witness: lock_object uninitialized: 0xffff800000fa9028 Starting stack trace... witness_checkorder(ffff800000fa9028,9,0) at witness_checkorder+0x13b witness_debugger sys/kern/subr_witness.c:2510 [inline] witness_checkorder(ffff800000fa9028,9,0) at witness_checkorder+0x13b sys/kern/subr_witness.c:777 rw_enter_write(ffff800000fa9018) at rw_enter_write+0x5f sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000fa9000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff800033d7a810) at unveil_destroy+0x9d sys/kern/kern_unveil.c:183 exit1(ffff80002a20c2b0,0,0,3) at exit1+0x3d9 sys/kern/kern_exit.c:218 single_thread_check_locked(ffff80002a20c2b0,0,0) at single_thread_check_locked+0x227 sys/kern/kern_sig.c:2045 userret(ffff80002a20c2b0) at userret+0x79 single_thread_check sys/kern/kern_sig.c:2084 [inline] userret(ffff80002a20c2b0) at userret+0x79 sys/kern/kern_sig.c:2000 syscall(ffff80002a27ad20) at syscall+0x765 mi_syscall_return sys/sys/syscall_mi.h:207 [inline] syscall(ffff80002a27ad20) at syscall+0x765 sys/arch/amd64/amd64/trap.c:598 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a745e03a6d0, count: 248 End of stack trace. Stopped at db_enter+0x1c: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800000fa9028,9,0) at witness_checkorder+0x140 rw_enter_write(ffff800000fa9018) at rw_enter_write+0x5f sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000fa9000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff800033d7a810) at unveil_destroy+0x9d sys/kern/kern_unveil.c:183 exit1(ffff80002a20c2b0,0,0,3) at exit1+0x3d9 sys/kern/kern_exit.c:218 single_thread_check_locked(ffff80002a20c2b0,0,0) at single_thread_check_locked+0x227 sys/kern/kern_sig.c:2045 userret(ffff80002a20c2b0) at userret+0x79 single_thread_check sys/kern/kern_sig.c:2084 [inline] userret(ffff80002a20c2b0) at userret+0x79 sys/kern/kern_sig.c:2000 syscall(ffff80002a27ad20) at syscall+0x765 mi_syscall_return sys/sys/syscall_mi.h:207 [inline] syscall(ffff80002a27ad20) at syscall+0x765 sys/arch/amd64/amd64/trap.c:598 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a745e03a6d0, count: -10 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a27a930 rbx 0 rdx 0 rcx 0xffff80002a20c2b0 rax 0xffff800029cebff0 r8 0xffff80002a27a8d0 r9 0x8080808080808080 r10 0x854aee05dfce9d03 r11 0x660f7a38f5b9f274 r12 0 r13 0x1 r14 0xffff800000fa9028 r15 0x3 rip 0xffffffff815a061c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a27a920 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.7) tid=460799 pid=73339 tcnt=1 stat=onproc flags process=8001008 proc=82000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a232d18 forw=0xffffffffffffffff, list=0xffff80002a2334c8,0xffff8000ffff3230 process=0xffff800033d7a810 user=0xffff80002a275000, vmspace=0xfffffd806bf2cc10 estcpu=36, cpticks=10, pctcpu=0.0, user=0, sys=9, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 34265 277128 53930 0 2 0x8000000 syz-executor.3 34265 23239 53930 0 2 0xc000000 syz-executor.3 58171 426525 44004 0 2 0x8000000 syz-executor.4 58171 488364 44004 0 3 0xc000000 futex syz-executor.4 39824 513208 21854 0 3 0x8000080 nanoslp syz-executor.2 39824 419121 21854 0 3 0xc000080 ttyopn syz-executor.2 39824 253652 21854 0 3 0xc000080 fsleep syz-executor.2 94089 32810 34238 0 3 0x8000082 nanoslp syz-executor.1 92255 355888 34238 0 2 0x8000002 syz-executor.0 71822 329930 0 0 3 0x14200 acct acct 32917 438170 34238 0 2 0x8000002 syz-executor.6 53930 66128 34238 0 3 