kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82dab700,fffffd805c25ebf8) at pool_do_put+0x115 pool_put(ffffffff82dab700,fffffd805c25ebf8) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd805c25ebf8,0) at soclose+0x31e sys/kern/uipc_socket.c:459 sys_socketpair(ffff80002a63e2a8,ffff8000376317b0,ffff800037631700) at sys_socketpair+0x101 sys/kern/uipc_syscalls.c:535 syscall(ffff8000376317b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa647eaebe90, count: -6 ddb> show registers rdi 0xffff80002f522000 rsi 0x360 rbp 0xffff8000376315a0 rbx 0x6c752ecff2c5e4c1 rdx 0xffff80002f522000 rcx 0x35f rax 0xffffffff82682c23 pool_do_put+0x123 r8 0x90 r9 0 r10 0xd78650118267c519 r11 0xe38f101d4bc3dac5 r12 0xfffffd805c25ebf8 r13 0xc1343ef1390695a4 r14 0xffffffff82dab700 socket_pool r15 0xfffffd8072c24318 rip 0xffffffff82682c15 pool_do_put+0x115 cs 0x8 rflags 0x10217 __ALIGN_SIZE+0xf217 rsp 0xffff8000376314f0 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) tid=315287 pid=65465 tcnt=3 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6daf88,0xffff80002a63f9c8 process=0xffff800035bcdd80 user=0xffff80003762c000, vmspace=0xfffffd8056075038 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 91983 381096 26799 0 2 0x8000000 syz-executor.4 91983 346005 26799 0 3 0xc000080 fsleep syz-executor.4 91983 95194 26799 0 3 0xc000080 fsleep syz-executor.4 65465 54056 12602 0 2 0x8000000 syz-executor.0 65465 229097 12602 0 3 0xc000080 wsevent_read syz-executor.0 *65465 315287 12602 0 7 0xc000000 syz-executor.0 82115 60520 59447 0 2 0x8000000 syz-executor.3 82115 481892 59447 0 3 0xc000080 fsleep syz-executor.3 91144 522315 78557 0 3 0x8000001 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10181 6422K 6920K 166960K 12561 0 pcb 19 16K 17K 166960K 612 0 rtable 214 9K 9K 166960K 4403 0 pf 33 9K 10K 166960K 391 0 ifaddr 43 13K 14K 166960K 593 0 ifgroup 58 2K 2K 166960K 728 0 sysctl 4 1K 2K 166960K 18 0 counters 32 17K 17K 166960K 194 0 ioctlops 0 0K 2K 166960K 355 0 iov 0 0K 18K 166960K 199 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1474 93K 93K 166960K 4497 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 76K 166960K 107 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 457 0 dirhash 12 2K 2K 166960K 72 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 109K 166960K 5638 0 sigio 0 0K 0K 166960K 75 0 proc 58 59K 124K 166960K 4331 0 subproc 117 7K 9K 166960K 1794 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 625 0 in_multi 90 6K 7K 166960K 1593 0 ether_multi 2 0K 0K 166960K 9 0 mrt 2 0K 0K 166960K 30 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 2510 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 347 147K 160K 166960K 46071 0 UVM aobj 54 5K 5K 166960K 62 0 pinsyscall 39 78K 110K 166960K 10169 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 266 0 NDP 13 0K 2K 166960K 439 0 temp 79 6812K 6940K 166960K 87827 0 kqueue 13 20K 30K 166960K 589 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 740 0 736 5 0 5 5 0 8 4 rtentry 112 1554 0 1461 3 0 3 3 0 8 0 unpcb 144 3560 0 3542 9 3 6 6 0 8 5 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 96 0 96 1 1 0 1 0 8 0 tcpcb 808 1719 0 1710 9 1 8 8 0 8 6 arp 88 286 0 268 1 0 1 1 0 8 0 ipq 40 11 0 11 2 1 1 1 0 8 1 ipqe 40 119 0 119 2 1 1 1 0 8 1 inpcb 360 5090 0 5074 13 5 8 8 0 8 6 nd6 104 427 0 403 1 0 1 1 0 8 0 pkpcb 40 37 0 37 2 1 1 1 0 8 1 kcovpl 48 138 0 129 1 0 1 1 0 8 0 ppxss 1072 6 0 6 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 6332 0 5951 89 65 24 26 0 8 0 art_table 32 6333 0 5951 4 0 4 4 0 8 0 art_node 16 1548 0 1465 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 18 1 0 1 1 0 8 0 semapl 112 452 0 442 1 0 1 1 0 8 0 shmpl 112 59 0 8 2 0 2 2 0 8 0 dirhash 1024 57 0 40 3 0 3 3 0 8 0 dino2pl 256 8235 0 6702 97 0 97 97 0 8 0 ffsino 240 8235 0 6702 91 0 91 91 0 8 0 nchpl 144 14952 0 13210 66 0 66 66 0 8 0 uvmvnodes 80 9457 0 0 193 0 193 193 0 8 0 vnodes 216 9457 0 0 526 0 526 526 0 8 0 namei 1024 62240 0 62240 