kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82c213a8,fffffd807df20010) at pool_do_put+0x115 pool_put(ffffffff82c213a8,fffffd807df20010) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd807df20010,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806bad13d8,ffff8000216f6b40) at soo_close+0x44 fdrop(fffffd806bad13d8,ffff8000216f6b40) at fdrop+0xcb sys/kern/kern_descrip.c:1274 sendit(ffff8000216f6b40,4,ffff800026598458,0,ffff800026598448) at sendit+0xfb sys/kern/uipc_syscalls.c:812 sys_sendmmsg(ffff8000216f6b40,ffff800026598530,ffff800026598580) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800026598600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb5041a577e0, count: -9 ddb> show registers rdi 0xffff80002b401000 rsi 0xeb0 rbp 0xffff8000265981a0 rbx 0x29caed5ad9312bff rdx 0xffff80002b401000 rcx 0xeaf rax 0xffffffff819f38f3 pool_do_put+0x123 r8 0x2c r9 0 r10 0x311d863578987d12 r11 0x6a5a6a421a23c2c2 r12 0xfffffd807df20010 r13 0x8474022152ce8ad0 r14 0xffffffff82c213a8 socket_pool r15 0xfffffd807df20f90 rip 0xffffffff819f38e5 pool_do_put+0x115 cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff8000265980f0 ss 0 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.6) pid=118414 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff8000216f6df8,0xffff8000216f6328 process=0xffff8000fffef3c0 user=0xffff800026593000, vmspace=0xfffffd806edfb5c8 estcpu=11, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 68220 313324 98236 0 2 0 syz-executor.1 68220 284192 98236 0 2 0x4000000 syz-executor.1 39883 511706 76526 0 2 0 syz-executor.5 39883 308458 76526 0 3 0x4000080 fsleep syz-executor.5 25530 165443 69753 0 2 0 syz-executor.3 25530 29483 69753 0 3 0x4000080 fsleep syz-executor.3 73416 419185 23481 0 3 0 vmmaplk syz-executor.7 73416 278677 23481 0 3 0x4000000 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10187 6426K 7680K 78643K 22295 0 pcb 13 14K 16K 78643K 458 0 rtable 239 7K 7K 78643K 1188 0 pf 29 8K 9K 78643K 283 0 ifaddr 43 12K 13K 78643K 197 0 ifgroup 50 2K 2K 78643K 458 0 sysctl 2 0K 0K 78643K 4 0 counters 28 17K 17K 78643K 126 0 ioctlops 0 0K 2K 78643K 671 0 iov 1 2K 18K 78643K 978 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1466 92K 92K 78643K 5949 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 113 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1369 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 81K 78643K 8917 0 sigio 0 0K 0K 78643K 1107 0 proc 58 59K 75K 78643K 1277 0 subproc 104 6K 6K 78643K 312 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 607 0 in_multi 99 7K 7K 78643K 317 0 ether_multi 1 0K 0K 78643K 10 0 mrt 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 157 705K 705K 78643K 157 0 exec 0 0K 1K 78643K 1665 0 pfkey data 0 0K 4K 78643K 991 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 393 95K 99K 78643K 83551 0 UVM aobj 131 4K 4K 78643K 138 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 162 0 NDP 11 0K 0K 78643K 157 0 temp 74 5864K 5988K 78643K 417175 0 kqueue 12 18K 24K 78643K 416 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 477 0 474 9 8 1 4 0 8 0 rtentry 112 377 0 266 4 0 4 4 0 8 0 unpcb 144 10656 0 10642 163 162 1 10 0 8 0 syncache 296 44 0 44 13 13 0 1 0 8 0 tcpqe 32 129 0 129 6 6 0 1 0 8 0 tcpcb 808 1790 0 1786 97 93 4 11 0 8 3 arp 88 50 0 32 1 0 1 1 0 8 0 ipq 40 11 0 10 10 9 1 1 0 8 0 ipqe 40 168 0 167 10 9 1 1 0 8 0 inpcb 336 4175 0 4168 153 144 9 12 0 8 8 nd6 104 87 0 62 1 0 1 1 0 8 0 pkpcb 40 7768 0 7767 16 15 1 2 0 8 0 kcovpl 48 24 0 16 1 0 1 1 0 8 0 ppxss 1160 21 0 21 7 7 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1279 0 812 34 4 30 31 0 8 0 art_table 32 1280 0 812 4 0 4 4 0 8 0 art_node 16 301 0 200 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 1 0 1 0 8 0 semapl 112 1366 0 1356 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13996 0 12500 94 0 94 94 0 8 0 ffsino 240 13996 0 12500 89 0 89 89 0 8 0 nchpl 144 27336 0 26804 63 41 22 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 86864 0 86864 8 7 1 3 0 8 1 kstatmem 264 218 0 196 2 0 2 2 0 8 0 scxspl 216 84808 0 84808 29 28 1 8 0 8 1 plimitpl 152 830 0 815 1 0 1 1 0 8 0 sigapl 424 9211 0 9145 8 0 