0x8000082 nanoslp syz-executor.3 45689 478698 34238 0 2 0x8000002 syz-executor.5 45111 396934 34238 0 3 0x8000082 nanoslp syz-executor.7 44004 62670 34238 0 3 0x8000082 nanoslp syz-executor.4 30868 185261 1 0 3 0x18100083 ttyin getty 21854 220830 34238 0 3 0x8000082 nanoslp syz-executor.2 43139 360255 0 0 3 0x14200 bored sosplice 34238 247062 67123 0 3 0x1a000082 wait syz-fuzzer 34238 29791 67123 0 3 0x1e000082 nanoslp syz-fuzzer 34238 208778 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 391387 67123 0 3 0x1e000082 kqread syz-fuzzer 34238 439726 67123 0 3 0x1e000082 wait syz-fuzzer 34238 48602 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 389382 67123 0 3 0x1e000082 wait syz-fuzzer 34238 387080 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 5008 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 146923 67123 0 3 0x1e000082 wait syz-fuzzer 34238 399100 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 451667 67123 0 3 0x1e000082 thrsleep syz-fuzzer 34238 235526 67123 0 3 0x1e000082 wait syz-fuzzer 34238 306290 67123 0 3 0x1e000082 wait syz-fuzzer 34238 149722 67123 0 3 0x1e000082 wait syz-fuzzer 34238 419840 67123 0 3 0x1e000082 wait syz-fuzzer 67123 436211 7173 0 3 0x810008a sigsusp ksh 7173 156643 2702 0 3 0x1800009a kqread sshd 2702 56831 1 0 3 0x18000088 kqread sshd 15117 241241 61273 74 3 0x19100092 bpf pflogd 61273 321099 1 0 3 0x18000080 sbwait pflogd 72895 461817 36975 73 7 0x19100011 syslogd 36975 20811 1 0 3 0x18100082 sbwait syslogd 62894 485275 1 0 3 0x18100080 kqread resolvd 15465 5743 58583 77 3 0x18100092 kqread dhcpleased 70489 152005 58583 77 3 0x18100092 kqread dhcpleased 58583 405687 1 0 3 0x18000080 kqread dhcpleased 55668 91463 0 0 3 0x14200 bored smr 67380 490634 0 0 2 0x14200 zerothread 5911 108886 0 0 3 0x14200 aiodoned aiodoned 67422 429 0 0 3 0x14200 syncer update 14329 385167 0 0 3 0x14200 cleaner cleaner 67202 204347 0 0 2 0x14200 reaper 23505 326271 0 0 3 0x14200 pgdaemon pagedaemon 43503 198211 0 0 3 0x14200 bored viomb 10664 225635 0 0 3 0x40014200 acpi0 acpi0 34430 286219 0 0 3 0x40014200 idle1 76459 362576 0 0 3 0x14200 bored softnet3 36929 112392 0 0 3 0x14200 bored softnet2 25042 160473 0 0 3 0x14200 bored softnet1 31357 40154 0 0 3 0x14200 bored softnet0 67984 406870 0 0 3 0x14200 bored systqmp 75257 2513 0 0 3 0x14200 bored systq 91413 516545 0 0 3 0x14200 tmoslp softclockmp 62267 487721 0 0 3 0x40014200 tmoslp softclock 79454 59548 0 0 3 0x40014200 idle0 1 501637 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 34265 (syz-executor.3) thread 0xffff80002a233c78 (23239) exclusive rwlock futex r = 0 (0xffffffff82d10830) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1187 #1 sys_futex+0x60 sys/kern/sys_futex.c:98 #2 syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] #2 syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 #3 Xsyscall+0x128 Process 67202 (reaper) thread 0xffff80002a148f68 (204347) exclusive rwlock kmmaplk r = 0 (0xffffffff82d87cf0) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1187 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 vm_map_lock_ln+0xfa sys/uvm/uvm_map.c:5291 #3 uvm_unmap+0x6f sys/uvm/uvm_map.c:1824 #4 uvm_uarea_free+0x39 sys/uvm/uvm_glue.c:288 #5 reaper+0x168 sys/kern/kern_exit.c:452 #6 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 6519K 6870K 166960K 18273 0 pcb 17 18K 19K 166960K 1325 0 rtable 211 15K 16K 166960K 3677 0 pf 35 10K 11K 166960K 480 0 ifaddr 40 16K 