syzbot

panic: pool_do_get: rttmr free list modified: page 0xfffffd8064e6e000; item addr 0xfffffd8064e6eee8; offset 0x20=0x838d8b50
Starting stack trace...
panic(ffffffff833789b3) at panic+0x1ba sys/kern/subr_prf.c:229
pool_do_get(ffffffff838dd990,a,ffff80003810f758) at pool_do_get+0x5bc
pool_get(ffffffff838dd990,a) at pool_get+0x11a sys/kern/subr_pool.c:-1
rt_timer_add(fffffd8074120e58,ffffffff83886218,0) at rt_timer_add+0x4e sys/net/route.c:-1
mf6c_add_route(ffff800000b3f000,0,ffff80003810f890,ffff80003810f950,1) at mf6c_add_route+0xad sys/netinet6/ip6_mroute.c:728
mf6c_update(ffff80003810f950,1,0) at mf6c_update+0x8ae sys/netinet6/ip6_mroute.c:833
mf6c_add(fffffd8073f80520,fffffd8073f80528,fffffd8073f80544,1,0,1) at mf6c_add+0x2e5 sys/netinet6/ip6_mroute.c:860
sosetopt(ffff80000158b5b8,29,68,fffffd8073f80500) at sosetopt+0x118 sys/kern/uipc_socket.c:-1
sys_setsockopt(ffff80003c940550,ffff80003810fbc0,ffff80003810fb10) at sys_setsockopt+0x2b9 sys/kern/uipc_syscalls.c:1227
syscall(ffff80003810fbc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003810fbc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8978b528e20, count: 246
End of stack trace.
syncing disks...
set $lines = 0
set $maxwidth = 0
show panic
trace
show registers
show proc
ps
show all locks
show malloc
show all pools
machine ddbcpu 0
trace
machine ddbcpu 1
trace