kernel: protection fault trap, code=0 Stopped at pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd807e97c8f0,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8067b2adb0,ffff80002313ab60) at soo_close+0x40 fdrop(fffffd8067b2adb0,ffff80002313ab60) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 dofilereadv(ffff80002313ab60,4,ffff800029e25c50,0,ffff800029e25d40) at dofilereadv+0x328 sys/kern/sys_generic.c:268 sys_readv(ffff80002313ab60,ffff800029e25cf8,ffff800029e25d40) at sys_readv+0xa7 sys/kern/sys_generic.c:194 syscall(ffff800029e25dc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa1814d27f00, count: -9 ddb> show registers rdi 0 rsi 0xfffffd807e97c562 rbp 0xffff800029e25a20 rbx 0x69c415d071057c77 rdx 0 rcx 0x1 rax 0xffff80002313ab60 r8 0 r9 0 r10 0xb01dbc15acbd4c60 r11 0x5d03ef3b878f9681 r12 0xfffffd807e97c8f0 r13 0xd72b3d04b181b361 r14 0xffffffff82c1e018 socket_pool r15 0xfffffd807e97cf90 rip 0xffffffff823672a5 pool_do_put+0x115 cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff800029e25970 ss 0x10 pool_do_put+0x115: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.3) pid=116958 stat=onproc flags process=2000 proc=4080000 pri=24, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002313a8a8,0xffff80002313b398 process=0xffff8000217027e8 user=0xffff800029e20000, vmspace=0xfffffd8072a282b8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 59359 140742 38494 0 2 0x82000 syz-executor.3 *59359 116958 38494 0 7 0x4082000 syz-executor.3 59359 150312 38494 0 3 0x4002000 suspend syz-executor.3 1279 192750 76913 0 3 0x3010 suspend syz-executor.6 1279 209176 76913 0 3 0x4081011 kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 6408K 7053K 78643K 13737 0 pcb 13 22K 27K 78643K 1840 0 rtable 196 15K 17K 78643K 1982 0 ifaddr 75 22K 23K 78643K 869 0 sysctl 3 1K 1K 78643K 3 0 counters 27 17K 17K 78643K 319 0 ioctlops 0 0K 4K 78643K 710 0 iov 0 0K 24K 78643K 758 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1587 99K 100K 78643K 5676 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 3 5K 9K 78643K 70 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 789 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 73K 78643K 5842 0 sigio 0 0K 0K 78643K 77 0 proc 57 43K 75K 78643K 1690 0 subproc 104 6K 6K 78643K 566 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 352 0 in_multi 79 5K 6K 78643K 726 0 ether_multi 1 0K 0K 78643K 45 0 mrt 1 0K 0K 78643K 28 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 103 466K 466K 78643K 103 0 exec 0 0K 1K 78643K 1944 0 pfkey data 0 0K 0K 78643K 71 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 294 91K 106K 78643K 39149 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 371 0 NDP 12 0K 1K 78643K 297 0 temp 142 5770K 71420K 78643K 96592 0 kqueue 6 10K 24K 78643K 511 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1105 0 1104 11 10 1 3 0 8 0 rtentry 112 626 0 544 5 1 4 4 0 8 0 unpcb 144 6976 0 6970 67 66 1 10 0 8 0 syncache 296 77 0 77 18 17 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 943 0 943 14 13 1 1 0 8 1 tcpcb 776 3172 0 3168 123 119 4 20 0 8 3 arp 88 98 0 82 1 0 1 1 0 8 0 ipq 40 9 0 9 2 2 0 1 0 8 0 ipqe 40 26 0 26 2 2 0 1 0 8 0 inpcb 336 7805 0 7801 133 126 7 17 0 8 6 nd6 48 147 0 129 1 0 1 1 0 8 0 pkpcb 40 15 0 15 4 4 0 1 0 8 0 kcovpl 48 43 0 35 1 0 1 1 0 8 0 mppekey 1024 5 0 5 2 2 0 1 0 8 0 ppxss 1160 189 0 189 17 17 0 1 0 8 0 pppxif 1360 27 0 27 8 8 0 1 0 8 0 pfstscr 40 80 0 3 1 0 1 1 0 8 0 pfosfp 40 3 0 2 1 0 1 1 0 8 0 pfosfpen 112 3 0 2 1 0 1 1 0 8 0 pfanchor 1280 953 155 441 47 4 43 43 0 8 0 pfqueue 264 75 0 75 4 4 0 1 0 8 0 pfstitem 24 150 0 149 1 0 1 1 0 8 0 pfstkey 128 153 0 79 3 0 3 3 0 8 0 pfstate 352 80 0 3 7 0 7 7 0 8 0 rttmr 136 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 5 0 4 4 3 1 2 0 8 0 art_heap4 256 2559 0 2188 50 26 24 30 0 8 0 art_table 32 2564 0 2192 5 1 4 4 0 8 0 art_node 16 620 0 548 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 23 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 785 0 775 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 10859 0 9401 92 0 92 92 0 8 0 ffsino 240 10859 0 9401 87 0 87 87 0 8 0 nchpl 144 19550 0 17918 63 1 62 63 0 8 0 rtmask 32 8 0 8 3 3 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 