witness: lock_object uninitialized: 0xffff800000d00028 Starting stack trace... witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000d00018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000ffff94d0) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212322a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212322a0,ffff800027aea200,ffff800027aea260) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027aea2d0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027aea2d0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: 249 End of stack trace. Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000d00018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000ffff94d0) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212322a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212322a0,ffff800027aea200,ffff800027aea260) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027aea2d0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027aea2d0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9 ddb{0}> show registers rdi 0 rsi 0x4000000000000000 rbp 0xffff800027ae9fa0 rbx 0x3 rdx 0 rcx 0 rax 0xffff8000212322a0 r8 0xffff800027ae9f40 r9 0x8080808080808080 r10 0xffff800027ae9e90 r11 0x64e6b2cd01c87de9 r12 0xffff800000d00001 r13 0xffff800000d00028 r14 0 r15 0 rip 0xffffffff8167b298 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027ae9f90 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=222364 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff800021233ce0,0xffff8000212337b0 process=0xffff8000ffff94d0 user=0xffff800027ae5000, vmspace=0xfffffd8064bc95d0 estcpu=34, cpticks=11, pctcpu=0.0 user=0, sys=7, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65376 351009 17063 0 2 0 syz-executor.1 65376 299796 17063 0 2 0x4000000 syz-executor.1 39373 125573 45301 0 2 0 syz-executor.2 39373 517080 45301 0 3 0x4000080 fsleep syz-executor.2 74529 488160 87142 0 2 0 syz-executor.3 74529 167267 87142 0 3 0x4000080 fsleep syz-executor.3 87142 505480 28830 0 2 0x482 syz-executor.3 84721 144445 28830 0 2 0x482 syz-executor.0 27786 112129 0 0 3 0x14200 bored sosplice 45301 437205 28830 0 2 0x482 syz-executor.2 17063 280127 28830 0 2 0x482 syz-executor.1 28830 480748 14064 0 3 0x82 thrsleep syz-fuzzer 28830 515145 14064 0 3 0x4000082 thrsleep syz-fuzzer 28830 5838 14064 0 3 0x4000082 thrsleep syz-fuzzer 28830 76177 14064 0 3 0x4000082 thrsleep syz-fuzzer 28830 427208 14064 0 3 0x4000082 thrsleep syz-fuzzer 28830 27599 14064 0 3 0x4000082 kqread syz-fuzzer 28830 15125 14064 0 3 0x4000082 thrsleep syz-fuzzer 28830 44713 14064 0 3 0x4000082 thrsleep syz-fuzzer 14064 381473 18576 0 3 0x10008a sigsusp ksh 18576 264699 61611 0 3 0x9a poll sshd 92013 148955 1 0 3 0x100083 ttyopn getty 61611 478150 1 0 3 0x88 poll sshd 34645 390610 35690 74 3 0x100092 bpf pflogd 35690 82678 1 0 3 0x80 netio pflogd 34879 352980 67196 73 2 0x100090 syslogd 67196 264741 1 0 3 0x100082 netio syslogd 97407 377755 1 0 3 0x100080 kqread resolvd 28169 430288 63420 77 3 0x100092 kqread dhcpleased 10334 480789 63420 77 3 0x100092 kqread dhcpleased 63420 458412 1 0 3 0x80 kqread dhcpleased 13157 476604 0 0 3 0x14200 bored smr 46690 155863 0 0 2 0x14200 zerothread 5897 198260 0 0 3 0x14200 aiodoned aiodoned 66661 33922 