witness: lock_object uninitialized: 0xffff800000e8e028 Starting stack trace... witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x137 witness_debugger sys/kern/subr_witness.c:2510 [inline] witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x137 sys/kern/subr_witness.c:777 rw_enter_write(ffff800000e8e018) at rw_enter_write+0x5c sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:92 [inline] unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002126d508) at unveil_destroy+0xad sys/kern/kern_unveil.c:183 exit1(ffff80002121f5e0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff80002121f5e0,ffff800022ce7d60,ffff800022ce7db0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800022ce7e30 ) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] ) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x719a61dc8990, count: 249 End of stack trace. Stopped at db_enter+0x1c: addq $0x8,%rsp ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x13c witness_debugger sys/kern/subr_witness.c:2510 [inline] witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x13c sys/kern/subr_witness.c:777 rw_enter_write(ffff800000e8e018) at rw_enter_write+0x5c sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:92 [inline] unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002126d508) at unveil_destroy+0xad sys/kern/kern_unveil.c:183 exit1(ffff80002121f5e0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff80002121f5e0,ffff800022ce7d60,ffff800022ce7db0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800022ce7e30) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800022ce7e30) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x719a61dc8990, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800022ce7b00 rbx 0x3 rdx 0 rcx 0xffff80002121f5e0 rax 0xffffffff82b97ff0 cpu_info_full_primary+0x1ff0 r8 0xffff800022ce7aa0 r9 0x8080808080808080 r10 0x2dfa7941215a8d7 r11 0x2dd015f02a58d95c r12 0xffff800000e8e001 r13 0xffff800000e8e028 r14 0 r15 0 rip 0xffffffff8255bacc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800022ce7af0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=192641 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002121f328,0xffff800021281128 process=0xffff80002126d508 user=0xffff800022ce2000, vmspace=0xfffffd806efdf008 estcpu=36, cpticks=11, pctcpu=0.3 user=0, sys=7, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 31986 373012 97885 0 2 0 syz-executor.6 69438 203109 58431 -1 3 0x10 vmmaplk syz-executor.7 69438 341984 58431 -1 3 0x4000090 fsleep syz-executor.7 69438 84495 58431 -1 2 0x4000010 syz-executor.7 18759 404482 26295 0 2 0 syz-executor.5 18759 118745 26295 0 3 0x4000080 fsleep syz-executor.5 24056 362165 66640 0 2 0 syz-executor.2 24056 262244 66640 0 3 0x4000080 fsleep syz-executor.2 63131 101851 9694 0 2 0 syz-executor.4 63131 477762 9694 0 3 0x4000080 fsleep syz-executor.4 63131 467083 9694 0 3 0x4000080 fsleep syz-executor.4 75519 113693 62828 0 2 0x482 syz-executor.0 97885 91771 62828 0 2 0x482 syz-executor.6 26295 310615 62828 0 2 0x482 syz-executor.5 9694 240650 62828 0 2 0x482 syz-executor.4 38947 181384 62828 0 2 0x482 syz-executor.1 58431 53634 62828 0 2 0x482 syz-executor.7 65303 478716 62828 0 2 0x482 syz-executor.3 90722 347378 0 0 3 0x14200 acct acct 84375 491211 1 0 2 0x100083 getty 66640 369609 62828 0 2 0x482 syz-executor.2 57643 152611 0 0 3 0x14280 nfsidl nfsio 28905 379856 0 0 3 0x14280 nfsidl nfsio 27498 111605 0 0 3 0x14280 nfsidl nfsio 81411 495338 0 0 3 0x14280 nfsidl nfsio 52490 123378 0 0 3 0x14280 nfsidl nfsio 82273 372876 0 0 3 0x14280 nfsidl nfsio 56516 344089 0 0 3 0x14280 nfsidl nfsio 74326 310549 0 0 3 0x14280 nfsidl nfsio 67420 45329 0 0 3 0x14280 nfsidl nfsio 4938 224734 0 0 3 0x14280 nfsidl nfsio 88809 19150 0 0 3 0x14280 nfsidl nfsio 80966 335825 0 0 3 0x14280 nfsidl nfsio 78369 453123 0 0 3 0x14280 nfsidl nfsio 48882 166981 0 0 3 0x14280 nfsidl nfsio 69711 257934 0 0 3 0x14280 nfsidl nfsio 35332 230704 0 0 3 0x14280 nfsidl nfsio 42952 479689 0 0 3 0x14280 nfsidl nfsio 86512 130616 0 0 3 0x14280 nfsidl nfsio 53344 321813 0 0 3 0x14280 nfsidl nfsio 63913 449745 0 0 3 0x14280 nfsidl nfsio 15361 287029 0 0 3 0x14200 bored sosplice 62828 182417 60220 0 3 0x2000082 wait syz-fuzzer 62828 30170 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 384921 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 163493 60220 0 3 0x6000082 wait syz-fuzzer 62828 507128 60220 0 3 0x6000082 wait syz-fuzzer 62828 107895 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 215519 60220 0 3 0x6000082 wait syz-fuzzer 62828 138388 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 67397 60220 0 3 0x6000082 wait syz-fuzzer 62828 439550 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 192535 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 129691 60220 0 3 0x6000082 thrsleep syz-fuzzer 62828 104094 60220 0 3 0x6000082 kqread syz-fuzzer 62828 176167 60220 0 3 0x6000082 wait syz-fuzzer 62828 427593 60220 0 3 0x6000082 wait syz-fuzzer 62828 23611 60220 0 3 0x6000082 wait syz-fuzzer 60220 414671 11162 0 3 0x10008a sigsusp ksh 11162 257211 34611 0 3 0x9a kqread sshd 34611 212692 1 0 3 0x88 kqread sshd 84089 257581 21600 74 3 0x1100092 bpf pflogd 21600 226911 1 0 3 0x80 netio pflogd 70839 109982 65204 73 2 0x1100090 syslogd 65204 235825 1 0 3 0x100082 netio syslogd 94062 281140 1 0 3 0x100080 kqread resolvd 35505 492909 11351 77 3 0x100092 kqread dhcpleased 88887 11512 11351 77 3 0x100092 kqread dhcpleased 11351 494511 1 0 3 0x80 kqread dhcpleased 51145 197207 0 0 3 0x14200 bored smr 65937 53148 0 0 2 0x14200 zerothread 81326 375289 0 0 3 0x14200 aiodoned aiodoned 20516 511116 0 0 3 0x14200 syncer update 92883 510299 0 0 3 0x14200 cleaner cleaner 31380 357588 0 0 2 0x14200 reaper 70693 171651 0 0 3 0x14200 pgdaemon pagedaemon 18422 93799 0 0 3 0x14200 bored viomb 29585 24242 0 0 3 0x40014200 acpi0 acpi0 13559 184880 0 0 7 0x40014200 idle1 54101 126676 0 0 3 0x14200 bored softnet3 19330 438357 0 0 3 0x14200 bored softnet2 7725 82585 0 0 3 0x14200 bored softnet1 49783 408696 0 0 2 0x14200 softnet0 51690 227398 0 0 3 0x14200 bored systqmp 64773 71305 0 0 3 0x14200 bored systq 42117 454879 0 0 2 0x40014200 softclock 38094 152012 0 0 3 0x40014200 idle0 1 104183 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 69438 (syz-executor.7) thread 0xffff800021280ba8 (84495) exclusive rwlock vmmaplk r = 0 (0xfffffd807eff9da8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 vm_map_lock_ln+0xfa sys/uvm/uvm_map.c:5345 #3 uvmfault_lookup+0xb6 sys/uvm/uvm_fault.c:1767 #4 