76831 0 76831 3 2 1 3 0 8 1 vmpool 664 19 0 19 6 6 0 1 0 8 0 kstatmem 264 392 0 368 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 57013 0 57013 19 17 2 8 0 8 2 plimitpl 152 978 0 964 1 0 1 1 0 8 0 sigapl 424 6088 0 6029 8 0 8 8 0 8 0 futexpl 64 72181 0 72180 2 1 1 1 0 8 0 knotepl 120 90236 0 90172 63 59 4 11 0 8 0 kqueuepl 184 1766 0 1761 29 28 1 7 0 8 0 pipepl 288 1550 0 1522 18 15 3 7 0 8 0 fdescpl 432 6050 0 6029 6 2 4 4 0 8 0 filepl 120 56312 0 56093 82 70 12 17 0 8 4 lockfpl 104 1495 0 1494 5 4 1 2 0 8 0 lockfspl 48 419 0 418 1 0 1 1 0 8 0 sessionpl 144 58 0 43 1 0 1 1 0 8 0 pgrppl 48 184 0 169 1 0 1 1 0 8 0 ucredpl 104 6890 0 6880 1 0 1 1 0 8 0 zombiepl 144 6030 0 6029 1 0 1 1 0 8 0 processpl 1008 6088 0 6029 11 2 9 9 0 8 0 procpl 696 15211 0 15134 18 8 10 10 0 8 1 sosppl 168 59 0 59 12 12 0 1 0 8 0 sockpl 456 15910 0 15898 396 386 10 34 0 8 8 sockpl: pool(0xffffffff82c1e018:sockpl): free list modified: page 0xfffffd807e97c000; item ordinal 0; addr 0xfffffd807e97c562 (p 0xfffffd807e97c000); offset 0x0=0x736959e07e334de9 pool(sockpl): free list modified: page 0xfffffd807e97c000; item ordinal 0; addr 0xfffffd807e97c562 (p 0xfffffd807e97c000); offset 0x0=0xbeefdead sockpl: pool(0xffffffff82c1e018:sockpl): page inconsistency: page 0xfffffd807e97c000; item ordinal 1; addr 0x69c415d071057c77 mcl64k 65536 299 0 299 15 15 0 1 0 8 0 mcl16k 16384 180 0 180 13 12 1 1 0 8 1 mcl12k 12288 241 0 241 16 15 1 1 0 8 1 mcl9k 9216 71 0 71 20 19 1 1 0 8 1 mcl8k 8192 636 0 636 9 8 1 1 0 8 1 mcl4k 4096 941 0 941 7 6 1 1 0 8 1 mcl2k2 2112 45 0 45 19 19 0 1 0 8 0 mcl2k 2048 87444 0 87382 64 55 9 32 0 8 1 mtagpl 96 51 0 51 3 3 0 1 0 8 0 mbufpl 256 221684 0 221570 454 442 12 110 0 8 0 bufpl 288 15134 0 8740 458 0 458 458 0 8 0 anonpl 24 1235313 0 1217921 182 64 118 134 0 188 0 amapchunkpl 152 110897 0 110234 76 46 30 41 0 158 0 amappl16 200 12942 0 12310 107 69 38 46 0 8 4 amappl15 192 8 0 8 2 2 0 1 0 8 0 amappl14 184 276 0 266 2 1 1 2 0 8 0 amappl13 176 7 0 7 2 2 0 1 0 8 0 amappl12 168 816 0 815 1 0 1 1 0 8 0 amappl11 160 46 0 41 1 0 1 1 0 8 0 amappl10 152 67 0 59 1 0 1 1 0 8 0 amappl9 144 1017 0 1014 1 0 1 1 0 8 0 amappl8 136 381 0 303 3 0 3 3 0 8 0 amappl7 128 231 0 210 2 0 2 2 0 8 0 amappl6 120 366 0 354 2 1 1 2 0 8 0 amappl5 112 337 0 333 1 0 1 1 0 8 0 amappl4 104 923 0 898 2 1 1 2 0 8 0 amappl3 96 16816 0 16777 2 0 2 2 0 8 0 amappl2 88 7121 0 7071 3 1 2 3 0 8 0 amappl1 80 137586 0 137031 32 18 14 26 0 8 0 amappl 88 38221 0 38058 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 6069 0 6048 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6069 0 6048 1 0 1 1 0 8 0 vmmpekpl 168 50202 0 50137 4 0 4 4 0 8 0 vmmpepl 168 581267 0 578969 334 211 123 170 0 357 3 vmsppl 344 6068 0 6048 3 0 3 3 0 8 0 rwobjpl 24 152196 0 144592 49 1 48 49 0 8 0 pdppl 4096 12144 0 12096 488 432 56 68 0 8 8 pvpl 32 2521680 0 2499451 515 318 197 360 0 265 0 pmappl 216 6068 0 6048 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1911 0 1154 25 1 24 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd807e97c8f0,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8067b2adb0,ffff80002313ab60) at soo_close+0x40 fdrop(fffffd8067b2adb0,ffff80002313ab60) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 dofilereadv(ffff80002313ab60,4,ffff800029e25c50,0,ffff800029e25d40) at dofilereadv+0x328 sys/kern/sys_generic.c:268 sys_readv(ffff80002313ab60,ffff800029e25cf8,ffff800029e25d40) at sys_readv+0xa7 sys/kern/sys_generic.c:194 syscall(ffff800029e25dc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa1814d27f00, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_do_put+0x115 pool_put(ffffffff82c1e018,fffffd807e97c8f0) at pool_put+0x67 sys/kern/subr_pool.c:799 soclose(fffffd807e97c8f0,0) at soclose+0x4aa sys/kern/uipc_socket.c:442 soo_close(fffffd8067b2adb0,ffff80002313ab60) at soo_close+0x40 fdrop(fffffd8067b2adb0,ffff80002313ab60) at fdrop+0xc7 sys/kern/kern_descrip.c:1274 dofilereadv(ffff80002313ab60,4,ffff800029e25c50,0,ffff800029e25d40) at dofilereadv+0x328 sys/kern/sys_generic.c:268 sys_readv(ffff80002313ab60,ffff800029e25cf8,ffff800029e25d40) at sys_readv+0xa7 sys/kern/sys_generic.c:194 syscall(ffff800029e25dc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa1814d27f00, count: -9