witness: lock_object uninitialized: 0xffff800000e1b028 Starting stack trace... witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000e1b018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e1bStopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000e1b018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e1b000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000e1b000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000ffff2dd0) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff800022cacfc8,0,0,3) at exit1+0x3d5 sys/kern/kern_exit.c:225 single_thread_check_locked(ffff800022cacfc8,0,0) at single_thread_check_locked+0x227 sys/kern/kern_sig.c:1958 userret(ffff800022cacfc8) at userret+0x224 single_thread_check sys/kern/kern_sig.c:1999 [inline] userret(ffff800022cacfc8) at userret+0x224 sys/kern/kern_sig.c:1946 intr_user_exit() at intr_user_exit+0x3c end of kernel end trace frame: 0x7f7fffffada0, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800027be4490 rbx 0x3 rdx 0 rcx 0x1ee86 acpi_pdirpa+0xacee rax 0xffff800022cacfc8 r8 0xffff800027be4430 r9 0x8080808080808080 r10 0xaca8de1a406399d2 r11 0x5e5a570527b81684 r12 0xffff800000e1b001 r13 0xffff800000e1b028 r14 0 r15 0 rip 0xffffffff81410c88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027be4480 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.3) pid=119977 stat=onproc flags process=1008 proc=82000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800022cadce8,0xffffffff8283e338 process=0xffff8000ffff2dd0 user=0xffff800027bdf000, vmspace=0xfffffd8065ab1a18 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64233 408430 2351 0 2 0x480 syz-executor.1 64233 68861 2351 0 3 0x4000080 netcon syz-executor.1 64233 497184 2351 0 3 0x4000080 fsleep syz-executor.1 64233 162439 2351 0 3 0x4000080 fsleep syz-executor.1 45300 42261 27389 0 2 0x2 syz-executor.0 18984 387815 0 0 3 0x14200 acct acct 2351 463428 27389 0 2 0x482 syz-executor.1 34141 150771 27389 0 2 0x482 syz-executor.3 22430 321094 0 0 3 0x14280 nfsidl nfsio 30198 395674 0 0 3 0x14280 nfsidl nfsio 2767 369603 0 0 3 0x14280 nfsidl nfsio 7582 165537 0 0 3 0x14280 nfsidl nfsio 33213 136466 0 0 3 0x14280 nfsidl nfsio 67780 311720 0 0 3 0x14280 nfsidl nfsio 49928 496599 0 0 3 0x14280 nfsidl nfsio 7992 197153 0 0 3 0x14280 nfsidl nfsio 84853 210440 0 0 3 0x14280 nfsidl nfsio 91236 501871 0 0 3 0x14280 nfsidl nfsio 2522 186226 0 0 3 0x14280 nfsidl nfsio 88117 37107 0 0 3 0x14280 nfsidl nfsio 14284 347674 0 0 3 0x14280 nfsidl nfsio 45184 22020 0 0 3 0x14280 nfsidl nfsio 13826 466180 0 0 3 0x14280 nfsidl nfsio 80705 119076 0 0 3 0x14280 nfsidl nfsio 4707 469921 0 0 3 0x14280 nfsidl nfsio 76282 131158 0 0 3 0x14280 nfsidl nfsio 94480 163557 0 0 3 0x14280 nfsidl nfsio 16652 371641 0 0 3 0x14280 nfsidl nfsio 29702 295662 0 0 3 0x14200 bored sosplice 27389 16365 14435 0 3 0x82 thrsleep syz-fuzzer 27389 510446 14435 0 2 0x4000482 syz-fuzzer 27389 29521 14435 0 3 0x4000082 thrsleep syz-fuzzer 27389 140582 14435 0 3 0x4000082 thrsleep syz-fuzzer 27389 320942 14435 0 3 0x4000082 thrsleep syz-fuzzer 27389 260241 14435 0 3 0x4000082 kqread syz-fuzzer 27389 463422 14435 0 3 0x4000082 thrsleep syz-fuzzer 27389 19946 14435 0 2 0x4000482 syz-fuzzer 27389 43849 14435 0 3 0x4000082 thrsleep syz-fuzzer 14435 136954 67009 0 3 0x10008a sigsusp ksh 67009 183735 27759 0 3 0x9a poll sshd 65407 447553 1 0 3 0x100083 ttyin getty 27759 392867 1 0 3 0x88 poll sshd 29774 151842 82631 74 3 0x100092 bpf pflogd 82631 232661 1 0 3 0x80 netio pflogd 75585 32818 52515 73 3 0x100090 kqread syslogd 52515 218842 1 0 3 0x100082 netio syslogd 27273 23759 1 0 3 0x100080 kqread resolvd 50370 164158 11823 77 3 0x100092 kqread dhcpleased 36113 17688 11823 77 3 0x100092 kqread dhcpleased 11823 504158 1 0 3 0x80 kqread dhcpleased 96724 464526 0 0 3 0x14200 bored smr 77913 425198 0 0 2 0x14200 zerothread 17574 213235 0 0 3 0x14200 aiodoned aiodoned 28244 167914 0 0 3 0x14200 syncer update 71078 19121 0 0 3 0x14200 cleaner cleaner 88742 291496 0 0 2 0x14200 reaper 38284 442763 0 0 3 0x14200 pgdaemon pagedaemon 84964 76402 0 0 3 0x14200 bored viomb 62603 426289 0 0 3 0x40014200 acpi0 acpi0 75301 8878 0 0 7 0x40014200 idle1 569 496980 0 0 3 0x14200 bored softnet 59293 398435 0 0 3 0x14200 bored systqmp 75214 149215 0 0 3 0x14200 bored systq 30321 483842 0 0 2 0x40014200 softclock 47924 108640 0 0 3 0x40014200 idle0 1 487317 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 45300 (syz-executor.0) thread 0xffff80002123da40 (42261) exclusive rrwlock inode r = 0 (0xfffffd806e89b1b8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vget+0x1d3 sys/kern/vfs_subr.c:677 #6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318 #8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487 #9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561 #11 namei+0x36a sys/kern/vfs_lookup.c:245 #12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1849 #13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd80682dff78) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1849 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 Process 88742 (reaper) thread 0xffff8000211497a0 (291496) exclusive rwlock kmmaplk r = 0 (0xffffffff8298b1a0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvm_unmap+0x78 sys/uvm/uvm_map.c:2068 #4 uvm_uarea_free+0x35 sys/uvm/uvm_glue.c:287 #5 reaper+0x158 sys/kern/kern_exit.c:451 #6 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10201 6500K 7302K 78643K 34187 0 pcb 13 20K 25K 78643K 5303 0 rtable 163 23K 25K 78643K 4682 0 ifaddr 68 19K 23K 78643K 1943 0 sysctl 2 0K 2K 78643K 9 0 counters 46 34K 35K 78643K 466 0 ioctlops 0 0K 4K 78643K 10713 0 iov 0 0K 28K 78643K 2037 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1427 90K 90K 78643K 15791 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 167 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 2275 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 6 17K 49K 78643K 17516 0 sigio 0 0K 0K 78643K 51 0 proc 81 111K 124K 78643K 2887 0 subproc 39 2K 3K 78643K 893 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1136 0 in_multi 41 2K 3K 78643K 1489 0 ether_multi 1 0K 0K 78643K 278 0 mrt 1 0K 0K 78643K 59 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 271 1208K 1208K 78643K 271 0 exec 0 0K 2K 78643K 3919 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 528 1234K 1243K 78643K 217277 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 2381 0 NDP 7 0K 1K 78643K 375 0 temp 104 4229K 8299K 78643K 168406 0 kqueue 10 14K 22K 78643K 728 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1160 0 1157 17 16 1 3 0 8 0 rtentry 112 946 0 899 2 0 2 2 0 8 0 unpcb 136 10133 0 10118 130 127 3 6 0 8 2 syncache 296 43 0 43 13 13 0 1 0 8 0 tcpqe 32 16 0 16 5 5 0 1 0 8 0 tcpcb 736 7246 0 7240 245 243 2 19 0 8 1 arp 120 142 0 135 1 0 1 1 0 8 0 inpcb 304 20376 0 20368 311 309 2 14 0 8 1 rttmr 72 14 0 14 5 5 0 1 0 8 0 nd6 48 239 0 229 1 0 1 1 0 8 0 pkpcb 40 49 0 49 9 9 0 1 0 8 0 kcovpl 48 68 0 65 1 0 1 1 0 8 0 ppxss 1248 44 0 44 10 10 0 1 0 8 0 pfstscr 40 221 0 221 14 14 0 1 0 8 0 pffrag 232 116 0 116 13 13 0 1 0 482 0 pffrnode 88 116 0 116 13 13 0 1 0 8 0 pffrent 40 1288 0 1288 16 16 0 1 0 8 0 pfosfp 40 1441 0 1016 5 0 5 5 0 8 0 pfosfpen 112 1441 0 723 21 0 21 21 0 8 0 pfrktable 1344 807 0 786 19 17 2 3 0 8 0 pftag 88 70 0 67 4 3 1 1 0 8 0 pfstitem 24 169 0 167 1 0 1 1 0 8 0 pfstkey 112 522 0 520 2 1 1 2 0 8 0 pfstate 320 337 0 335 4 3 1 3 0 8 0 pfsrctr 152 9 0 9 3 3 0 1 0 8 0 pfrule 1360 1284 0 1155 14 3 11 11 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 4276 0 4072 33 15 18 19 0 8 2 art_table 32 4278 0 4073 7 4 3 3 0 8 0 art_node 16 913 0 874 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 2270 0 2260 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 28940 0 27469 93 0 93 93 0 8 0 ffsino 272 28940 0 27469 99 0 99 99 0 8 0 nchpl 144 51107 0 49509 61 0 61 61 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 203583 0 203583 7 6 1 1 0 8 1 percpumem 16 245 0 210 1 0 1 1 0 8 0 vcpupl 2048 152 0 0 19 0 19 19 0 8 0 vmpool 560 168 0 16 11 0 11 11 0 8 0 pfiaddrpl 120 248 0 201 14 12 2 2 0 8 0 scsiplug 72 7 0 7 3 3 0 1 0 8 0 scxspl 216 143746 0 143746 20 19 1 8 0 8 1 plimitpl 152 1807 0 1796 1 0 1 1 0 8 0 sigapl 424 17587 0 17531 7 0 7 7 0 8 0 futexpl 64 167042 0 167040 9 8 1 1 0 8 0 knotepl 112 170 0 0 3 0 3 3 0 8 0 kqueuepl 216 2870 0 2859 58 57 1 5 0 8 0 pipepl 336 2810 0 2797 71 69 2 7 0 8 0 fdescpl 496 17548 0 17529 4 1 3 4 0 8 0 filepl 152 146079 0 145943 278 268 10 17 0 8 4 lockfpl 104 4846 0 4844 13 12 1 4 0 8 0 lockfspl 48 1391 0 1389 1 0 1 1 0 8 0 sessionpl 144 84 0 72 1 0 1 1 0 8 0 pgrppl 48 172 0 160 1 0 1 1 0 8 0 ucredpl 96 41606 0 41592 1 0 1 1 0 8 0 zombiepl 144 20012 0 20011 2 1 1 1 0 8 0 processpl 1064 17587 0 17531 4 0 4 4 0 8 0 procpl 672 46779 0 46711 24 17 7 8 0 8 0 srpgc 96 84 0 84 17 16 1 1 0 8 1 sosppl 168 115 0 115 23 23 0 1 0 8 0 sockpl 480 31809 0 31783 732 720 12 36 0 8 8 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 22 0 0 3 1 2 3 0 8 0 mcl12k 