witness: lock_object uninitialized: 0xffff800001305028 Starting stack trace... witness_checkorder(ffff800001305028,9,0) at witness_checkorder+0x1af witness_debugger sys/kern/subr_witness.c:2522 [inline] witness_checkorder(ffff800001305028,9,0) at witness_checkorder+0x1af sys/kern/subr_witness.c:779 rw_enter_write(ffff800001305018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001305000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff8000371c9228) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff1978,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff1978,ffff80003725a8b0,ffff80003725a800) at sys_exit+0x1a syscall(ffff80003725a8b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80003725a8b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6fcaae7917e0, count: 249 End of stack trace. Stopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001305028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff800001305018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001305000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff8000371c9228) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff1978,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff1978,ffff80003725a8b0,ffff80003725a800) at sys_exit+0x1a syscall(ffff80003725a8b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80003725a8b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6fcaae7917e0, count: -9 ddb{0}> show registers rdi 0 rsi 0x4000000000000000 rbp 0xffff80003725a580 rbx 0 rdx 0 rcx 0xffff8000ffff1978 rax 0xffffffff8349fff0 cpu_info_full_primary+0x1ff0 r8 0xffff80003725a520 r9 0x8080808080808080 r10 0xffff80003725a470 r11 0x35799777362ac26 r12 0 r13 0x1 r14 0xffff800001305028 r15 0x3 rip 0xffffffff81610e15 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003725a570 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=453731 pid=51592 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=80, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff8000ffff1978 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff8000ffff0a48,0xffffffff835f1e20 process=0xffff8000371c9228 user=0xffff800037255000, vmspace=0xfffffd80696e4560 estcpu=30, cpticks=10, pctcpu=0.0, user=0, sys=9, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 1037 316907 95751 0 2 0x490 syz-executor 1037 52902 95751 0 3 0x4000090 pipewr syz-executor 1037 103168 95751 0 3 0x4000090 fsleep syz-executor 46929 489472 48911 0 2 0x480 syz-executor 46929 196410 48911 0 3 0x4000080 fsleep syz-executor 46929 308976 48911 0 3 0x4000080 kqread syz-executor 46929 133305 48911 0 3 0x4000080 fsleep syz-executor 99928 379898 9269 -1 2 0x490 syz-executor 99928 341566 9269 -1 3 0x4000090 sbwait syz-executor 99928 243094 9269 -1 3 0x4000090 fsleep syz-executor 99928 28089 9269 -1 3 0x4000090 fsleep syz-executor 99453 196708 0 0 3 0x14280 nfsidl nfsio 70199 258553 0 0 3 0x14280 nfsidl nfsio 58791 326656 0 0 3 0x14280 nfsidl nfsio 93292 370343 0 0 3 0x14280 nfsidl nfsio 43300 170689 0 0 3 0x14280 nfsidl nfsio 56492 7569 0 0 3 0x14280 nfsidl nfsio 92878 69677 0 0 3 0x14280 nfsidl nfsio 27335 432130 0 0 3 0x14280 nfsidl nfsio 47442 80934 0 0 3 0x14280 nfsidl nfsio 91627 454439 0 0 3 0x14280 nfsidl nfsio 72249 197754 0 0 3 0x14280 nfsidl nfsio 66621 73799 0 0 3 0x14280 nfsidl nfsio 33085 349993 0 0 3 0x14280 nfsidl nfsio 2497 266355 0 0 3 0x14280 nfsidl nfsio 39682 221446 0 0 3 0x14280 nfsidl nfsio 15308 409862 0 0 3 0x14280 nfsidl nfsio 38757 380323 0 0 3 0x14280 nfsidl nfsio 80263 17444 0 0 3 0x14280 nfsidl nfsio 60826 147543 0 0 3 0x14280 nfsidl nfsio 28351 421842 0 0 3 0x14280 nfsidl nfsio 80923 171338 0 0 3 0x14200 bored sosplice 29120 250884 0 0 3 