0 0 3 0x14200 syncer update 45831 193567 0 0 3 0x14200 cleaner cleaner 54177 279731 0 0 2 0x14200 reaper 90086 327300 0 0 3 0x14200 pgdaemon pagedaemon 89009 418499 0 0 3 0x14200 bored viomb 17977 357723 0 0 3 0x40014200 acpi0 acpi0 69195 1987 0 0 7 0x40014200 idle1 74593 449622 0 0 3 0x14200 bored softnet 87879 114459 0 0 3 0x14200 bored systqmp 90017 445767 0 0 3 0x14200 bored systq 34353 118218 0 0 2 0x40014200 softclock 99968 45565 0 0 3 0x40014200 idle0 1 478955 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 54177 (reaper) thread 0xffff8000211497a0 (279731) exclusive rwlock kmmaplk r = 0 (0xffffffff828839c8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvm_unmap+0x78 sys/uvm/uvm_map.c:2068 #4 uvm_uarea_free+0x35 sys/uvm/uvm_glue.c:287 #5 reaper+0x158 sys/kern/kern_exit.c:451 #6 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6488K 7313K 78643K 26432 0 pcb 13 14K 16K 78643K 656 0 rtable 154 8K 10K 78643K 1071 0 ifaddr 68 17K 18K 78643K 456 0 sysctl 3 1K 1K 78643K 3 0 counters 48 34K 35K 78643K 182 0 ioctlops 0 0K 8K 78643K 4984 0 iov 0 0K 28K 78643K 281 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1324 83K 84K 78643K 5108 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 53 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 471 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 9 29K 49K 78643K 4131 0 sigio 0 0K 0K 78643K 35 0 proc 76 111K 111K 78643K 813 0 subproc 52 3K 3K 78643K 143 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 131 0 in_multi 47 3K 3K 78643K 265 0 ether_multi 1 0K 0K 78643K 40 0 mrt 0 0K 0K 78643K 10 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 199 890K 890K 78643K 199 0 exec 0 0K 2K 78643K 1141 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 346 296K 312K 78643K 54411 0 UVM aobj 88 3K 3K 78643K 101 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 221 0 NDP 8 0K 1K 78643K 105 0 temp 101 4207K 4319K 78643K 20630 0 kqueue 10 14K 18K 78643K 126 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 269 0 266 5 4 1 3 0 8 0 rtentry 112 262 0 205 2 0 2 2 0 8 0 unpcb 136 1928 0 1913 18 17 1 6 0 8 0 syncache 296 19 0 19 6 5 1 1 0 8 1 tcpqe 32 107 0 107 2 2 0 1 0 8 0 tcpcb 736 1448 0 1444 47 45 2 13 0 8 1 arp 120 27 0 14 1 0 1 1 0 8 0 inpcb 304 4212 0 4204 39 37 2 10 0 8 1 rttmr 72 5 0 5 2 2 0 1 0 8 0 ip6q 72 7 0 7 2 2 0 1 0 8 0 ip6af 40 21 0 21 2 2 0 1 0 8 0 nd6 48 44 0 35 1 0 1 1 0 8 0 pkpcb 40 10 0 10 3 2 1 1 0 8 1 kcovpl 48 11 0 7 1 0 1 1 0 8 0 ppxss 1248 33 0 33 6 5 1 1 0 8 1 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pffrag 232 48 0 45 2 1 1 1 0 482 0 pffrnode 88 48 0 45 2 1 1 1 0 8 0 pffrent 40 486 0 483 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 115 0 107 3 2 1 2 0 8 0 pftag 88 23 0 23 3 3 0 1 0 8 0 pfstitem 24 12 0 10 1 0 1 1 0 8 0 pfstkey 112 20 0 18 1 0 1 1 0 8 0 pfstate 320 16 0 14 2 1 1 2 0 8 0 pfrule 1360 2789 0 2485 28 2 26 26 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1063 0 797 22 4 18 19 0 8 0 art_table 32 1064 0 797 3 0 3 3 0 8 0 art_node 16 261 0 209 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 17 2 1 1 1 0 8 0 semapl 112 469 0 459 1 0 1 1 0 8 0 shmpl 112 98 0 13 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 6867 0 5439 90 0 90 90 0 8 0 ffsino 272 6867 