kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace pool_do_put(ffffffff82a6e238,fffffd806dce5b88) at pool_do_put+0x115 pool_put(ffffffff82a6e238,fffffd806dce5b88) at pool_put+0x8b sys/kern/subr_pool.c:799 soclose(fffffd806dce5b88,0) at soclose+0x4ba sys/kern/uipc_socket.c:432 soo_close(fffffd8067b61698,ffff800021313510) at soo_close+0x40 fdrop(fffffd8067b61698,ffff800021313510) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 closef(fffffd8067b61698,ffff800021313510) at closef+0x11c sys/kern/kern_descrip.c:1258 syscall(ffff8000261d4ae0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff8000261d4ae0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x742950878f0, count: -8 ddb{1}> show registers rdi 0xffff800027c1b000 rsi 0x17f rbp 0xffff8000261d4890 rbx 0x3b0eff7a3040333e rdx 0xffff800027c1b000 rcx 0x17e rax 0xffffffff811040c3 pool_do_put+0x123 r8 0xffffffff81249df0 uvm_map_inentry_pc r9 0x1c r10 0x562ab76a1dd8eacc r11 0x850e29a4458ce5cc r12 0xfffffd806dce5b88 r13 0x94b052117fefa22c r14 0xffffffff82a6e238 socket_pool r15 0xfffffd806dce5f90 rip 0xffffffff811040b5 pool_do_put+0x115 cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff8000261d47e0 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb{1}> show proc PROC (syz-executor.3) pid=60840 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff8000213127f0,0xffff800021312aa0 process=0xffff8000ffff0018 user=0xffff8000261cf000, vmspace=0xfffffd806fd21b90 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65875 365640 30011 0 7 0 syz-executor.7 91798 263885 65343 0 2 0 syz-executor.3 *91798 60840 65343 0 7 0x4000000 syz-executor.3 58175 425316 13231 0 2 0x4081000 syz-executor.5 58175 215583 13231 0 2 0x4081000 syz-executor.5 58175 444304 13231 0 2 0x4081080 syz-executor.5 58175 67394 13231 0 3 0x4003000 suspend syz-executor.5 6220 426333 75224 0 2 0 syz-executor.0 65343 143428 39468 0 3 0x82 nanoslp syz-executor.3 68999 198486 39468 0 3 0x3 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10224 6509K 6954K 78643K 17958 0 pcb 13 20K 29K 78643K 10999 0 rtable 176 14K 15K 78643K 1370 0 ifaddr 72 16K 19K 78643K 455 0 sysctl 2 0K 2K 78643K 70 0 counters 56 35K 36K 78643K 524 0 ioctlops 0 0K 4K 78643K 1897 0 iov 0 0K 28K 78643K 554 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1437 90K 90K 78643K 4308 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 59 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 871 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 89K 78643K 4878 0 sigio 0 0K 0K 78643K 417 0 proc 70 91K 128K 78643K 1101 0 subproc 130 8K 8K 78643K 331 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 256 0 in_multi 72 4K 6K 78643K 375 0 ether_multi 1 0K 0K 78643K 9 0 mrt 1 0K 0K 78643K 12 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 175 784K 784K 78643K 175 0 exec 0 0K 1K 78643K 911 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 351 94K 103K 78643K 35923 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 170 0 NDP 13 0K 1K 78643K 150 0 temp 149 4699K 5714K 78643K 