8 8 0 8 0 futexpl 64 89967 0 89964 4 3 1 1 0 8 0 knotepl 120 75278 0 75198 9 6 3 5 0 8 0 kqueuepl 184 1210 0 1202 21 18 3 4 0 8 2 pipepl 288 3380 0 3352 91 88 3 9 0 8 0 fdescpl 432 9167 0 9140 4 0 4 4 0 8 0 filepl 120 67843 0 67600 222 211 11 20 0 8 3 lockfpl 104 4112 0 4109 7 6 1 2 0 8 0 lockfspl 48 1899 0 1896 1 0 1 1 0 8 0 sessionpl 144 41 0 25 1 0 1 1 0 8 0 pgrppl 48 71 0 55 1 0 1 1 0 8 0 ucredpl 104 9347 0 9327 1 0 1 1 0 8 0 zombiepl 144 9146 0 9145 3 2 1 1 0 8 0 processpl 1008 9211 0 9145 11 2 9 9 0 8 0 procpl 696 22329 0 22243 27 17 10 10 0 8 1 sosppl 168 95 0 95 16 16 0 1 0 8 0 sockpl 456 23370 0 23344 818 806 12 34 0 8 8 sockpl: pool(0xffffffff82c213a8:sockpl): free list modified: page 0xfffffd807df20000; item ordinal 1; addr 0xfffffd807df2056b (p 0xfffffd807df20000); offset 0x0=0x3c8de0301b5afd1e pool(sockpl): free list modified: page 0xfffffd807df20000; item ordinal 1; addr 0xfffffd807df2056b (p 0xfffffd807df20000); offset 0x0=0xadbeefde sockpl: pool(0xffffffff82c213a8:sockpl): page inconsistency: page 0xfffffd807df20000; item ordinal 2; addr 0x29caed5ad9312bff mcl64k 65536 338 0 338 51 51 0 1 0 8 0 mcl16k 16384 90 0 90 35 35 0 1 0 8 0 mcl12k 12288 311 0 311 46 45 1 1 0 8 1 mcl9k 9216 133 0 133 33 33 0 1 0 8 0 mcl8k 8192 958 0 957 29 28 1 1 0 8 0 mcl4k 4096 1259 0 1259 6 5 1 1 0 8 1 mcl2k2 2112 55 0 55 32 32 0 1 0 8 0 mcl2k 2048 79105 0 79058 44 37 7 29 0 8 0 mtagpl 96 2063 0 1387 26 5 21 21 0 8 0 mbufpl 256 211988 0 211190 687 628 59 279 0 8 0 bufpl 288 21016 0 14630 457 0 457 457 0 8 0 anonpl 24 908616 0 896561 208 120 88 106 0 188 0 amapchunkpl 152 263826 0 263008 150 115 35 44 0 158 1 amappl16 200 18418 0 18042 113 92 21 33 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 205 0 191 2 0 2 2 0 8 0 amappl13 176 10 0 10 2 2 0 1 0 8 0 amappl12 168 10043 0 10013 2 0 2 2 0 8 0 amappl11 160 48 0 37 1 0 1 1 0 8 0 amappl10 152 57 0 46 1 0 1 1 0 8 0 amappl9 144 202 0 202 8 8 0 2 0 8 0 amappl8 136 465 0 353 5 1 4 4 0 8 0 amappl7 128 110 0 91 1 0 1 1 0 8 0 amappl6 120 392 0 373 2 1 1 2 0 8 0 amappl5 112 359 0 353 1 0 1 1 0 8 0 amappl4 104 857 0 823 2 1 1 2 0 8 0 amappl3 96 52821 0 52737 9 6 3 3 0 8 0 amappl2 88 9629 0 9567 4 2 2 3 0 8 0 amappl1 80 42261 0 41749 22 11 11 22 0 8 0 amappl 88 82687 0 82455 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 9167 0 9140 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9167 0 9140 1 0 1 1 0 8 0 vmmpekpl 168 71393 0 71348 3 0 3 3 0 8 0 vmmpepl 168 550587 0 548356 261 154 107 123 0 357 0 vmsppl 368 9166 0 9140 3 0 3 3 0 8 0 rwobjpl 24 133314 0 125828 50 3 47 47 0 8 0 pdppl 4096 18340 0 18280 1116 1052 64 72 0 8 4 pvpl 32 2499617 0 2481804 508 345 163 338 0 265 0 pmappl 216 9166 0 9140 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3001 0 2174 31 6 25 30 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82c213a8,fffffd807df20010) at pool_do_put+0x115 pool_put(ffffffff82c213a8,fffffd807df20010) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd807df20010,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806bad13d8,ffff8000216f6b40) at soo_close+0x44 fdrop(fffffd806bad13d8,ffff8000216f6b40) at fdrop+0xcb sys/kern/kern_descrip.c:1274 sendit(ffff8000216f6b40,4,ffff800026598458,0,ffff800026598448) at sendit+0xfb sys/kern/uipc_syscalls.c:812 sys_sendmmsg(ffff8000216f6b40,ffff800026598530,ffff800026598580) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800026598600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb5041a577e0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82c213a8,fffffd807df20010) at pool_do_put+0x115 pool_put(ffffffff82c213a8,fffffd807df20010) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd807df20010,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806bad13d8,ffff8000216f6b40) at soo_close+0x44 fdrop(fffffd806bad13d8,ffff8000216f6b40) at fdrop+0xcb sys/kern/kern_descrip.c:1274 sendit(ffff8000216f6b40,4,ffff800026598458,0,ffff800026598448) at sendit+0xfb sys/kern/uipc_syscalls.c:812 sys_sendmmsg(ffff8000216f6b40,ffff800026598530,ffff800026598580) at sys_sendmmsg+0x344 sys/kern/uipc_syscalls.c:677 syscall(ffff800026598600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb5041a577e0, count: -9