0 3 3 0 8 0 kqueuepl 216 1892 0 1886 35 34 1 5 0 8 0 pipepl 336 1384 0 1368 25 23 2 7 0 8 0 fdescpl 496 7874 0 7853 6 3 3 4 0 8 0 filepl 152 53493 0 53339 139 128 11 18 0 8 4 lockfpl 104 11114 0 11112 6 5 1 2 0 8 0 lockfspl 48 1965 0 1963 1 0 1 1 0 8 0 sessionpl 144 56 0 43 1 0 1 1 0 8 0 pgrppl 48 116 0 103 1 0 1 1 0 8 0 ucredpl 96 13005 0 12992 1 0 1 1 0 8 0 zombiepl 144 9132 0 9131 1 0 1 1 0 8 0 processpl 1064 7933 0 7875 6 2 4 5 0 8 0 procpl 672 23765 0 23694 32 25 7 8 0 8 0 srpgc 96 58 0 58 13 13 0 1 0 8 0 sosppl 168 51 0 51 13 13 0 1 0 8 0 sockpl 480 10721 0 10695 330 318 12 29 0 8 8 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 28 0 0 4 2 2 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 42 0 0 4 1 3 3 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 278 0 0 19 3 16 19 0 8 0 mtagpl 96 441 0 0 8 2 6 7 0 8 0 mbufpl 256 1358 0 0 73 0 73 73 0 8 0 bufpl 288 17014 0 10669 454 0 454 454 0 8 0 anonpl 24 2292295 0 2273691 225 105 120 141 0 186 1 amapchunkpl 152 246540 0 245760 70 37 33 44 0 158 0 amappl16 200 21854 0 21260 125 90 35 44 0 8 3 amappl15 192 2004 0 2000 2 1 1 1 0 8 0 amappl14 184 691 0 691 4 4 0 1 0 8 0 amappl13 176 558 0 555 1 0 1 1 0 8 0 amappl12 168 1559 0 1555 1 0 1 1 0 8 0 amappl11 160 1009 0 993 1 0 1 1 0 8 0 amappl10 152 493 0 486 1 0 1 1 0 8 0 amappl9 144 1653 0 1651 1 0 1 1 0 8 0 amappl8 136 1432 0 1346 3 0 3 3 0 8 0 amappl7 128 519 0 510 1 0 1 1 0 8 0 amappl6 120 1545 0 1524 1 0 1 1 0 8 0 amappl5 112 5762 0 5740 1 0 1 1 0 8 0 amappl4 104 3363 0 3331 1 0 1 1 0 8 0 amappl3 96 2505 0 2486 1 0 1 1 0 8 0 amappl2 88 2109 0 2062 7 5 2 2 0 8 0 amappl1 80 148168 0 147652 13 1 12 13 0 8 0 amappl 88 99261 0 99008 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 7901 0 7852 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7901 0 7852 1 0 1 1 0 8 0 vmmpekpl 168 64897 0 64852 3 0 3 3 0 8 0 vmmpepl 168 730504 0 728257 405 300 105 122 0 357 2 vmsppl 368 7900 0 7852 5 0 5 5 0 8 0 rwobjpl 56 186110 0 178501 124 15 109 111 0 8 0 pdppl 4096 15810 0 15731 120 39 81 81 0 8 2 pvpl 32 3827292 0 3805077 350 155 195 220 0 265 8 pmappl 248 7900 0 7852 4 0 4 4 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1033 0 170 29 4 25 25 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff827f3ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 kd_curproc sys/dev/kcov.c:571 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 sys/dev/kcov.c:143 __mp_lock(ffffffff82993700) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82993700) at __mp_lock+0x133 sys/kern/kern_lock.c:147 intr_handler(ffff800027b36ab0,ffff800000077500) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff82993700) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82993700) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x1f end of kernel end trace frame: 0x7f7fffffafc0, count: -10 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000c7d028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000c7d018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000c7d000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000211e6dc8) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212362a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212362a0,ffff800027bb3880,ffff800027bb38e0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027bb3950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027bb3950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9