kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82dbd280,fffffd806ca909a0) at pool_do_put+0x115 pool_put(ffffffff82dbd280,fffffd806ca909a0) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd806ca909a0,0) at soclose+0x4ba sys/kern/uipc_socket.c:428 soo_close(fffffd8063bcddb0,ffff80002a64d7f8) at soo_close+0x44 fdrop(fffffd8063bcddb0,ffff80002a64d7f8) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd8063bcddb0,ffff80002a64d7f8) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff80002a64d7f8) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff80002a64d7f8,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff80002a64d7f8,ffff800034237ab0,ffff800034237a00) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800034237ab0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7aee41b17640, count: -11 ddb> show registers rdi 0 rsi 0xfffffd806ca907b9 rbp 0xffff800034237740 rbx 0xc35eca3b636afff9 rdx 0 rcx 0xffffffff82e1ce68 unp_head rax 0xffff80002a64d7f8 r8 0 r9 0 r10 0x82934b380d5055ac r11 0x5d4b74600b404eb3 r12 0xfffffd806ca909a0 r13 0x2c8db87e9d9bcd36 r14 0xffffffff82dbd280 socket_pool r15 0xfffffd806ca90f90 rip 0xffffffff81e37315 pool_do_put+0x115 cs 0x8 rflags 0x10212 __ALIGN_SIZE+0xf212 rsp 0xffff800034237690 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.2) tid=314525 pid=60265 tcnt=1 stat=onproc flags process=1008 proc=2000 runpri=0, usrpri=64, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a64d7f8 forw=0xffffffffffffffff, list=0xffff80002a64d2a8,0xffffffff82dbd610 process=0xffff800034375d70 user=0xffff800034232000, vmspace=0xfffffd80701f2dd8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 84578 463467 44001 0 3 0x80 nanoslp syz-executor.7 84578 8764 44001 0 3 0x4000080 fsleep syz-executor.7 77696 430725 48132 0 3 0x1 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10175 6408K 6953K 166960K 15583 0 pcb 15 14K 15K 166960K 254 0 rtable 190 14K 17K 166960K 774 0 pf 34 9K 10K 166960K 139 0 ifaddr 37 10K 11K 166960K 121 0 ifgroup 59 2K 2K 166960K 234 0 sysctl 2 0K 0K 166960K 6 0 counters 32 17K 18K 166960K 79 0 ioctlops 0 0K 2K 166960K 279 0 iov 0 0K 32K 166960K 222 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1409 88K 88K 166960K 3287 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 32 0 VM map 2 1K 1K 166960K 2 0 sem 10 1K 1K 166960K 10 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 69K 166960K 2778 0 sigio 0 0K 0K 166960K 95 0 proc 58 59K 75K 166960K 790 0 subproc 104 6K 6K 166960K 195 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 299 0 in_multi 66 4K 7K 166960K 203 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 837 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 335 187K 188K 166960K 27840 0 UVM aobj 131 9K 9K 166960K 134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 44 0 NDP 13 0K 2K 166960K 91 0 temp 76 6700K 6827K 166960K 30561 0 kqueue 12 18K 26K 166960K 261 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 226 0 220 3 2 1 2 0 8 0 rtentry 112 224 0 142 4 0 4 4 0 8 0 unpcb 144 2158 0 2145 27 26 1 6 0 8 0 syncache 320 22 0 22 5 5 0 1 0 8 0 tcpqe 32 578 0 578 6 6 0 1 0 8 0 tcpcb 808 786 0 768 26 22 4 9 0 8 1 arp 88 40 0 25 1 0 1 1 0 8 0 ipq 40 8 0 8 2 2 0 1 0 8 0 ipqe 40 21 0 21 2 2 0 1 0 8 0 inpcb 344 2214 0 2121 33 24 9 10 0 8 0 nd6 104 52 0 37 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1072 12 0 12 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 889 0 543 36 13 23 30 0 8 0 art_table 32 890 0 543 4 0 4 4 0 8 0 art_node 16 217 0 143 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 5 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 8 0 0 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 5421 0 3961 92 0 92 92 0 8 0 ffsino 240 5421 0 3961 87 0 87 87 0 8 0 nchpl 144 9325 0 7671 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 35043 0 35043 7 6 1 3 0 8 1 vcpupl 2048 7 0 0 1 0 1 1 0 8 0 vmpool 664 10 0 3 1 0 1 1 0 8 0 kstatmem 264 120 0 94 3 1 2 3 0 8 0 scxspl 216 29532 0 29532 21 20 1 8 1 8 1 plimitpl 152 377 0 362 1 0 1 1 0 8 0 sigapl 424 3265 0 3200 8 0 8 8 0 8 0 futexpl 64 27440 0 27436 1 0 1 1 0 8 0 knotepl 120 28919 0 28837 23 19 4 17 0 8 0 kqueuepl 184 753 0 742 12 11 1 4 0 8 0 pipepl 288 730 