12288 29 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 49 0 0 6 3 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 445 0 0 21 2 19 21 0 8 0 mtagpl 96 988 0 0 11 3 8 11 0 8 0 mbufpl 256 2225 0 0 92 0 92 92 0 8 0 bufpl 288 33483 0 27138 454 0 454 454 0 8 0 anonpl 24 4927656 0 4907441 441 281 160 171 0 186 6 amapchunkpl 152 553660 0 552803 185 148 37 45 0 158 0 amappl16 200 47348 0 46458 219 171 48 59 0 8 0 amappl15 192 3019 0 3016 1 0 1 1 0 8 0 amappl14 184 1912 0 1911 5 4 1 1 0 8 0 amappl13 176 2399 0 2397 1 0 1 1 0 8 0 amappl12 168 2070 0 2063 1 0 1 1 0 8 0 amappl11 160 2833 0 2817 1 0 1 1 0 8 0 amappl10 152 3156 0 3149 1 0 1 1 0 8 0 amappl9 144 1538 0 1534 1 0 1 1 0 8 0 amappl8 136 3759 0 3658 4 0 4 4 0 8 0 amappl7 128 2357 0 2343 1 0 1 1 0 8 0 amappl6 120 1618 0 1595 1 0 1 1 0 8 0 amappl5 112 16180 0 16160 1 0 1 1 0 8 0 amappl4 104 6962 0 6930 1 0 1 1 0 8 0 amappl3 96 4275 0 4256 1 0 1 1 0 8 0 amappl2 88 5000 0 4926 2 0 2 2 0 8 0 amappl1 80 312766 0 312284 14 3 11 13 0 8 0 amappl 88 215392 0 215109 8 0 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 17716 0 17544 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17716 0 17544 2 0 2 2 0 8 0 vmmpekpl 168 111824 0 111754 4 0 4 4 0 8 0 vmmpepl 168 1606940 0 1604201 642 484 158 158 0 357 29 vmsppl 368 17715 0 17544 16 0 16 16 0 8 0 rwobjpl 56 380980 0 373023 146 31 115 116 0 8 0 pdppl 4096 35440 0 35240 274 68 206 206 0 8 6 pvpl 32 8212221 0 8193013 677 463 214 256 0 265 15 pmappl 248 17715 0 17544 12 1 11 11 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1461 0 413 31 0 31 31 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline] witness_checkorder(ffff800000e1b028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772 rw_enter_write(ffff800000e1b018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128 unveil_delete_names(ffff800000e1b000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline] unveil_delete_names(ffff800000e1b000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100 unveil_destroy(ffff8000ffff2dd0) at unveil_destroy+0xad sys/kern/kern_unveil.c:191 exit1(ffff800022cacfc8,0,0,3) at exit1+0x3d5 sys/kern/kern_exit.c:225 single_thread_check_locked(ffff800022cacfc8,0,0) at single_thread_check_locked+0x227 sys/kern/kern_sig.c:1958 userret(ffff800022cacfc8) at userret+0x224 single_thread_check sys/kern/kern_sig.c:1999 [inline] userret(ffff800022cacfc8) at userret+0x224 sys/kern/kern_sig.c:1946 intr_user_exit() at intr_user_exit+0x3c end of kernel end trace frame: 0x7f7fffffada0, count: -9 ddb{0}> machine ddbcpu 1 000) at unveil_dStelete_names+0x30o unveil_destroyp(ffff8000ffff2dd0) at unveil_destproy+0xad exit1(ffff800022cacfce8,0,0,3) at exitd1+0x3d5 single_ thread_check_lockaed(ffff800022cactfc8,0,0) at single_thread_check_ locked+0x227 u serret(ffff800022 cacfc8) at userr et+0x224 intr_user_exit() at i ntr_user_exit+0x3c end of kernelx end trace fra8me: 0x7f7fffffad6a0, count: 249 _End of stack traice. pi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5