kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Dec 3 13:35:15 PST 2018 OpenBSD/amd64 (worker.syzkaller) (tty00) Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program login: kernel: protection fault trap, code=0 Stopped at m_extfree+0x3d: movq %rax,0x90(%r15) ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_extfree(d8b6a2bfd13583b) at m_extfree+0x3d m_free(ffffff007f146600) at m_free+0xee m_freem(16) at m_freem+0x2d soreceive(0,ffffff006e701788,0,0,ffff8000210feaa8,ffff8000210fe9b0) at soreceive+0x1131 recvit(ffff8000210c2718,ffff8000210feb40,0,ffff8000210feb58,7f7ffffef298) at recvit+0x28c sys_recvfrom(ffff8000210febe0,ffff8000210c2718,ffff8000210a5010) at sys_recvfrom+0xbc syscall(0) at syscall+0x3e4 Xsyscall(6,0,0,0,0,7f7ffffef2c4) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffef2b0, count: -8 ddb> show registers rdi 0x7 rsi 0x42 rbp 0xffff8000210fe8a0 rbx 0x2 rdx 0x4110 __ALIGN_SIZE+0x3110 rcx 0xffffffff81e8e3b0 mbstat_boot_boot_cpumem rax 0x44610a19d64dad71 r8 0 r9 0xffff8000210c2718 r10 0xd8b6a2bfd13583b r11 0xffffffff816a34a0 pool_lock_mtx_leave r12 0xdead __ALIGN_SIZE+0xcead r13 0xffffff006e701788 r14 0xffffff007f146600 r15 0xc912e180c94843ae rip 0xffffffff81adbf1d m_extfree+0x3d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000210fe890 ss 0x10 m_extfree+0x3d: movq %rax,0x90(%r15) ddb> show proc PROC (syz-executor4306) pid=236914 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000210c3078,0xffffffff81eafaa0 process=0xffff8000210a5010 user=0xffff8000210f9000, vmspace=0xffffff007f12b630 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *69124 236914 9709 0 7 0 syz-executor4306 9709 468619 1267 0 3 0x82 nanosleep syz-executor4306 1267 230002 78687 0 3 0x10008a pause ksh 78687 372686 52496 0 3 0x92 select sshd 58715 55893 1 0 3 0x100083 ttyin getty 52496 123446 1 0 3 0x80 select sshd 37965 86110 680 73 3 0x100090 kqread syslogd 680 24404 1 0 3 0x100082 netio syslogd 97225 417269 1 77 3 0x100090 poll dhclient 69946 488023 1 0 3 0x80 poll dhclient 9265 234576 0 0 2 0x14200 zerothread 54845 243582 0 0 3 0x14200 aiodoned aiodoned 28028 440874 0 0 3 0x14200 syncer update 58073 279457 0 0 3 0x14200 cleaner cleaner 8611 296227 0 0 3 0x14200 reaper reaper 21106 371982 0 0 3 0x14200 pgdaemon pagedaemon 55862 277520 0 0 3 0x14200 bored crynlk 56564 427711 0 0 3 0x14200 bored crypto 30451 134740 0 0 3 0x40014200 acpi0 acpi0 40444 374626 0 0 3 0x14200 bored softnet 91526 184909 0 0 3 0x14200 bored systqmp 34707 422141 0 0 3 0x14200 bored systq 10478 364251 0 0 3 0x40014200 bored softclock 78871 208965 0 0 3 0x40014200 idle0 1 407928 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb>