witness: lock_object uninitialized: 0xffff800001643030 Starting stack trace... witness_checkorder(ffff800001643030,9,0) at witness_checkorder+0x1af witness_debugger sys/kern/subr_witness.c:2522 [inline] witness_checkorder(ffff800001643030,9,0) at witness_checkorder+0x1af sys/kern/subr_witness.c:779 rw_do_enter_write(ffff800001643018,0) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233 unveil_delete_names(ffff800001643000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002a46aff8) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff80002f09f748,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002f09f748,ffff80003c5e8480,ffff80003c5e83d0) at sys_exit+0x1a syscall(ffff80003c5e8480) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c5e8480) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7bdf7e410260, count: 249 End of stack trace. Stopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001643030,9,0) at witness_checkorder+0x1b4 rw_do_enter_write(ffff800001643018,0) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233 unveil_delete_names(ffff800001643000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002a46aff8) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff80002f09f748,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002f09f748,ffff80003c5e8480,ffff80003c5e83d0) at sys_exit+0x1a syscall(ffff80003c5e8480) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c5e8480) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7bdf7e410260, count: -9 ddb{0}> show registers rdi 0 rsi 0x4000000000000000 rbp 0xffff80003c5e8110 rbx 0 rdx 0 rcx 0xffff80002f09f748 rax 0xffffffff83851ff0 cpu_info_full_primary+0x1ff0 r8 0xffff80003c5e80b0 r9 0x8080808080808080 r10 0xffff80003c5e8000 r11 0x19cf1b20510d678e r12 0 r13 0x1 r14 0xffff800001643030 r15 0x3 rip 0xffffffff81441685 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c5e8100 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=206628 pid=66477 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=85, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002f09f748 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80002f09f228,0xffff80002a35cf90 process=0xffff80002a46aff8 user=0xffff80003c5e3000, vmspace=0xfffffd806be8a1e0 estcpu=35, cpticks=2, pctcpu=0.20, user=0, sys=12, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69607 168793 13301 0 2 0 syz-executor 69607 458986 13301 0 7 0x4000000 syz-executor 83030 409559 10003 0 2 0 syz-executor 83030 15545 10003 0 3 0x4000080 fsleep syz-executor 86571 24885 92211 0 2 0x480 syz-executor 86571 381151 92211 0 3 0x4000080 pipewr syz-executor 86571 117012 92211 0 3 0x4000080 fsleep syz-executor 5864 358081 45143 0 2 0x2 sshd-session 20402 124506 46449 0 2 0x480 syz-executor 20402 158477 46449 0 3 0x4000080 sbwait syz-executor 20402 411479 46449 0 3 0x4000080 fsleep syz-executor 84461 306733 49516 0 2 0x2 syz-executor 44067 160485 0 0 3 0x14200 acct acct 13301 122119 49516 0 2 0x482 syz-executor 21487 449607 0 0 3 0x14280 nfsidl nfsio 14177 478923 0 0 3 0x14280 nfsidl nfsio 9109 518259 0 0 3 0x14280 nfsidl nfsio 93198 10067 0 0 3 0x14280 nfsidl nfsio 70000 371324 0 0 3 0x14280 nfsidl nfsio 59035 415562 0 0 3 0x14280 nfsidl nfsio 67722 4995 0 0 3 0x14280 nfsidl nfsio 81903 134719 0 0 3 0x14280 nfsidl nfsio 14174 469212 0 0 3 0x14280 nfsidl nfsio 80574 350662 0 0 3 0x14280 nfsidl nfsio 44581 56567 0 0 3 0x14280 nfsidl nfsio 69682 343344 0 0 3 0x14280 nfsidl nfsio 42912 29393 0 0 3 0x14280 nfsidl nfsio 11503 487380 0 0 3 0x14280 nfsidl nfsio 85808 244596 0 0 3 0x14280 nfsidl nfsio 67518 272608 0 0 3 0x14280 nfsidl nfsio 66105 35763 0 0 3 0x14280 nfsidl nfsio 52148 230922 0 0 3 0x14280 nfsidl nfsio 57581 346650 0 0 3 0x14280 nfsidl nfsio 32821 214477 0 0 3 0x14280 nfsidl nfsio 89106 113306 49516 0 3 0x82 piperd syz-executor 79976 168428 45143 0 3 0x82 sbwait sshd-session 89499 281288 0 0 3 0x14200 bored sosplice 92211 81410 49516 0 2 0x482 syz-executor 25018 449486 49516 0 2 0x482 syz-executor 46449 148283 49516 0 2 0x482 syz-executor 95386 341550 49516 0 2 0x482 syz-executor 10003 118141 49516 0 2 0x482 syz-executor 49516 376777 17214 0 2 0x2 syz-executor 17214 480540 34914 0 3 0x10008a sigsusp ksh 34914 158501 83655 0 3 0x98 kqread sshd-session 83655 434485 45143 0 3 0x92 kqread sshd-session 68581 136739 1 0 2 0x100083 getty 45143 208971 1 0 3 0x88 kqread sshd 13978 66137 9442 74 3 0x1100092 bpf pflogd 9442 362473 1 0 3 0x80 sbwait pflogd 1018 295868 40472 73 2 0x1100090 syslogd 40472 239682 1 0 3 0x100082 sbwait syslogd 7490 420548 1 0 3 0x100080 kqread resolvd 84495 417843 12231 77 3 0x100092 kqread dhcpleased 66541 492819 12231 77 3 0x100092 kqread dhcpleased 12231 476404 1 0 3 0x80 kqread dhcpleased 11039 263413 0 0 2 0x14200 smr 87595 23050 0 0 2 0x14200 zerothread 30713 511693 0 0 3 0x14200 aiodoned aiodoned 51018 493286 0 0 3 0x14200 syncer update 66178 406279 0 0 3 0x14200 cleaner cleaner 8549 244076 0 0 2 0x14200 reaper 49907 435768 0 0 3 0x14200 pgdaemon pagedaemon 48085 431856 0 0 3 0x14200 bored viomb 59195 276546 0 0 3 0x40014200 acpi0 acpi0 31123 50518 0 0 3 0x40014200 idle1 18180 61787 0 0 3 0x14200 bored softnet3 68273 296247 0 0 3 0x14200 bored softnet2 32097 330072 0 0 3 0x14200 bored softnet1 33960 374062 0 0 2 0x14200 softnet0 69718 42577 0 0 2 0x14200 systqmp 8583 18021 0 0 3 0x14200 bored systq 18439 289363 0 0 3 0x14200 tmoslp softclockmp 8519 434072 0 0 2 0x40014200 softclock 50589 279869 0 0 3 0x40014200 idle0 1 49002 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 84461 (syz-executor) thread 0xffff80002a35f498 (306733) exclusive rwlock vmmaplk r = 0 (0xfffffd806be8ad90) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #3 uvmspace_fork+0x44 sys/uvm/uvm_map.c:3811 #4 process_new+0x553 sys/kern/kern_fork.c:279 #5 fork1+0x3ea sys/kern/kern_fork.c:405 #6 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 8549 (reaper) thread 0xffff8000ffffca48 (244076) exclusive rwlock kmmaplk r = 0 (0xffffffff838cfdb0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #3 uvm_unmap+0x81 sys/uvm/uvm_map.c:1792 #4 km_free+0x87 sys/uvm/uvm_km.c:833 #5 uvm_uarea_free+0x4f sys/uvm/uvm_glue.c:284 #6 reaper+0x1fe sys/kern/kern_exit.c:466 #7 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10240 11125K 12370K 166960K 16908 0 pcb 18 18K 20K 166960K 599 0 rtable 134 6K 9K 166960K 1421 0 pf 36 18K 20K 166960K 210 0 ifaddr 30 5K 8K 166960K 160 0 ifgroup 56 2K 3K 166960K 262 0 sysctl 4 1K 2K 166960K 20 0 counters 66 36K 37K 166960K 216 0 ioctlops 0 0K 4K 166960K 1841 0 iov 0 0K 26K 166960K 217 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1506 95K 95K 166960K 4476 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 6K 14K 166960K 68 0 VM map 2 1K 1K 166960K 2 0 sem 28 28K 44K 166960K 56 0 dirhash 12 2K 2K 166960K 81 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 224K 166960K 3428 0 sigio 1 0K 0K 166960K 61 0 proc 79 115K 128K 166960K 1122 0 subproc 72 4K 4K 166960K 163 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 488 0 in_multi 37 2K 7K 166960K 291 0 ether_multi 1 0K 0K 166960K 18 0 mrt 1 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 1049 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 243 74K 88K 166960K 33194 0 UVM aobj 235 7K 7K 166960K 243 0 pinsyscall 46 92K 106K 166960K 4866 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 171 0 NDP 12 0K 2K 166960K 115 0 temp 80 8644K 8887K 166960K 110580 0 kqueue 13 20K 30K 166960K 539 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 408 0 405 6 5 1 3 0 8 0 rtentry 112 478 0 426 4 0 4 4 0 8 0 unpcb 144 2125 0 2108 13 12 1 6 0 8 0 syncache 336 32 0 31 3 2 1 1 0 8 0 tcpqe 32 9 0 9 5 4 1 1 0 8 1 tcpcb 808 1181 0 1104 35 27 8 8 0 8 0 arp 120 114 0 101 1 0 1 1 0 8 0 inpcb 376 4101 0 4020 41 32 9 12 0 8 0 nd6 136 67 0 59 3 1 2 2 0 8 0 pkpcb 40 84 0 84 5 5 0 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 ppxss 1168 45 0 44 5 4 1 1 0 8 0 pppxif 1472 6 0 5 4 3 1 1 0 8 0 pffrag 232 24 0 14 1 0 1 1 0 482 0 pffrnode 88 20 0 10 1 0 1 1 0 8 0 pffrent 40 44 0 34 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 236 0 116 1 0 1 1 0 8 0 pfstkey 128 236 0 116 4 0 4 4 0 8 0 pfstate 376 236 0 116 13 0 13 13 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 1238 0 1020 31 13 18 29 0 8 0 art_table 32 1243 0 1020 4 0 4 4 0 8 0 art_node 16 471 0 429 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 12 1 0 1 1 0 8 0 semupl 112 6 0 6 2 2 0 1 0 8 0 semapl 112 46 0 20 1 0 1 1 0 8 0 shmpl 112 240 0 8 7 0 7 7 0 8 0 dirhash 1024 66 0 49 3 0 3 3 0 8 0 dino2pl 256 7378 0 5854 96 0 96 96 0 8 0 ffsino 280 7378 0 5854 110 0 110 110 0 8 0 nchpl 144 12252 0 11705 63 40 23 63 0 8 0 rtmask 32 3 0 3 1 0 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 43897 0 43897 3 2 1 2 0 8 1 percpumem 16 122 0 75 1 0 1 1 0 8 0 kstatmem 264 152 0 128 4 2 2 3 0 8 0 scsiplug 72 11 0 11 6 6 0 1 0 8 0 scxspl 216 34726 0 34726 14 13 1 8 1 8 1 plimitpl 152 803 0 786 1 0 1 1 0 8 0 sigapl 424 3731 0 3658 10 1 9 9 0 8 0 futexpl 64 48701 0 48698 1 0 1 1 0 8 0 knotepl 120 779 0 0 24 0 24 24 0 8 0 kqueuepl 216 1261 0 1251 15 14 1 5 0 8 0 pipepl 328 561 0 531 11 8 3 8 0 8 0 fdescpl 504 3690 0 3658 5 0 5 5 0 8 0 filepl 152 25501 0 25212 32 19 13 19 0 8 1 lockfpl 104 1305 0 1303 3 2 1 2 0 8 0 lockfspl 48 513 0 511 1 0 1 1 0 8 0 sessionpl 144 60 0 49 1 0 1 1 0 8 0 pgrppl 48 160 0 141 1 0 1 1 0 8 0 ucredpl 104 4232 0 4219 1 0 1 1 0 8 0 zombiepl 144 3860 0 3858 1 0 1 1 0 8 0 processpl 1168 3731 0 3658 7 1 6 6 0 8 0 procpl 656 8936 0 8856 9 1 8 8 0 8 0 srpgc 96 14 0 14 5 5 0 1 0 8 0 sosppl 168 9 0 9 4 4 0 1 0 8 0 sockpl 688 6855 0 6754 41 31 10 16 0 8 0 mcl64k 65536 11 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 121 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 72 0 0 7 0 7 7 0 8 0 mtagpl 96 261 0 0 6 0 6 6 0 8 0 mbufpl 256 1325 0 0 82 0 82 82 0 8 0 bufpl 280 8431 0 2277 440 0 440 440 0 8 0 anonpl 24 431574 0 426966 87 40 47 54 0 184 7 amapchunkpl 152 107961 0 107411 51 25 26 30 0 158 3 amappl16 200 7643 0 7607 68 64 4 15 0 8 1 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 187 0 173 1 0 1 1 0 8 0 amappl13 176 23 0 23 2 2 0 1 0 8 0 amappl12 168 4512 0 4480 4 1 3 3 0 8 0 amappl11 160 68 0 54 1 0 1 1 0 8 0 amappl10 152 10 0 10 2 2 0 1 0 8 0 amappl9 144 281 0 281 1 1 0 1 0 8 0 amappl8 136 27 0 23 1 0 1 1 0 8 0 amappl7 128 152 0 137 1 0 1 1 0 8 0 amappl6 120 310 0 304 1 0 1 1 0 8 0 amappl5 112 162 0 152 1 0 1 1 0 8 0 amappl4 104 453 0 433 1 0 1 1 0 8 0 amappl3 96 22801 0 22686 4 0 4 4 0 8 0 amappl2 88 1118 0 1042 2 0 2 2 0 8 0 amappl1 80 25131 0 24397 18 2 16 17 0 8 0 amappl 88 32371 0 32194 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 33 0 33 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 4 4 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 242 0 8 5 0 5 5 0 8 0 uaddrrnd 24 3690 0 3657 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3689 0 3657 1 0 1 1 0 8 0 vmmpekpl 168 31358 0 31293 4 0 4 4 0 8 1 vmmpepl 168 230582 0 228479 134 29 105 112 0 357 10 vmsppl 456 3689 0 3657 6 1 5 5 0 8 0 rwobjpl 64 64665 0 57366 125 3 122 122 0 8 2 pdppl 4096 7387 0 7314 155 78 77 85 0 8 4 pvpl 32 17158 0 0 140 2 138 138 0 265 0 pmappl 248 3689 0 3657 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 465 0 133 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 witness_checkorder(ffff800001643030,9,0) at witness_checkorder+0x1b4 rw_do_enter_write(ffff800001643018,0) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233 unveil_delete_names(ffff800001643000) at unveil_delete_names+0x3d sys/kern/kern_unveil.c:102 unveil_destroy(ffff80002a46aff8) at unveil_destroy+0xbd sys/kern/kern_unveil.c:183 exit1(ffff80002f09f748,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002f09f748,ffff80003c5e8480,ffff80003c5e83d0) at sys_exit+0x1a syscall(ffff80003c5e8480) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c5e8480) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7bdf7e410260, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029a9bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8398e688) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8398e688) at __mp_lock+0x192 sys/kern/kern_lock.c:144 end trace frame: 0x0, count: -4