18K 166960K 531 0 ifgroup 60 2K 3K 166960K 830 0 sysctl 4 1K 5K 166960K 22 0 counters 66 36K 37K 166960K 488 0 ioctlops 0 0K 4K 166960K 1959 0 iov 0 0K 24K 166960K 637 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1372 86K 87K 166960K 7170 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 194 0 VM map 2 1K 1K 166960K 2 0 sem 17 1K 1K 166960K 141 0 dirhash 12 2K 3K 166960K 258 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 93K 166960K 13813 0 sigio 0 0K 0K 166960K 299 0 proc 78 115K 127K 166960K 3674 0 subproc 104 6K 7K 166960K 1177 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1679 0 in_multi 77 5K 7K 166960K 1376 0 ether_multi 1 0K 0K 166960K 94 0 mrt 2 0K 0K 166960K 45 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 2680 0 pfkey data 0 0K 0K 166960K 23 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 364 413K 416K 166960K 122689 0 UVM aobj 131 5K 5K 166960K 160 0 pinsyscall 39 78K 108K 166960K 17268 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 794 0 NDP 13 0K 2K 166960K 403 0 temp 79 6816K 7312K 166960K 347033 0 kqueue 12 18K 32K 166960K 1528 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 1245 0 1242 6 5 1 3 0 8 0 rtentry 112 1215 0 1124 5 1 4 4 0 8 0 unpcb 144 7269 0 7247 26 25 1 6 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 808 2750 0 2744 47 42 5 8 0 8 3 arp 120 231 0 217 1 0 1 1 0 8 0 inpcb 384 10276 0 10199 83 68 15 17 0 8 5 nd6 136 303 0 279 2 0 2 2 0 8 0 pkpcb 40 44 0 44 19 18 1 1 0 8 1 kcovpl 48 90 0 82 1 0 1 1 0 8 0 ppxss 1168 53 0 53 22 22 0 1 0 8 0 pffrag 232 130 0 128 7 6 1 1 0 482 0 pffrnode 88 110 0 108 7 6 1 1 0 8 0 pffrent 40 474 0 472 9 8 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 629 0 605 1 0 1 1 0 8 0 pfstkey 128 629 0 605 4 3 1 3 0 8 0 pfstate 376 629 0 605 12 9 3 9 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4300 0 3924 54 25 29 31 0 8 0 art_table 32 4301 0 3924 4 0 4 4 0 8 0 art_node 16 1185 0 1102 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 24 1 0 1 1 0 8 0 semupl 112 20 0 20 2 2 0 1 0 8 0 semapl 112 133 0 118 1 0 1 1 0 8 0 shmpl 112 157 0 29 4 0 4 4 0 8 0 dirhash 1024 181 0 164 3 0 3 3 0 8 0 dino2pl 256 21849 0 20254 101 0 101 101 0 8 0 ffsino 272 21849 0 20254 108 0 108 108 0 8 0 nchpl 144 39684 0 37953 67 0 67 67 0 8 0 uvmvnodes 80 10334 0 0 211 0 211 211 0 8 0 vnodes 216 10334 0 0 575 0 575 575 0 8 0 namei 1024 123423 0 123421 18 17 1 4 0 8 0 percpumem 16 258 0 211 1 0 1 1 0 8 0 vcpupl 3904 44 0 1 6 0 6 6 0 8 0 vmpool 696 67 0 24 7 3 4 4 0 8 0 kstatmem 264 448 0 422 3 0 3 3 0 8 0 scsiplug 72 22 0 22 14 14 0 1 0 8 0 scxspl 216 184614 0 184614 35 34 1 8 1 8 1 plimitpl 152 1188 0 1172 1 0 1 1 0 8 0 sigapl 424 14018 0 13970 15 8 7 9 0 8 0 futexpl 64 140211 0 140209 10 9 1 1 0 8 0 knotepl 120 1324 0 0 26 0 26 26 0 8 0 kqueuepl 216 2735 0 2727 6 5 1 3 0 8 0 pipepl 320 1646 0 1618 11 8 3 8 0 8 0 fdescpl 496 13971 0 13944 5 0 5 5 0 8 0 filepl 152 66922 0 66668 30 17 13 20 0 8 0 lockfpl 104 1987 0 1985 1 0 1 1 0 8 0 lockfspl 48 818 0 816 1 0 1 1 0 8 0 sessionpl 144 122 0 105 1 0 1 1 0 8 0 pgrppl 48 363 0 346 1 0 1 1 0 8 0 ucredpl 104 11133 0 11116 1 0 1 1 0 8 0 zombiepl 144 14957 0 14955 2 1 1 1 0 8 0 processpl 1136 14018 0 13970 7 2 5 6 0 8 0 procpl 656 30716 0 30648 11 3 8 10 0 8 0 srpgc 96 74 0 74 18 17 1 1 0 8 1 sosppl 168 179 0 179 32 31 1 1 0 8 1 sockpl 664 18997 0 18895 97 83 14 20 0 8 4 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 13 0 0 2 0 2 2 