uvm_fault_check+0x65d uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] #4 uvm_fault_check+0x65d sys/uvm/uvm_fault.c:711 #5 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #6 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 #7 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 #8 recall_trap+0x8 Process 31380 (reaper) thread 0xffff8000211ad5c8 (357588) exclusive rwlock kmmaplk r = 0 (0xffffffff82d63c90) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 vm_map_lock_ln+0xfa sys/uvm/uvm_map.c:5345 #3 uvm_unmap+0x7c sys/uvm/uvm_map.c:1855 #4 uvm_uarea_free+0x39 sys/uvm/uvm_glue.c:288 #5 reaper+0x168 sys/kern/kern_exit.c:438 #6 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10227 6625K 7399K 78643K 36441 0 pcb 15 18K 22K 78643K 14151 0 rtable 239 7K 7K 78643K 1230 0 pf 32 9K 10K 78643K 303 0 ifaddr 45 16K 17K 78643K 240 0 ifgroup 55 2K 2K 78643K 479 0 sysctl 2 0K 2K 78643K 5 0 counters 60 35K 36K 78643K 290 0 ioctlops 0 0K 4K 78643K 1785 0 iov 0 0K 26K 78643K 1512 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1708 107K 107K 78643K 11106 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 161 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 525 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 89K 78643K 17308 0 sigio 0 0K 0K 78643K 542 0 proc 76 115K 128K 78643K 2054 0 subproc 104 6K 9K 78643K 509 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1750 0 in_multi 99 7K 7K 78643K 2039 0 ether_multi 1 0K 0K 78643K 7 0 mrt 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 223 996K 996K 78643K 223 0 exec 0 0K 1K 78643K 2418 0 pfkey data 0 0K 0K 78643K 7 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 458 96K 111K 78643K 169561 0 UVM aobj 131 4K 4K 78643K 132 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 404 0 NDP 12 0K 1K 78643K 191 0 temp 74 5920K 6052K 78643K 124174 0 kqueue 12 18K 28K 78643K 960 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 291 0 288 1 0 1 1 0 8 0 rtentry 112 413 0 302 4 0 4 4 0 8 0 unpcb 144 10033 0 10018 99 95 4 6 0 8 3 syncache 296 118 0 118 27 27 0 1 0 8 0 tcpqe 32 387 0 387 23 23 0 1 0 8 0 tcpcb 808 3620 0 3609 139 132 7 14 0 8 4 arp 120 71 0 53 1 0 1 1 0 8 0 inpcb 368 23599 0 23583 291 283 8 18 0 8 2 nd6 136 108 0 83 2 0 2 2 0 8 0 pkpcb 40 118 0 118 6 6 0 1 0 8 0 kcovpl 48 32 0 24 1 0 1 1 0 8 0 ppxss 1256 33 0 33 10 10 0 1 0 8 0 pffrag 232 90 0 90 3 2 1 1 0 482 1 pffrnode 88 90 0 90 3 2 1 1 0 8 1 pffrent 40 420 0 420 3 2 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 390 0 369 1 0 1 1 0 8 0 pfstkey 128 391 0 370 2 0 2 2 0 8 0 pfstate 376 391 0 370 8 5 3 5 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1577 0 1113 31 1 30 30 0 8 0 art_table 32 1578 0 1113 4 0 4 4 0 8 0 art_node 16 391 0 290 1 0 1 1 0 8 0 sysvmsgpl 40 58 0 46 2 1 1 1 0 8 0 semapl 112 517 0 507 1 0 1 1 0 8 0 shmpl 112 129 0 1 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 24325 0 22773 98 0 98 98 0 8 0 ffsino 272 24325 0 22773 104 0 104 104 0 8 0 nchpl 144 48359 0 47842 64 40 24 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 160825 0 160825 11 8 3 3 0 8 3 percpumem 16 158 0 115 1 0 1 1 0 8 0 kstatmem 264 254 0 230 2 0 2 2 0 8 0 scxspl 216 138312 0 138312 46 45 1 8 1 8 1 plimitpl 152 1795 0 1778 1 0 1 1 0 8 0 sigapl 424 17630 0 17560 10 2 8 8 0 8 0 