kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Dec 3 16:38:12 PST 2018 OpenBSD/amd64 (worker.syzkaller) (tty00) Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program login: kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(5e069b71420b469a) at m_tag_delete_chain+0x25 m_free(ffffff007ec4f600) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006e6fe788,0,0,ffff8000210fa8d0,ffff8000210fa7e0) at soreceive+0x1131 recvit(ffff8000210fa900,ffff8000210faa08,ffff8000210fa9f0,ffff8000210c2268,0) at recvit+0x28c sys_recvmsg(ffff8000210faa90,ffff8000210c2268,ffff8000210a5338) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,0,0,1,7f7ffffef918) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffef8d0, count: -8 ddb> show registers rdi 0xffffff007ec4f600 rsi 0x42 rbp 0xffff8000210fa6d0 rbx 0 rdx 0x4152 __ALIGN_SIZE+0x3152 rcx 0xffffffff81e8e3b0 mbstat_boot_boot_cpumem rax 0 r8 0 r9 0xffff8000210c2268 r10 0x5e069b71420b469a r11 0xffffffff816a34a0 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006e6fe788 r14 0xffffff007ec4f600 r15 0xdeaf4152deaf4152 rip 0xffffffff817c0a25 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff8000210fa6c0 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor4788) pid=507690 stat=onproc flags process=2 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000210c2bc8,0xffffffff81eafaa0 process=0xffff8000210a5338 user=0xffff8000210f5000, vmspace=0xffffff007f12b108 estcpu=1, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *25185 507690 84948 0 7 0x2 syz-executor4788 84948 7123 58023 0 3 0x10008a pause ksh 58023 200841 55120 0 3 0x92 select sshd 5041 506945 1 0 3 0x100083 ttyin getty 55120 392705 1 0 3 0x80 select sshd 75213 176194 99111 73 3 0x100090 kqread syslogd 99111 66444 1 0 3 0x100082 netio syslogd 92367 253151 1 77 3 0x100090 poll dhclient 17036 358436 1 0 3 0x80 poll dhclient 11930 397464 0 0 2 0x14200 zerothread 20113 334996 0 0 3 0x14200 aiodoned aiodoned 59721 293361 0 0 3 0x14200 syncer update 28181 481674 0 0 3 0x14200 cleaner cleaner 83395 392843 0 0 3 0x14200 reaper reaper 61224 449098 0 0 3 0x14200 pgdaemon pagedaemon 58015 458785 0 0 3 0x14200 bored crynlk 30361 149495 0 0 3 0x14200 bored crypto 24311 484326 0 0 3 0x40014200 acpi0 acpi0 86525 321286 0 0 3 0x14200 bored softnet 66327 389287 0 0 3 0x14200 bored systqmp 6154 426166 0 0 3 0x14200 bored systq 92454 329510 0 0 3 0x40014200 bored softclock 16277 300245 0 0 3 0x40014200 idle0 1 345473 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb>