kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82c1e018,fffffd8067fea210) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd8067fea210) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd8067fea210,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8068a7f720,ffff80002e85d8c8) at soo_close+0x40 fdrop(fffffd8068a7f720,ffff80002e85d8c8) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 closef(fffffd8068a7f720,ffff80002e85d8c8) at closef+0x117 sys/kern/kern_descrip.c:1258 sys_socketpair(ffff80002e85d8c8,ffff80002ce223a8,ffff80002ce223f0) at sys_socketpair+0x333 sys/kern/uipc_syscalls.c:527 syscall(ffff80002ce22470) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x19d10a66280, count: -9 ddb> show registers rdi 0 rsi 0xfffffd8067fea768 rbp 0xffff80002ce22180 rbx 0x63bc4c57a2a7806d rdx 0 rcx 0xffffffff82cb0ad0 unp_head rax 0xffff80002e85d8c8 r8 0x7f7fffffc000 r9 0x22 r10 0xb0ff18547b392fd1 r11 0xa878bf4e428d97e5 r12 0xfffffd8067fea210 r13 0x22ac6efbcc5c4c31 r14 0xffffffff82c1e018 socket_pool r15 0xfffffd8067feaf90 rip 0xffffffff823672a5 pool_do_put+0x115 cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80002ce220d0 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.2) pid=451279 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002e847348,0xffffffff82cf3498 process=0xffff800027fb2fc8 user=0xffff80002ce1d000, vmspace=0xfffffd8075917ac8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 27254 281742 31073 0 2 0x10 syz-executor.2 27254 417527 31073 0 3 0x4000011 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 6423K 6746K 78643K 16583 0 pcb 13 22K 28K 78643K 928 0 rtable 200 15K 17K 78643K 2447 0 ifaddr 76 22K 24K 78643K 666 0 sysctl 2 0K 0K 78643K 10 0 counters 28 17K 17K 78643K 285 0 ioctlops 0 0K 2K 78643K 810 0 iov 0 0K 32K 78643K 768 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1452 91K 91K 78643K 5400 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 24 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 799 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 11 37K 77K 78643K 4597 0 sigio 0 0K 0K 78643K 85 0 proc 58 59K 75K 78643K 1818 0 subproc 104 6K 7K 78643K 686 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 439 0 in_multi 75 5K 7K 78643K 674 0 ether_multi 1 0K 0K 78643K 36 0 mrt 1 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 163 731K 731K 78643K 163 0 exec 0 0K 1K 78643K 1612 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 288 83K 94K 78643K 30158 0 UVM aobj 4 2K 2K 78643K 4 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 218 0 NDP 15 0K 1K 78643K 236 0 temp 139 5774K 6798K 78643K 63230 0 kqueue 12 18K 28K 78643K 395 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 457 0 454 5 4 1 3 0 8 0 rtentry 112 796 0 711 5 2 3 4 0 8 0 unpcb 144 4256 0 4240 47 44 3 8 0 8 2 syncache 296 40 0 40 10 9 1 1 0 8 1 tcpqe 32 84 0 84 8 7 1 1 0 8 1 tcpcb 776 5229 0 5221 91 77 14 14 0 8 13 arp 88 179 0 163 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 67 0 67 1 1 0 1 0 8 0 inpcb 336 12453 0 12444 136 123 13 20 0 8 11 nd6 48 156 0 137 1 0 1 1 0 8 0 pkpcb 40 76 0 76 4 4 0 1 0 8 0 kcovpl 48 50 0 42 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 0 1 1 0 8 1 ppxss 1160 168 0 168 12 11 1 1 0 8 1 pppxif 1360 58 0 58 10 9 1 1 0 8 1 pfstscr 40 11 0 10 1 0 1 1 0 8 0 pfosfp 40 80 0 77 1 0 1 1 0 8 0 pfosfpen 112 80 0 75 1 0 1 1 0 8 0 pfanchor 1280 779 5 267 47 4 43 43 0 8 0 pfqueue 264 72 0 72 3 3 0 1 0 8 0 pfstitem 24 6 0 5 1 0 1 1 0 8 0 pfstkey 128 15 0 9 1 0 1 1 0 8 0 pfstate 352 11 0 10 1 0 1 1 0 8 0 art_heap8 4096 4 0 3 4 3 1 2 0 8 0 art_heap4 256 2808 0 2463 41 15 26 31 0 8 2 art_table 32 2812 0 2466 4 0 4 4 0 8 0 art_node 16 788 0 714 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 7 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 797 0 787 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7789 0 6352 91 0 91 91 0 8 0 ffsino 240 7789 0 6352 85 0 85 85 0 8 0 nchpl 144 13828 0 12191 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 54714 0 54713 3 2 1 3 0 8 0 vmpool 664 16 0 16 3 2 1 1 0 8 1 kstatmem 264 270 0 244 3 1 2 3 0 8 0 scsiplug 72 3 0 3 3 3 0 1 0 8 0 scxspl 216 41305 0 41305 26 24 2 8 0 8 2 plimitpl 152 358 0 343 1 0 1 1 0 8 0 sigapl 424 4829 0 4768 9 1 8 8 0 8 0 futexpl 64 52108 0 52108 4 3 1 1 0 8 1 knotepl 120 55856 0 55776 38 28 10 10 0 8 5 kqueuepl 184 914 0 906 12 10 2 4 0 8 1 pipepl 288 1030 0 1002 21 15 6 7 0 8 3 fdescpl 432 4791 0 4768 7 3 4 4 0 8 0 filepl 120 41830 0 41593 77 62 15 17 0 8 6 lockfpl 104 1348 0 1346 4 3 1 2 0 8 0 lockfspl 48 388 0 386 1 0 1 1 0 8 0 sessionpl 144 68 0 53 1 0 1 1 0 8 0 pgrppl 48 83 0 68 1 0 1 1 0 8 0 ucredpl 104 6715 0 6704 1 0 1 1 0 8 0 zombiepl 144 4769 0 4768 2 1 1 1 0 8 0 processpl 1008 4829 0 4768 11 2 9 9 0 8 0 procpl 696 11259 0 11183 15 6 9 10 0 8 0 sosppl 168 54 0 54 10 9 1 1 0 8 1 sockpl 456 17244 0 17215 369 347 22 34 0 8 18 sockpl: pool(0xffffffff82c1e018:sockpl): free list modified: page 0xfffffd8067fea000; item ordinal 2; addr 0xfffffd8067fea932 (p 0xfffffd8067fea000); offset 0x0=0x4c313048567ff281 pool(sockpl): free list modified: page 0xfffffd8067fea000; item ordinal 2; addr 0xfffffd8067fea932 (p 0xfffffd8067fea000); offset 0x0=0x4110dead sockpl: pool(0xffffffff82c1e018:sockpl): page inconsistency: page 0xfffffd8067fea000; item ordinal 3; addr 0x63bc4c57a2a7806d mcl64k 65536 279 0 279 9 8 1 1 0 8 1 mcl16k 16384 132 0 132 13 12 1 1 0 8 1 mcl12k 12288 179 0 179 13 12 1 1 0 8 1 mcl9k 9216 74 0 74 11 10 1 1 0 8 1 mcl8k 8192 469 0 469 11 10 1 1 0 8 1 mcl4k 4096 558 0 558 8 7 1 1 0 8 1 mcl2k2 2112 43 0 43 13 12 1 1 0 8 1 mcl2k 2048 86466 0 86398 47 36 11 33 0 8 2 mtagpl 96 289 0 156 6 2 4 4 0 8 0 mbufpl 256 189977 0 189622 279 245 34 113 0 8 8 bufpl 288 11646 0 5249 458 0 458 458 0 8 0 anonpl 24 980966 0 964555 191 74 117 133 0 188 0 amapchunkpl 152 86036 0 85375 77 42 35 41 0 158 5 amappl16 200 11767 0 11158 102 68 34 46 0 8 1 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 335 0 321 2 0 2 2 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 909 0 906 1 0 1 1 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 80 0 67 1 0 1 1 0 8 0 amappl9 144 1002 0 1001 1 0 1 1 0 8 0 amappl8 136 341 0 272 3 0 3 3 0 8 0 amappl7 128 257 0 233 2 0 2 2 0 8 0 amappl6 120 354 0 341 2 1 1 2 0 8 0 amappl5 112 359 0 352 1 0 1 1 0 8 0 amappl4 104 1001 0 974 2 1 1 2 0 8 0 amappl3 96 12800 0 12753 2 0 2 2 0 8 0 amappl2 88 5509 0 5443 3 1 2 3 0 8 0 amappl1 80 108255 0 107607 29 13 16 26 0 8 0 amappl 88 29193 0 29036 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 4807 0 4784 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4807 0 4784 1 0 1 1 0 8 0 vmmpekpl 168 39252 0 39193 3 0 3 3 0 8 0 vmmpepl 168 463218 0 460771 245 107 138 150 0 357 14 vmsppl 344 4806 0 4784 3 0 3 3 0 8 0 rwobjpl 24 122725 0 115124 50 2 48 49 0 8 0 pdppl 4096 9620 0 9568 436 372 64 70 0 8 12 pvpl 32 2072640 0 2051106 411 215 196 361 0 265 0 pmappl 216 4806 0 4784 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1659 0 859 25 0 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82c1e018,fffffd8067fea210) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd8067fea210) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd8067fea210,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8068a7f720,ffff80002e85d8c8) at soo_close+0x40 fdrop(fffffd8068a7f720,ffff80002e85d8c8) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 closef(fffffd8068a7f720,ffff80002e85d8c8) at closef+0x117 sys/kern/kern_descrip.c:1258 sys_socketpair(ffff80002e85d8c8,ffff80002ce223a8,ffff80002ce223f0) at sys_socketpair+0x333 sys/kern/uipc_syscalls.c:527 syscall(ffff80002ce22470) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x19d10a66280, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82c1e018,fffffd8067fea210) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd8067fea210) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd8067fea210,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8068a7f720,ffff80002e85d8c8) at soo_close+0x40 fdrop(fffffd8068a7f720,ffff80002e85d8c8) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 closef(fffffd8068a7f720,ffff80002e85d8c8) at closef+0x117 sys/kern/kern_descrip.c:1258 sys_socketpair(ffff80002e85d8c8,ffff80002ce223a8,ffff80002ce223f0) at sys_socketpair+0x333 sys/kern/uipc_syscalls.c:527 syscall(ffff80002ce22470) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x19d10a66280, count: -9