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 763 0 0 45 21 24 45 0 8 0 mtagpl 96 52 0 0 2 0 2 2 0 8 0 mbufpl 256 2125 0 0 119 0 119 119 0 8 0 bufpl 280 31234 0 20884 741 1 740 740 0 8 0 anonpl 24 1512520 0 1505816 191 120 71 84 0 186 0 amapchunkpl 152 395898 0 395169 170 131 39 49 0 158 3 amappl16 200 28459 0 28316 177 164 13 30 0 8 1 amappl15 192 15 0 13 1 0 1 1 0 8 0 amappl14 184 441 0 427 2 1 1 2 0 8 0 amappl13 176 59 0 58 1 0 1 1 0 8 0 amappl12 168 15971 0 15935 4 1 3 3 0 8 0 amappl11 160 61 0 47 1 0 1 1 0 8 0 amappl10 152 121 0 112 1 0 1 1 0 8 0 amappl9 144 161 0 161 8 8 0 1 0 8 0 amappl8 136 594 0 543 3 0 3 3 0 8 0 amappl7 128 78 0 63 1 0 1 1 0 8 0 amappl6 120 1600 0 1578 2 1 1 2 0 8 0 amappl5 112 520 0 505 1 0 1 1 0 8 0 amappl4 104 1265 0 1226 2 0 2 2 0 8 0 amappl3 96 75256 0 75166 4 1 3 4 0 8 0 amappl2 88 14623 0 14548 3 1 2 3 0 8 0 amappl1 80 56947 0 56401 23 10 13 23 0 8 0 amappl 88 120823 0 120588 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 159 0 29 3 0 3 3 0 8 0 uaddrrnd 24 14038 0 13967 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 14038 0 13967 1 0 1 1 0 8 0 vmmpekpl 168 94189 0 94110 4 0 4 4 0 8 0 vmmpepl 168 824288 0 822243 252 147 105 119 0 357 0 vmsppl 440 14037 0 13967 10 1 9 9 0 8 0 rwobjpl 56 189977 0 178264 196 28 168 171 0 8 0 pdppl 4096 28083 0 27977 425 313 112 112 0 8 6 pvpl 32 45284 0 0 367 1 366 366 0 265 0 pmappl 248 14037 0 13967 6 1 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 951 0 443 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82c9aff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82db4300) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82db4300) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff80002a1da920,ffff800000069c00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff82db4300) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82db4300) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff82db4300) at __mp_lock+0x12e __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82db4300) at __mp_lock+0x12e sys/kern/kern_lock.c:147 ktrgenio(ffff8000ffffd9b0,e,1,ffff800000f38f80,68) at ktrgenio+0x1dd dofilewritev(ffff8000ffffd9b0,e,ffff80002a1dad90,0,ffff80002a1dae50) at dofilewritev+0x393 sys/kern/sys_generic.c:396 sys_writev(ffff8000ffffd9b0,ffff80002a1daf00,ffff80002a1dae50) at sys_writev+0xab sys/kern/sys_generic.c:322 syscall(ffff80002a1daf00) at syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff80002a1daf00) at syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e1ad2dc69c0, count: -15 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800000fa9028,9,0) at witness_checkorder+0x140 rw_enter_write(ffff800000fa9018) at rw_enter_write+0x5f sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000fa9000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff800033d7a810) at unveil_destroy+0x9d sys/kern/kern_unveil.c:183 exit1(ffff80002a20c2b0,0,0,3) at exit1+0x3d9 sys/kern/kern_exit.c:218 single_thread_check_locked(ffff80002a20c2b0,0,0) at single_thread_check_locked+0x227 sys/kern/kern_sig.c:2045 userret(ffff80002a20c2b0) at userret+0x79 single_thread_check sys/kern/kern_sig.c:2084 [inline] userret(ffff80002a20c2b0) at userret+0x79 sys/kern/kern_sig.c:2000 syscall(ffff80002a27ad20) at syscall+0x765 mi_syscall_return sys/sys/syscall_mi.h:207 [inline] syscall(ffff80002a27ad20) at syscall+0x765 sys/arch/amd64/amd64/trap.c:598 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a745e03a6d0, count: -10