0 693 17 12 5 7 0 8 2 fdescpl 432 3048 0 3023 4 0 4 4 0 8 0 filepl 120 21099 0 20696 39 24 15 15 0 8 1 lockfpl 104 1412 0 1410 5 4 1 3 0 8 0 lockfspl 48 356 0 354 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 47 0 31 1 0 1 1 0 8 0 ucredpl 104 3013 0 3003 1 0 1 1 0 8 0 zombiepl 144 3204 0 3200 2 1 1 1 0 8 0 processpl 1072 3265 0 3200 5 0 5 5 0 8 0 procpl 680 7423 0 7339 11 3 8 9 0 8 0 sosppl 168 27 0 27 2 2 0 1 0 8 0 sockpl 488 4605 0 4498 103 89 14 22 0 8 0 sockpl: pool(0xffffffff82dbd280:sockpl): free list modified: page 0xfffffd806ca90000; item ordinal 0; addr 0xfffffd806ca907b9 (p 0xfffffd806ca90000); offset 0x0=0x364eea8361c3a8ab pool(sockpl): free list modified: page 0xfffffd806ca90000; item ordinal 0; addr 0xfffffd806ca907b9 (p 0xfffffd806ca90000); offset 0x0=0xefdeadbe sockpl: pool(0xffffffff82dbd280:sockpl): page inconsistency: page 0xfffffd806ca90000; item ordinal 1; addr 0xc35eca3b636afff9 mcl64k 65536 113 0 113 7 6 1 1 0 8 1 mcl16k 16384 63 0 63 7 6 1 1 0 8 1 mcl12k 12288 91 0 91 8 8 0 1 0 8 0 mcl9k 9216 46 0 46 7 7 0 1 0 8 0 mcl8k 8192 175 0 175 7 6 1 1 0 8 1 mcl4k 4096 390 0 390 6 5 1 2 0 8 1 mcl2k2 2112 32 0 32 7 7 0 1 0 8 0 mcl2k 2048 72590 0 72529 42 32 10 30 0 8 1 mtagpl 96 458 0 330 10 4 6 7 0 8 0 mbufpl 256 160980 0 160708 458 430 28 132 0 8 0 bufpl 280 9807 0 3417 457 0 457 457 0 8 0 anonpl 24 423037 0 411521 94 5 89 90 0 188 0 amapchunkpl 152 90178 0 89389 60 24 36 45 0 158 0 amappl16 200 9434 0 9040 28 6 22 25 0 8 0 amappl15 192 15 0 14 1 0 1 1 0 8 0 amappl14 184 169 0 158 2 1 1 2 0 8 0 amappl13 176 37 0 36 1 0 1 1 0 8 0 amappl12 168 3778 0 3752 2 0 2 2 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 40 0 30 2 1 1 1 0 8 0 amappl9 144 249 0 248 2 1 1 1 0 8 0 amappl8 136 250 0 190 3 0 3 3 0 8 0 amappl7 128 205 0 182 2 0 2 2 0 8 0 amappl6 120 355 0 347 1 0 1 1 0 8 0 amappl5 112 199 0 191 1 0 1 1 0 8 0 amappl4 104 508 0 484 2 1 1 2 0 8 0 amappl3 96 17772 0 17697 3 0 3 3 0 8 0 amappl2 88 3609 0 3540 3 1 2 3 0 8 0 amappl1 80 19571 0 19064 25 14 11 22 0 8 0 amappl 88 27206 0 26989 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 3058 0 3026 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3058 0 3026 1 0 1 1 0 8 0 vmmpekpl 168 27456 0 27389 5 1 4 4 0 8 0 vmmpepl 168 200962 0 198873 180 68 112 122 0 357 12 vmsppl 352 3057 0 3026 4 0 4 4 0 8 0 rwobjpl 24 58858 0 51411 46 0 46 46 0 8 0 pdppl 4096 6122 0 6059 231 160 71 71 0 8 8 pvpl 32 1058443 0 1041622 348 186 162 334 0 265 0 pmappl 216 3057 0 3026 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1042 0 703 13 1 12 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82dbd280,fffffd806ca909a0) at pool_do_put+0x115 pool_put(ffffffff82dbd280,fffffd806ca909a0) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd806ca909a0,0) at soclose+0x4ba sys/kern/uipc_socket.c:428 soo_close(fffffd8063bcddb0,ffff80002a64d7f8) at soo_close+0x44 fdrop(fffffd8063bcddb0,ffff80002a64d7f8) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd8063bcddb0,ffff80002a64d7f8) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff80002a64d7f8) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff80002a64d7f8,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff80002a64d7f8,ffff800034237ab0,ffff800034237a00) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800034237ab0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7aee41b17640, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82dbd280,fffffd806ca909a0) at pool_do_put+0x115 pool_put(ffffffff82dbd280,fffffd806ca909a0) at pool_put+0x6b sys/kern/subr_pool.c:799 soclose(fffffd806ca909a0,0) at soclose+0x4ba sys/kern/uipc_socket.c:428 soo_close(fffffd8063bcddb0,ffff80002a64d7f8) at soo_close+0x44 fdrop(fffffd8063bcddb0,ffff80002a64d7f8) at fdrop+0xcb sys/kern/kern_descrip.c:1274 closef(fffffd8063bcddb0,ffff80002a64d7f8) at closef+0x11b sys/kern/kern_descrip.c:1258 fdfree(ffff80002a64d7f8) at fdfree+0xf3 sys/kern/kern_descrip.c:1190 exit1(ffff80002a64d7f8,0,0,1) at exit1+0x367 sys/kern/kern_exit.c:199 sys_exit(ffff80002a64d7f8,ffff800034237ab0,ffff800034237a00) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff800034237ab0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7aee41b17640, count: -11