0x14200 acct acct 6276 402246 59202 0 2 0x482 syz-executor 98566 281946 59202 0 2 0x482 syz-executor 32848 248795 59202 0 3 0x82 wait syz-executor 9269 294983 59202 0 7 0x2 syz-executor 28374 470463 59202 0 3 0x82 wait syz-executor 56347 110434 59202 0 3 0x82 wait syz-executor 95751 464872 59202 0 2 0x482 syz-executor 48911 199766 59202 0 2 0x482 syz-executor 59202 87365 44853 0 3 0x82 kqread syz-executor 44853 50000 96420 0 3 0x10008a sigsusp ksh 96420 251463 75773 0 3 0x98 kqread sshd-session 75773 12234 49762 0 3 0x92 kqread sshd-session 87647 406525 1 0 2 0x100083 getty 49762 364340 1 0 3 0x88 kqread sshd 81732 239566 87221 74 3 0x1100092 bpf pflogd 87221 184326 1 0 3 0x80 sbwait pflogd 94336 283073 23430 73 2 0x1100090 syslogd 23430 351018 1 0 3 0x100082 sbwait syslogd 40393 263434 1 0 3 0x100080 kqread resolvd 1689 333541 89885 77 3 0x100092 kqread dhcpleased 45222 186196 89885 77 3 0x100092 kqread dhcpleased 89885 71754 1 0 3 0x80 kqread dhcpleased 31565 265916 0 0 2 0x40014200 smr 23392 168063 0 0 3 0x14200 pgzero zerothread 46966 116880 0 0 3 0x14200 aiodoned aiodoned 5060 468617 0 0 3 0x14200 syncer update 41939 362631 0 0 3 0x14200 cleaner cleaner 57513 475394 0 0 3 0x14200 reaper reaper 87292 163548 0 0 3 0x14200 pgdaemon pagedaemon 98385 18412 0 0 3 0x14200 bored viomb 49469 473770 0 0 3 0x40014200 acpi0 acpi0 81063 351167 0 0 3 0x40014200 idle1 64575 334461 0 0 3 0x14200 bored softnet3 28010 107770 0 0 3 0x14200 bored softnet2 22699 330793 0 0 3 0x14200 bored softnet1 17147 2906 0 0 2 0x14200 softnet0 5825 61618 0 0 3 0x14200 bored systqmp 88762 293694 0 0 3 0x14200 bored systq 63833 483597 0 0 3 0x14200 tmoslp softclockmp 62323 444442 0 0 3 0x40014200 tmoslp softclock 29137 212345 0 0 3 0x40014200 idle0 1 242455 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10202 11125K 11501K 166960K 11887 0 pcb 18 13K 14K 166960K 194 0 rtable 216 6K 6K 166960K 367 0 pf 33 17K 25K 166960K 65 0 ifaddr 40 7K 7K 166960K 58 0 ifgroup 51 2K 2K 166960K 78 0 sysctl 2 0K 0K 166960K 2 0 counters 62 36K 36K 166960K 78 0 ioctlops 0 0K 4K 166960K 1521 0 iov 1 4K 16K 166960K 24 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1369 86K 86K 166960K 1642 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 66 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 97K 166960K 498 0 sigio 0 0K 0K 166960K 5 0 proc 74 115K 140K 166960K 576 0 subproc 104 6K 6K 166960K 105 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 55 0 in_multi 88 6K 7K 166960K 122 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 133 599K 599K 166960K 133 0 exec 0 0K 1K 166960K 467 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 255 77K 87K 166960K 6283 0 UVM aobj 17 4K 4K 166960K 19 0 pinsyscall 43 86K 104K 166960K 1592 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 23 0 NDP 11 0K 2K 166960K 38 0 temp 50 6821K 6887K 166960K 12149 0 kqueue 16 21K 28K 166960K 99 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 54 0 51 1 0 1 1 0 8 0 rtentry 112 116 0 15 4 0 4 4 0 8 0 unpcb 144 342 0 323 4 1 3 4 0 8 2 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 808 106 0 100 2 0 2 2 0 8 1 arp 120 20 0 2 1 0 1 1 0 8 0 inpcb 336 552 0 537 5 2 3 5 0 8 1 nd6 136 25 0 4 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 1 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1168 4 0 4 2 1 1 1 0 8 1 pffrag 232 3 0 0 1 0 1 1 0 482 0 pffrnode 88 3 0 0 1 0 1 1 0 8 0 pffrent 40 4 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 45 0 2 1 0 1 1 0 8 0 pfstkey 128 47 0 4 2 0 2 2 0 8 0 pfstate 376 46 0 3 5 0 5 5 0 8 0 pfrule 1344 22 0 16 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 455 0 46 29 2 27 29 0 8 0 art_table 32 