40942 0 kqueue 12 18K 26K 78643K 426 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 796 0 792 12 11 1 3 0 8 0 rtentry 112 381 0 307 4 0 4 4 0 8 0 unpcb 144 3566 0 3551 49 48 1 11 0 8 0 syncache 296 41 0 41 11 11 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 57 0 57 7 7 0 1 0 8 0 tcpcb 776 1388 0 1382 64 63 1 14 0 8 0 arp 120 55 0 43 1 0 1 1 0 8 0 inpcb 368 14720 0 14711 147 143 4 19 0 8 2 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 4 0 4 1 1 0 1 0 8 0 nd6 48 81 0 64 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 2 0 1 0 8 0 kcovpl 48 25 0 15 1 0 1 1 0 8 0 mppekey 1024 36 0 36 1 1 0 1 0 8 0 ppxss 1256 189 0 189 10 10 0 1 0 8 0 pppxif 1448 137 0 137 7 7 0 1 0 8 0 pffrag 232 61 0 61 3 3 0 1 0 482 0 pffrnode 88 61 0 61 3 3 0 1 0 8 0 pffrent 40 124 0 124 3 3 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1280 452 0 126 33 3 30 33 0 8 0 pfstitem 24 159 0 149 1 0 1 1 0 8 0 pfstkey 128 159 0 149 2 0 2 2 0 8 0 pfstate 384 159 0 149 8 5 3 4 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 4 0 4 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1763 0 1390 39 13 26 31 0 8 1 art_table 32 1764 0 1390 4 0 4 4 0 8 0 art_node 16 380 0 317 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 5 1 0 1 1 0 8 0 semapl 112 869 0 859 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7903 0 6449 92 0 92 92 0 8 0 ffsino 272 7903 0 6449 98 0 98 98 0 8 0 nchpl 144 14641 0 14156 63 39 24 63 0 8 0 rtmask 32 5 0 5 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 50693 0 50692 6 5 1 2 0 8 0 percpumem 16 274 0 234 1 0 1 1 0 8 0 vmpool 696 21 0 21 4 3 1 1 0 8 1 kstatmem 264 192 0 166 3 1 2 3 0 8 0 scxspl 216 47330 0 47329 29 28 1 8 0 8 0 plimitpl 152 725 0 707 1 0 1 1 0 8 0 sigapl 424 5173 0 5104 10 1 9 9 0 8 0 futexpl 64 47002 0 47002 6 5 1 1 0 8 1 knotepl 120 536 0 0 9 0 9 9 0 8 0 kqueuepl 216 925 0 917 15 14 1 5 0 8 0 pipepl 320 1510 0 1478 39 36 3 13 0 8 0 fdescpl 496 5134 0 5104 5 0 5 5 0 8 0 filepl 152 43656 0 43384 108 96 12 28 0 8 1 lockfpl 104 1010 0 1008 3 2 1 2 0 8 0 lockfspl 48 300 0 298 1 0 1 1 0 8 0 sessionpl 144 41 0 22 1 0 1 1 0 8 0 pgrppl 48 79 0 60 1 0 1 1 0 8 0 ucredpl 104 4365 0 4353 1 0 1 1 0 8 0 zombiepl 144 5105 0 5104 3 2 1 1 0 8 0 processpl 1072 5173 0 5104 5 0 5 5 0 8 0 procpl 672 14475 0 14382 15 6 9 10 0 8 0 srpgc 96 26 0 26 6 6 0 1 0 8 0 sosppl 168 35 0 34 8 7 1 1 0 8 0 sockpl 488 19148 0 19119 381 372 9 37 0 8 4 sockpl: pool(0xffffffff82a6e238:sockpl): free list modified: page 0xfffffd806dce5000; item ordinal 1; addr 0xfffffd806dce53eb (p 0xfffffd806dce5000); offset 0x0=0x21f59485fb8f70b1 pool(sockpl): free list modified: page 0xfffffd806dce5000; item ordinal 1; addr 0xfffffd806dce53eb (p 0xfffffd806dce5000); offset 0x0=0xafbeadde sockpl: pool(0xffffffff82a6e238:sockpl): page inconsistency: page 0xfffffd806dce5000; item ordinal 2; addr 0x3b0eff7a3040333e mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 34 0 0 2 0 2 2 0 8 0 mcl9k 9216 10 0 0 1 0 1 1 0 8 0 mcl8k 8192 26 0 0 4 1 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 