kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82d2c698,fffffd8074d25720) at pool_do_put+0x115 pool_put(ffffffff82d2c698,fffffd8074d25720) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074d25720,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806f07bbc0,ffff8000216662b0) at soo_close+0x44 fdrop(fffffd806f07bbc0,ffff8000216662b0) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806f07bbc0,ffff8000216662b0) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff8000216662b0) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff8000216662b0,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff8000216662b0,ffff800026bc23f0,ffff800026bc2440) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800026bc24c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7b24050f70, count: -11 ddb> show registers rdi 0 rsi 0xfffffd8074d25391 rbp 0xffff800026bc2150 rbx 0xa187e51a75aafeb0 rdx 0 rcx 0xffffffff82d2d080 unp_head rax 0xffff8000216662b0 r8 0 r9 0 r10 0xe66252b9f9df031b r11 0xf685b6e83383265a r12 0xfffffd8074d25720 r13 0xc746e897ca28e62 r14 0xffffffff82d2c698 socket_pool r15 0xfffffd8074d25f90 rip 0xffffffff8162dab5 pool_do_put+0x115 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800026bc20a0 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.2) tid=356526 pid=26176 tcnt=1 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff8000216662b0 forw=0xffffffffffffffff, list=0xffff80002167c548,0xffff80002167b568 process=0xffff8000ffffabe0 user=0xffff800026bbd000, vmspace=0xfffffd8069b57b90 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 81194 51111 21573 0 2 0 syz-executor.7 81194 285400 21573 0 3 0x4000080 fsleep syz-executor.7 17256 299847 81744 0 2 0 syz-executor.1 17256 149810 81744 0 2 0x4000000 syz-executor.1 17256 314627 81744 0 3 0x4000000 inode syz-executor.1 38994 20523 30157 0 3 0x82 nanoslp syz-executor.2 3045 214472 30157 0 2 0x2 syz-executor.4 81744 341881 30157 0 3 0x82 nanoslp syz-executor.1 27105 153941 30157 0 3 0x3 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10170 6398K 7011K 78643K 15250 0 pcb 13 11K 13K 78643K 332 0 rtable 237 7K 7K 78643K 590 0 pf 29 8K 9K 78643K 127 0 ifaddr 43 11K 12K 78643K 107 0 ifgroup 50 2K 2K 78643K 196 0 sysctl 2 0K 0K 78643K 2 0 counters 28 17K 17K 78643K 68 0 ioctlops 0 0K 2K 78643K 58 0 iov 0 0K 16K 78643K 354 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1408 88K 88K 78643K 2652 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 37 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 582 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 69K 78643K 3309 0 sigio 0 0K 0K 78643K 197 0 proc 58 59K 75K 78643K 732 0 subproc 104 6K 6K 78643K 182 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 112 0 in_multi 99 7K 7K 78643K 205 0 ether_multi 1 0K 0K 78643K 7 0 mrt 2 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 1155 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 353 92K 97K 78643K 32905 0 UVM aobj 131 4K 4K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 176 0 NDP 11 0K 1K 78643K 79 0 temp 82 5912K 5992K 78643K 35225 0 kqueue 12 18K 30K 78643K 255 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 204 0 201 4 3 1 4 0 8 0 rtentry 112 180 0 70 4 0 4 4 0 8 0 unpcb 144 9950 0 9935 47 44 3 15 0 8 2 syncache 304 32 0 32 6 6 0 1 0 8 0 tcpqe 32 126 0 126 5 5 0 1 0 8 0 tcpcb 808 839 0 813 33 29 4 8 0 8 0 arp 88 30 0 12 1 0 1 1 0 8 0 ipq 40 5 0 5 2 2 0 1 0 8 0 ipqe 40 11 0 11 2 2 0 1 0 8 0 inpcb 336 2207 0 2177 43 38 5 12 0 8 0 nd6 104 42 0 18 1 0 1 1 0 8 0 pkpcb 40 15 0 15 3 3 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1160 16 0 16 5 4 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 726 0 264 29 0 29 29 0 8 0 art_table 32 727 0 264 4 0 4 4 0 8 0 art_node 16 176 0 76 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semapl 112 580 0 570 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5742 0 4286 92 0 92 92 0 8 0 ffsino 240 5742 0 4286 86 0 86 86 0 8 0 nchpl 144 10711 0 9063 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 37674 0 37674 4 3 1 3 0 8 1 kstatmem 264 102 0 80 2 0 2 2 0 8 0 scxspl 216 31638 0 31638 16 15 1 8 1 8 1 plimitpl 152 624 0 609 1 0 1 1 0 8 0 sigapl 424 3678 0 3637 8 1 7 8 0 8 0 futexpl 64 31245 0 31244 1 0 1 1 0 8 0 knotepl 120 38195 0 38115 26 23 3 18 0 8 0 kqueuepl 184 523 0 514 5 4 1 4 0 8 0 pipepl 288 1023 0 994 21 14 7 7 0 8 4 fdescpl 432 3581 0 3557 6 2 4 4 0 8 0 filepl 120 29946 0 29702 56 44 12 19 0 8 3 lockfpl 104 883 0 881 1 0 1 1 0 8 0 lockfspl 48 350 0 348 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 41 0 25 1 0 1 1 0 8 0 ucredpl 104 2610 0 2600 1 0 1 1 0 8 0 zombiepl 144 3638 0 3637 1 0 1 1 0 8 0 processpl 1008 3678 0 3637 9 2 7 9 0 8 0 procpl 680 8718 0 8660 13 5 8 9 0 8 0 sosppl 168 42 0 42 6 6 0 1 0 8 0 sockpl 456 12386 0 12337 313 298 15 52 0 8 5 sockpl: pool(0xffffffff82d2c698:sockpl): free list modified: page 0xfffffd8074d25000; item ordinal 0; addr 0xfffffd8074d25391 (p 0xfffffd8074d25000); offset 0x0=0x1a1c3c8cc7e5b172 pool(sockpl): free list modified: page 0xfffffd8074d25000; item ordinal 0; addr 0xfffffd8074d25391 (p 0xfffffd8074d25000); offset 0x0=0xaddeafbe sockpl: pool(0xffffffff82d2c698:sockpl): page inconsistency: page 0xfffffd8074d25000; item ordinal 1; addr 0xa187e51a75aafeb0 mcl64k 65536 117 0 117 7 6 1 1 0 8 1 mcl16k 16384 44 0 44 7 7 0 1 0 8 0 mcl12k 12288 117 0 117 7 6 1 1 0 8 1 mcl9k 9216 77 0 77 6 5 1 1 0 8 1 mcl8k 8192 283 0 283 5 4 1 1 0 8 1 mcl4k 4096 425 0 425 3 2 1 1 0 8 1 mcl2k2 2112 28 0 28 7 7 0 1 0 8 0 mcl2k 2048 71478 0 71428 33 25 8 25 0 8 0 mtagpl 96 289 0 231 6 3 3 5 0 8 0 mbufpl 256 151898 0 151693 276 252 24 64 0 8 0 bufpl 288 10653 0 4255 458 0 458 458 0 8 0 anonpl 24 472151 0 458409 132 45 87 107 0 188 1 amapchunkpl 152 104729 0 103922 57 20 37 39 0 158 2 amappl16 200 10583 0 10167 42 19 23 34 0 8 0 amappl15 192 18 0 17 1 0 1 1 0 8 0 amappl14 184 171 0 158 2 1 1 2 0 8 0 amappl13 176 10 0 9 1 0 1 1 0 8 0 amappl12 168 4321 0 4295 3 1 2 2 0 8 0 amappl11 160 50 0 40 1 0 1 1 0 8 0 amappl10 152 28 0 18 2 1 1 1 0 8 0 amappl9 144 129 0 129 1 1 0 1 0 8 0 amappl8 136 274 0 195 3 0 3 3 0 8 0 amappl7 128 65 0 53 1 0 1 1 0 8 0 amappl6 120 289 0 268 2 1 1 2 0 8 0 amappl5 112 239 0 231 1 0 1 1 0 8 0 amappl4 104 610 0 574 3 1 2 3 0 8 0 amappl3 96 21442 0 21372 5 2 3 3 0 8 0 amappl2 88 3934 0 3874 3 1 2 3 0 8 0 amappl1 80 21594 0 21099 22 10 12 22 0 8 0 amappl 88 32261 0 32048 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 3581 0 3557 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3581 0 3557 1 0 1 1 0 8 0 vmmpekpl 168 30679 0 30610 5 1 4 4 0 8 0 vmmpepl 168 228425 0 226343 160 57 103 114 0 357 0 vmsppl 368 3580 0 3557 3 0 3 3 0 8 0 rwobjpl 24 66273 0 58790 47 1 46 46 0 8 0 pdppl 4096 7168 0 7114 310 246 64 66 0 8 10 pvpl 32 1149202 0 1130338 400 238 162 358 0 265 2 pmappl 216 3580 0 3557 3 1 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1430 0 633 24 0 24 24 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82d2c698,fffffd8074d25720) at pool_do_put+0x115 pool_put(ffffffff82d2c698,fffffd8074d25720) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074d25720,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806f07bbc0,ffff8000216662b0) at soo_close+0x44 fdrop(fffffd806f07bbc0,ffff8000216662b0) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806f07bbc0,ffff8000216662b0) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff8000216662b0) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff8000216662b0,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff8000216662b0,ffff800026bc23f0,ffff800026bc2440) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800026bc24c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7b24050f70, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82d2c698,fffffd8074d25720) at pool_do_put+0x115 pool_put(ffffffff82d2c698,fffffd8074d25720) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074d25720,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806f07bbc0,ffff8000216662b0) at soo_close+0x44 fdrop(fffffd806f07bbc0,ffff8000216662b0) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806f07bbc0,ffff8000216662b0) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff8000216662b0) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff8000216662b0,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff8000216662b0,ffff800026bc23f0,ffff800026bc2440) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800026bc24c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7b24050f70, count: -11