kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82ce18f8,fffffd8074a02940) at pool_do_put+0x115 pool_put(ffffffff82ce18f8,fffffd8074a02940) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074a02940,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806226a780,ffff800021702e78) at soo_close+0x44 fdrop(fffffd806226a780,ffff800021702e78) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806226a780,ffff800021702e78) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff800021702e78) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff800021702e78,0,0,1) at exit1+0x35d sys/kern/kern_exit.c:197 sys_exit(ffff800021702e78,ffff80002e8c0530,ffff80002e8c0580) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e8c0600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74b9ce2d27c0, count: -11 ddb> show registers rdi 0 rsi 0xfffffd8074a02778 rbp 0xffff80002e8c02a0 rbx 0xae529a43e0194270 rdx 0 rcx 0x1 rax 0xffff800021702e78 r8 0 r9 0 r10 0x2eb1b6cf0847a061 r11 0x649eb01102c87c15 r12 0xfffffd8074a02940 r13 0xbe1376c8a8c52772 r14 0xffffffff82ce18f8 socket_pool r15 0xfffffd8074a02f90 rip 0xffffffff826f6045 pool_do_put+0x115 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002e8c01f0 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.3) pid=363435 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800021702908,0xffff800021702bd0 process=0xffff8000265853b0 user=0xffff80002e8bb000, vmspace=0xfffffd8069b9c010 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89828 345054 42018 60928 2 0x10 syz-executor.0 89828 435020 42018 60928 3 0x4000090 fsleep syz-executor.0 95296 302341 74142 0 2 0x2 syz-executor.5 12379 426863 74142 0 3 0x82 nanoslp syz-executor.3 7489 238051 74142 0 2 0x2 syz-executor.2 85534 384411 74142 0 3 0x3 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 6508K 8812K 78643K 137918 0 pcb 13 26K 30K 78643K 3245 0 rtable 243 7K 7K 78643K 4698 0 pf 34 9K 10K 78643K 1277 0 ifaddr 45 19K 23K 78643K 970 0 ifgroup 59 2K 2K 78643K 2080 0 sysctl 3 1K 3K 78643K 354 0 counters 30 17K 17K 78643K 575 0 ioctlops 0 0K 2K 78643K 1002 0 iov 0 0K 32K 78643K 5583 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1735 108K 109K 78643K 39509 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 3 5K 9K 78643K 572 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 5382 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 73K 78643K 58956 0 sigio 0 0K 0K 78643K 1807 0 proc 58 59K 75K 78643K 5868 0 subproc 104 6K 7K 78643K 1740 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2471 0 in_multi 99 7K 7K 78643K 1809 0 ether_multi 1 0K 0K 78643K 58 0 mrt 1 0K 0K 78643K 18 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 12928 0 pfkey data 0 0K 1K 78643K 159 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 517 103K 115K 78643K 539325 0 UVM aobj 131 4K 4K 78643K 143 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1220 0 NDP 13 0K 1K 78643K 818 0 temp 74 5868K 38641K 78643K 465738 0 kqueue 12 18K 34K 78643K 4103 0 SYN cache 2 16K 24K 78643K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2253 0 2250 25 24 1 3 0 8 0 rtentry 112 1567 0 1454 4 0 4 4 0 8 0 unpcb 144 47032 0 47019 422 421 1 11 0 8 0 syncache 296 331 0 331 65 65 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 312 0 312 42 42 0 1 0 8 0 tcpcb 808 22695 0 22689 603 602 1 21 0 8 0 arp 88 262 0 244 1 0 1 1 0 8 0 ipq 40 54 0 54 25 25 0 1 0 8 0 ipqe 40 409 0 409 25 25 0 1 0 8 0 inpcb 336 192226 0 192219 2052 2051 1 35 0 8 0 nd6 104 417 0 390 1 0 1 1 0 8 0 pkpcb 40 151 0 151 21 21 0 1 0 8 0 kcovpl 48 130 0 122 1 0 1 1 0 8 0 ppxss 1160 156 0 156 42 42 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 6026 0 5537 36 5 31 31 0 8 0 art_table 32 6027 0 5537 4 0 4 4 0 8 0 art_node 16 1479 0 1376 1 0 1 1 0 8 0 sysvmsgpl 40 57 0 33 1 0 1 1 0 8 0 semapl 112 5380 0 5370 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 79637 0 77721 121 0 121 121 0 8 0 ffsino 240 79637 0 77721 113 0 113 113 0 8 0 nchpl 144 161569 0 161075 64 42 22 63 0 8 0 uvmvnodes 80 14628 0 0 299 0 299 299 0 8 0 vnodes 216 14628 0 0 813 0 813 813 0 8 0 namei 1024 545220 0 545217 26 25 1 3 0 8 0 kstatmem 264 1116 0 1090 4 2 2 3 0 8 0 scxspl 216 500418 0 500418 115 114 1 8 1 8 1 plimitpl 152 8402 0 8387 1 0 1 1 0 8 0 sigapl 424 60621 0 60559 11 3 8 8 0 8 0 futexpl 64 646932 0 646931 16 15 1 1 0 8 0 knotepl 120 499903 0 499829 73 70 3 9 0 8 0 kqueuepl 184 9330 0 9322 128 127 1 7 0 8 0 pipepl 288 13305 0 13280 282 279 3 11 0 8 0 fdescpl 432 58995 0 58972 4 0 4 4 0 8 0 filepl 120 509839 0 509609 598 589 9 23 0 8 0 lockfpl 104 27597 0 27595 41 40 1 2 0 8 0 lockfspl 48 11295 0 11293 1 0 1 1 0 8 0 sessionpl 144 149 0 133 1 0 1 1 0 8 0 pgrppl 48 638 0 622 1 0 1 1 0 8 0 ucredpl 104 58599 0 58576 1 0 1 1 0 8 0 zombiepl 144 60563 0 60559 10 9 1 1 0 8 0 processpl 1008 60621 0 60559 16 7 9 9 0 8 0 procpl 696 147255 0 147178 54 45 9 11 0 8 0 sosppl 168 609 0 609 74 74 0 1 0 8 0 sockpl 456 241895 0 241871 5353 5349 4 54 0 8 0 sockpl: pool(0xffffffff82ce18f8:sockpl): free list modified: page 0xfffffd8074a02000; item ordinal 2; addr 0xfffffd8074a02221 (p 0xfffffd8074a02000); offset 0x0=0xc24314513b5f69ed pool(sockpl): free list modified: page 0xfffffd8074a02000; item ordinal 2; addr 0xfffffd8074a02221 (p 0xfffffd8074a02000); offset 0x0=0x10dead41 sockpl: pool(0xffffffff82ce18f8:sockpl): page inconsistency: page 0xfffffd8074a02000; item ordinal 3; addr 0xae529a43e0194270 mcl64k 65536 2266 0 2266 76 76 0 1 0 8 0 mcl16k 16384 970 0 970 99 98 1 1 0 8 1 mcl12k 12288 2395 0 2395 72 72 0 1 0 8 0 mcl9k 9216 1164 0 1164 95 95 0 1 0 8 0 mcl8k 8192 4517 0 4517 65 65 0 1 0 8 0 mcl4k 4096 6163 0 6163 52 51 1 2 0 8 1 mcl2k2 2112 391 0 391 107 107 0 1 0 8 0 mcl2k 2048 187677 0 187627 112 104 8 31 0 8 0 mtagpl 96 14891 0 14569 81 67 14 40 0 8 0 mbufpl 256 972579 0 972143 1945 1891 54 142 0 8 1 bufpl 288 109877 0 95249 1045 0 1045 1045 0 8 0 anonpl 24 5313737 0 5300399 301 193 108 131 0 188 0 amapchunkpl 152 1706445 0 1705675 328 293 35 49 0 158 1 amappl16 200 116046 0 115622 780 756 24 48 0 8 0 amappl15 192 25 0 25 5 5 0 1 0 8 0 amappl14 184 618 0 602 2 1 1 2 0 8 0 amappl13 176 66 0 65 1 0 1 1 0 8 0 amappl12 168 61467 0 61441 2 0 2 2 0 8 0 amappl11 160 59 0 48 1 0 1 1 0 8 0 amappl10 152 225 0 215 1 0 1 1 0 8 0 amappl9 144 397 0 397 28 28 0 2 0 8 0 amappl8 136 2487 0 2195 12 1 11 11 0 8 0 amappl7 128 383 0 362 1 0 1 1 0 8 0 amappl6 120 1415 0 1390 2 1 1 2 0 8 0 amappl5 112 1740 0 1734 1 0 1 1 0 8 0 amappl4 104 2887 0 2846 2 0 2 2 0 8 0 amappl3 96 337930 0 337862 3 0 3 3 0 8 0 amappl2 88 61191 0 61131 4 2 2 3 0 8 0 amappl1 80 227163 0 226663 23 11 12 22 0 8 0 amappl 88 536717 0 536496 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 58995 0 58972 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 58995 0 58972 1 0 1 1 0 8 0 vmmpekpl 168 411558 0 411495 4 0 4 4 0 8 0 vmmpepl 168 3422900 0 3420593 406 270 136 141 0 357 0 vmsppl 368 58994 0 58972 3 0 3 3 0 8 0 rwobjpl 24 779894 0 763482 114 14 100 100 0 8 0 pdppl 4096 117996 0 117944 1933 1873 60 68 0 8 8 pvpl 32 15247529 0 15228679 945 754 191 303 0 265 0 pmappl 216 58994 0 58972 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 8570 0 7122 45 1 44 44 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82ce18f8,fffffd8074a02940) at pool_do_put+0x115 pool_put(ffffffff82ce18f8,fffffd8074a02940) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074a02940,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806226a780,ffff800021702e78) at soo_close+0x44 fdrop(fffffd806226a780,ffff800021702e78) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806226a780,ffff800021702e78) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff800021702e78) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff800021702e78,0,0,1) at exit1+0x35d sys/kern/kern_exit.c:197 sys_exit(ffff800021702e78,ffff80002e8c0530,ffff80002e8c0580) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e8c0600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74b9ce2d27c0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82ce18f8,fffffd8074a02940) at pool_do_put+0x115 pool_put(ffffffff82ce18f8,fffffd8074a02940) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd8074a02940,0) at soclose+0x4ba sys/kern/uipc_socket.c:440 soo_close(fffffd806226a780,ffff800021702e78) at soo_close+0x44 fdrop(fffffd806226a780,ffff800021702e78) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd806226a780,ffff800021702e78) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff800021702e78) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff800021702e78,0,0,1) at exit1+0x35d sys/kern/kern_exit.c:197 sys_exit(ffff800021702e78,ffff80002e8c0530,ffff80002e8c0580) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e8c0600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74b9ce2d27c0, count: -11