592 0 0 64 11 53 64 0 8 0 mtagpl 96 772 0 0 17 0 17 17 0 8 0 mbufpl 256 1824 0 0 89 0 89 89 0 8 0 bufpl 288 11209 0 4877 453 0 453 453 0 8 0 anonpl 24 1135312 0 1116948 266 141 125 194 0 186 0 amapchunkpl 152 103888 0 103096 85 46 39 62 0 158 0 amappl16 200 12121 0 11565 81 45 36 43 0 8 0 amappl15 192 17 0 16 1 0 1 1 0 8 0 amappl14 184 205 0 187 2 1 1 2 0 8 0 amappl13 176 14 0 14 4 4 0 1 0 8 0 amappl12 168 614 0 610 1 0 1 1 0 8 0 amappl11 160 54 0 40 1 0 1 1 0 8 0 amappl10 152 59 0 43 1 0 1 1 0 8 0 amappl9 144 958 0 957 2 1 1 1 0 8 0 amappl8 136 384 0 296 4 0 4 4 0 8 0 amappl7 128 201 0 173 2 0 2 2 0 8 0 amappl6 120 253 0 235 1 0 1 1 0 8 0 amappl5 112 226 0 215 1 0 1 1 0 8 0 amappl4 104 746 0 713 2 1 1 2 0 8 0 amappl3 96 15129 0 15070 2 0 2 2 0 8 0 amappl2 88 5936 0 5852 4 2 2 3 0 8 0 amappl1 80 119483 0 118677 24 5 19 23 0 8 0 amappl 88 35153 0 34946 8 2 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 4 1 3 3 0 8 0 uaddrrnd 24 5155 0 5125 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5155 0 5125 1 0 1 1 0 8 0 vmmpekpl 168 46470 0 46400 4 0 4 4 0 8 0 vmmpepl 168 481163 0 478238 297 154 143 169 0 357 0 vmsppl 368 5154 0 5125 4 0 4 4 0 8 0 rwobjpl 56 135957 0 128021 120 5 115 117 0 8 0 pdppl 4096 10317 0 10250 382 307 75 81 0 8 8 pvpl 32 2249170 0 2224830 503 274 229 335 0 265 15 pmappl 248 5154 0 5125 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1405 0 494 27 0 27 27 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82924ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_const_cmp4(ffffffff82ae79e0,2) at __sanitizer_cov_trace_const_cmp4+0x7 sys/dev/kcov.c:224 pool_get(ffffffff82ae79e0,2) at pool_get+0xe9 sys/kern/subr_pool.c:582 pmap_enter(fffffd8065b4f200,b7c6aede000,6cfb2000,5,20) at pmap_enter+0x174 sys/arch/amd64/amd64/pmap.c:2687 uvm_fault_lower_lookup(ffff800031960ac0,ffff800031960af8,ffff800031960a40) at uvm_fault_lower_lookup+0x2a7 sys/uvm/uvm_fault.c:1193 uvm_fault_lower(ffff800031960ac0,ffff800031960af8,ffff800031960a40,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228 uvm_fault(fffffd806fd21740,b7c6aedc000,0,4) at uvm_fault+0x238 upageflttrap(ffff800031960c30,b7c6aedc560) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800031960c30) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7fffffb840, count: -12 ddb{0}> machine ddbcpu 1 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb{1}> trace pool_do_put(ffffffff82a6e238,fffffd806dce5b88) at pool_do_put+0x115 pool_put(ffffffff82a6e238,fffffd806dce5b88) at pool_put+0x8b sys/kern/subr_pool.c:799 soclose(fffffd806dce5b88,0) at soclose+0x4ba sys/kern/uipc_socket.c:432 soo_close(fffffd8067b61698,ffff800021313510) at soo_close+0x40 fdrop(fffffd8067b61698,ffff800021313510) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 closef(fffffd8067b61698,ffff800021313510) at closef+0x11c sys/kern/kern_descrip.c:1258 syscall(ffff8000261d4ae0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff8000261d4ae0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x742950878f0, count: -8