0 5439 96 0 96 96 0 8 0 nchpl 144 12277 0 10672 61 0 61 61 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 45014 0 45014 2 1 1 1 0 8 1 percpumem 16 103 0 67 1 0 1 1 0 8 0 vcpupl 2048 83 0 0 11 0 11 11 0 8 0 vmpool 560 157 0 74 7 1 6 7 0 8 0 pfiaddrpl 120 42 0 27 2 1 1 1 0 8 0 scxspl 216 37765 0 37765 15 14 1 8 0 8 1 plimitpl 152 472 0 461 1 0 1 1 0 8 0 sigapl 424 4369 0 4331 7 1 6 7 0 8 0 futexpl 64 33977 0 33975 1 0 1 1 0 8 0 knotepl 112 81 0 0 3 0 3 3 0 8 0 kqueuepl 216 1421 0 1410 31 26 5 5 0 8 4 pipepl 336 702 0 685 19 17 2 7 0 8 0 fdescpl 496 4334 0 4312 4 1 3 4 0 8 0 filepl 152 27447 0 27293 52 42 10 16 0 8 4 lockfpl 104 800 0 798 1 0 1 1 0 8 0 lockfspl 48 263 0 261 1 0 1 1 0 8 0 sessionpl 144 27 0 14 1 0 1 1 0 8 0 pgrppl 48 27 0 14 1 0 1 1 0 8 0 ucredpl 96 3305 0 3292 1 0 1 1 0 8 0 zombiepl 144 5749 0 5748 2 1 1 1 0 8 0 processpl 1064 4369 0 4331 4 0 4 4 0 8 0 procpl 672 12119 0 12070 8 3 5 7 0 8 0 srpgc 96 8 0 8 2 2 0 1 0 8 0 sosppl 168 39 0 39 8 7 1 1 0 8 1 sockpl 480 6423 0 6398 107 102 5 28 0 8 1 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 15 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 204 0 0 23 0 23 23 0 8 0 mtagpl 96 1093 0 0 25 0 25 25 0 8 0 mbufpl 256 2356 0 0 141 0 141 141 0 8 0 bufpl 288 10362 0 4017 454 0 454 454 0 8 0 anonpl 24 1238711 0 1219745 180 42 138 138 0 186 17 amapchunkpl 152 134935 0 134158 88 48 40 45 0 158 9 amappl16 200 11862 0 11236 82 38 44 46 0 8 11 amappl15 192 494 0 493 1 0 1 1 0 8 0 amappl14 184 1188 0 1182 1 0 1 1 0 8 0 amappl13 176 85 0 84 1 0 1 1 0 8 0 amappl12 168 1117 0 1112 1 0 1 1 0 8 0 amappl11 160 469 0 455 1 0 1 1 0 8 0 amappl10 152 70 0 62 1 0 1 1 0 8 0 amappl9 144 1460 0 1455 1 0 1 1 0 8 0 amappl8 136 901 0 848 2 0 2 2 0 8 0 amappl7 128 454 0 440 1 0 1 1 0 8 0 amappl6 120 1169 0 1147 1 0 1 1 0 8 0 amappl5 112 2513 0 2494 1 0 1 1 0 8 0 amappl4 104 1945 0 1917 1 0 1 1 0 8 0 amappl3 96 1485 0 1467 1 0 1 1 0 8 0 amappl2 88 1717 0 1670 2 0 2 2 0 8 0 amappl1 80 81675 0 81163 13 1 12 13 0 8 0 amappl 88 53777 0 53539 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 100 0 13 2 0 2 2 0 8 0 uaddrrnd 24 4491 0 4385 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4491 0 4385 1 0 1 1 0 8 0 vmmpekpl 168 33005 0 32944 3 0 3 3 0 8 0 vmmpepl 168 395938 0 393526 171 55 116 119 0 357 10 vmsppl 368 4490 0 4385 10 0 10 10 0 8 0 rwobjpl 56 103645 0 96101 112 2 110 110 0 8 3 pdppl 4096 8990 0 8853 165 28 137 139 0 8 0 pvpl 32 2054257 0 2031414 295 76 219 219 0 265 31 pmappl 248 4490 0 4385 7 0 7 7 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1126 0 99 30 0 30 30 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000d00028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000d00018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000d00000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000ffff94d0) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff8000212322a0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225 sys_exit(ffff8000212322a0,ffff800027aea200,ffff800027aea260) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800027aea2d0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027aea2d0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffafc0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5