4 2 2 2 0 8 2 vcpupl 3904 42 0 0 6 0 6 6 0 8 0 vmpool 664 82 0 40 4 0 4 4 0 8 0 kstatmem 264 350 0 324 2 0 2 2 0 8 0 scsiplug 72 6 0 6 2 1 1 1 0 8 1 scxspl 216 105925 0 105925 9 7 2 8 1 8 2 plimitpl 152 876 0 858 1 0 1 1 0 8 0 sigapl 424 5721 0 5652 11 2 9 9 0 8 0 futexpl 64 65447 0 65441 2 1 1 1 0 8 0 knotepl 120 34038 0 33954 44 32 12 18 0 8 8 kqueuepl 184 1291 0 1281 6 2 4 4 0 8 3 pipepl 288 1032 0 1001 7 2 5 5 0 8 2 fdescpl 432 5659 0 5630 6 1 5 5 0 8 1 filepl 120 32467 0 32193 21 6 15 15 0 8 6 lockfpl 104 1101 0 1099 1 0 1 1 0 8 0 lockfspl 48 422 0 420 1 0 1 1 0 8 0 sessionpl 144 153 0 136 1 0 1 1 0 8 0 pgrppl 48 274 0 257 1 0 1 1 0 8 0 ucredpl 104 4720 0 4704 1 0 1 1 0 8 0 zombiepl 144 5655 0 5652 1 0 1 1 0 8 0 processpl 1072 5721 0 5652 7 1 6 6 0 8 0 procpl 656 10855 0 10762 10 1 9 9 0 8 0 sosppl 168 80 0 80 2 1 1 1 0 8 1 sockpl 504 9467 0 9428 89 77 12 35 0 8 6 sockpl: pool(0xffffffff82dab700:sockpl): free list modified: page 0xfffffd805c25e000; item ordinal 1; addr 0xfffffd805c25e223 (p 0xfffffd8072c24000); offset 0x0=0x2373b46705c568df pool(sockpl): free list modified: page 0xfffffd805c25e000; item ordinal 1; addr 0xfffffd805c25e223 (p 0xfffffd8072c24000); offset 0x0=0xad4110de sockpl: pool(0xffffffff82dab700:sockpl): page inconsistency: page 0xfffffd805c25e000; item ordinal 2; addr 0x6c752ecff2c5e4c1 mcl64k 65536 6 0 6 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 2 1 1 1 0 8 1 mcl12k 12288 7 0 7 2 1 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 56 0 56 2 1 1 1 0 8 1 mcl4k 4096 22 0 22 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 2 1 1 1 0 8 1 mcl2k 2048 49767 0 49655 52 30 22 40 0 8 7 mtagpl 96 22 0 22 2 1 1 1 0 8 1 mbufpl 256 143381 0 143138 261 235 26 111 0 8 5 bufpl 280 16353 0 6896 676 0 676 676 0 8 0 anonpl 24 733484 0 727149 138 71 67 116 0 188 10 amapchunkpl 152 146361 0 145650 60 20 40 48 0 158 9 amappl16 200 13802 0 13661 62 45 17 31 0 8 8 amappl15 192 15 0 15 1 1 0 1 0 8 0 amappl14 184 630 0 614 2 0 2 2 0 8 0 amappl13 176 21 0 21 2 1 1 1 0 8 1 amappl12 168 8200 0 8168 3 0 3 3 0 8 1 amappl11 160 59 0 49 1 0 1 1 0 8 0 amappl10 152 178 0 167 1 0 1 1 0 8 0 amappl9 144 182 0 182 1 1 0 1 0 8 0 amappl8 136 294 0 265 2 0 2 2 0 8 0 amappl7 128 71 0 58 1 0 1 1 0 8 0 amappl6 120 2147 0 2130 2 0 2 2 0 8 0 amappl5 112 671 0 659 1 0 1 1 0 8 0 amappl4 104 1385 0 1352 3 1 2 2 0 8 1 amappl3 96 27202 0 27113 3 0 3 3 0 8 0 amappl2 88 6388 0 6314 4 2 2 4 0 8 0 amappl1 80 34434 0 33914 24 10 14 22 0 8 1 amappl 88 44409 0 44191 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 61 0 8 1 0 1 1 0 8 0 uaddrrnd 24 5741 0 5670 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5741 0 5670 1 0 1 1 0 8 0 vmmpekpl 168 44150 0 44069 4 0 4 4 0 8 0 vmmpepl 168 380075 0 378115 125 26 99 111 0 357 7 vmsppl 344 5740 0 5670 8 0 8 8 0 8 0 rwobjpl 24 98810 0 88144 66 0 66 66 0 8 0 pdppl 4096 11488 0 11382 500 390 110 125 0 8 4 pvpl 32 2158572 0 2145848 426 248 178 361 0 265 51 pmappl 216 5740 0 5670 5 0 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1215 0 809 14 0 14 14 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82dab700,fffffd805c25ebf8) at pool_do_put+0x115 pool_put(ffffffff82dab700,fffffd805c25ebf8) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd805c25ebf8,0) at soclose+0x31e sys/kern/uipc_socket.c:459 sys_socketpair(ffff80002a63e2a8,ffff8000376317b0,ffff800037631700) at sys_socketpair+0x101 sys/kern/uipc_syscalls.c:535 syscall(ffff8000376317b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa647eaebe90, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82dab700,fffffd805c25ebf8) at pool_do_put+0x115 pool_put(ffffffff82dab700,fffffd805c25ebf8) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd805c25ebf8,0) at soclose+0x31e sys/kern/uipc_socket.c:459 sys_socketpair(ffff80002a63e2a8,ffff8000376317b0,ffff800037631700) at sys_socketpair+0x101 sys/kern/uipc_syscalls.c:535 syscall(ffff8000376317b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa647eaebe90, count: -6