futexpl 64 154717 0 154712 1 0 1 1 0 8 0 knotepl 120 1037 0 0 19 2 17 18 0 8 0 kqueuepl 216 2772 0 2764 52 51 1 6 0 8 0 pipepl 320 3193 0 3165 98 95 3 8 0 8 0 fdescpl 496 17567 0 17539 5 1 4 5 0 8 0 filepl 152 110764 0 110523 209 194 15 21 0 8 4 lockfpl 104 6776 0 6762 14 13 1 3 0 8 0 lockfspl 48 2584 0 2572 1 0 1 1 0 8 0 sessionpl 144 51 0 34 1 0 1 1 0 8 0 pgrppl 48 491 0 474 1 0 1 1 0 8 0 ucredpl 104 18101 0 18079 1 0 1 1 0 8 0 zombiepl 144 18048 0 18045 3 2 1 1 0 8 0 processpl 1072 17630 0 17560 5 0 5 5 0 8 0 procpl 696 47422 0 47330 26 16 10 10 0 8 0 sosppl 168 141 0 141 24 24 0 1 0 8 0 sockpl 488 34296 0 34262 599 586 13 29 0 8 5 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 39 0 0 4 2 2 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 15 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 3 0 3 3 0 8 0 mcl4k 4096 49 0 0 3 0 3 3 0 8 0 mcl2k2 2112 9 0 0 1 0 1 1 0 8 0 mcl2k 2048 546 0 0 37 11 26 37 0 8 0 mtagpl 96 1097 0 0 21 0 21 21 0 8 0 mbufpl 256 2217 0 0 98 0 98 98 0 8 0 bufpl 288 30956 0 24630 453 0 453 453 0 8 0 anonpl 24 1598067 0 1586204 208 111 97 110 0 186 0 amapchunkpl 152 540059 0 539159 94 55 39 50 0 158 0 amappl16 200 30054 0 29706 162 134 28 32 0 8 8 amappl15 192 17 0 16 1 0 1 1 0 8 0 amappl14 184 299 0 277 2 0 2 2 0 8 0 amappl13 176 16 0 15 1 0 1 1 0 8 0 amappl12 168 18613 0 18577 3 1 2 2 0 8 0 amappl11 160 73 0 58 1 0 1 1 0 8 0 amappl10 152 76 0 64 1 0 1 1 0 8 0 amappl9 144 388 0 388 29 29 0 1 0 8 0 amappl8 136 835 0 668 7 1 6 6 0 8 0 amappl7 128 127 0 114 2 1 1 2 0 8 0 amappl6 120 569 0 544 2 1 1 2 0 8 0 amappl5 112 558 0 547 1 0 1 1 0 8 0 amappl4 104 1010 0 957 3 1 2 3 0 8 0 amappl3 96 105387 0 105296 4 1 3 3 0 8 0 amappl2 88 18407 0 18330 3 1 2 3 0 8 0 amappl1 80 71526 0 70967 24 11 13 23 0 8 0 amappl 88 168374 0 168113 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 131 0 1 3 0 3 3 0 8 0 uaddrrnd 24 17567 0 17538 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17567 0 17538 1 0 1 1 0 8 0 vmmpekpl 168 131154 0 131078 5 1 4 4 0 8 0 vmmpepl 168 1032924 0 1030479 324 198 126 147 0 357 1 vmsppl 464 17566 0 17538 5 1 4 5 0 8 0 rwobjpl 56 246422 0 238790 125 14 111 111 0 8 0 pdppl 4096 35142 0 35076 817 747 70 82 0 8 4 pvpl 32 4444229 0 4426144 531 352 179 350 0 265 0 pmappl 248 17566 0 17538 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2109 0 1196 27 0 27 27 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x13c witness_debugger sys/kern/subr_witness.c:2510 [inline] witness_checkorder(ffff800000e8e028,9,0) at witness_checkorder+0x13c sys/kern/subr_witness.c:777 rw_enter_write(ffff800000e8e018) at rw_enter_write+0x5c sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:92 [inline] unveil_delete_names(ffff800000e8e000) at unveil_delete_names+0x34 sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002126d508) at unveil_destroy+0xad sys/kern/kern_unveil.c:183 exit1(ffff80002121f5e0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff80002121f5e0,ffff800022ce7d60,ffff800022ce7db0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800022ce7e30) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800022ce7e30) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x719a61dc8990, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:199 end trace frame: 0x0, count: -5