456 0 46 4 0 4 4 0 8 0 art_node 16 114 0 24 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 63 0 53 1 0 1 1 0 8 0 shmpl 112 16 0 2 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2170 0 667 95 0 95 95 0 8 0 ffsino 272 2170 0 667 101 0 101 101 0 8 0 nchpl 144 2892 0 1205 63 0 63 63 0 8 0 uvmvnodes 80 2449 0 0 50 0 50 50 0 8 0 vnodes 216 2449 0 0 137 0 137 137 0 8 0 namei 1024 9163 0 9163 2 1 1 2 0 8 1 percpumem 16 53 0 8 1 0 1 1 0 8 0 kstatmem 264 38 0 16 2 0 2 2 0 8 0 scsiplug 72 2 0 2 2 1 1 1 0 8 1 scxspl 216 8214 0 8214 3 2 1 2 1 8 1 plimitpl 152 74 0 55 1 0 1 1 0 8 0 sigapl 424 823 0 751 10 1 9 9 0 8 0 futexpl 64 5733 0 5728 1 0 1 1 0 8 0 knotepl 120 499 0 0 16 0 16 16 0 8 0 kqueuepl 216 120 0 109 1 0 1 1 0 8 0 pipepl 320 141 0 111 3 0 3 3 0 8 0 fdescpl 496 783 0 752 7 2 5 6 0 8 0 filepl 152 3907 0 3632 13 1 12 13 0 8 1 lockfpl 104 133 0 130 1 0 1 1 0 8 0 lockfspl 48 58 0 55 1 0 1 1 0 8 0 sessionpl 144 27 0 18 1 0 1 1 0 8 0 pgrppl 48 42 0 25 1 0 1 1 0 8 0 ucredpl 104 434 0 418 1 0 1 1 0 8 0 zombiepl 144 817 0 812 2 1 1 1 0 8 0 processpl 1160 823 0 751 7 1 6 6 0 8 0 procpl 648 1447 0 1367 7 0 7 7 0 8 0 srpgc 96 2 0 2 1 1 0 1 0 8 0 sosppl 168 4 0 4 1 0 1 1 0 8 1 sockpl 664 956 0 919 9 2 7 9 0 8 3 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 136 0 0 17 0 17 17 0 8 0 mcl2k 2048 22 0 0 3 0 3 3 0 8 0 mtagpl 96 9 0 0 1 0 1 1 0 8 0 mbufpl 256 165 0 0 10 0 10 10 0 8 0 bufpl 280 3839 0 94 268 0 268 268 0 8 0 anonpl 24 167088 0 163456 47 21 26 47 0 185 0 amapchunkpl 152 21094 0 20541 41 10 31 31 0 158 9 amappl16 200 3789 0 3763 16 13 3 14 0 8 0 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 139 0 127 1 0 1 1 0 8 0 amappl13 176 41 0 40 1 0 1 1 0 8 0 amappl12 168 1438 0 1406 3 1 2 2 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 185 0 185 1 1 0 1 0 8 0 amappl8 136 19 0 17 1 0 1 1 0 8 0 amappl7 128 113 0 100 1 0 1 1 0 8 0 amappl6 120 162 0 161 1 0 1 1 0 8 0 amappl5 112 139 0 127 1 0 1 1 0 8 0 amappl4 104 328 0 309 1 0 1 1 0 8 0 amappl3 96 3660 0 3553 3 0 3 3 0 8 0 amappl2 88 1086 0 1000 3 0 3 3 0 8 0 amappl1 80 9872 0 9298 14 0 14 14 0 8 0 amappl 88 5866 0 5674 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 18 0 2 1 0 1 1 0 8 0 uaddrrnd 24 783 0 751 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 783 0 751 1 0 1 1 0 8 0 vmmpekpl 168 8062 0 8015 3 0 3 3 0 8 0 vmmpepl 168 56283 0 54350 104 14 90 100 0 357 4 vmsppl 448 782 0 751 6 2 4 5 0 8 0 rwobjpl 56 21661 0 18239 50 0 50 50 0 8 0 pdppl 4096 1573 0 1502 111 38 73 87 0 8 2 pvpl 32 14706 0 0 119 0 119 119 0 265 0 pmappl 248 782 0 751 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 394 0 49 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001305028,9,0) at witness_checkorder+0x1b4 rw_enter_write(ffff800001305018) at rw_enter_write+0x7a sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800001305000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff8000371c9228) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff8000ffff1978,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff8000ffff1978,ffff80003725a8b0,ffff80003725a800) at sys_exit+0x1a syscall(ffff80003725a8b0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80003725a8b0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6fcaae7917e0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8359d330) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8359d330) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80002a114960) at syscall+0xa11 mi_syscall_return sys/sys/syscall_mi.h:206 [inline] syscall(ffff80002a114960) at syscall+0xa11 sys/arch/amd64/amd64/trap.c:598 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760f44e80de0, count: -6