kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Sat Dec  1 01:26:54 PST 2018

OpenBSD/amd64 (worker.syzkaller) (tty00)

Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
executing program
login: kernel: protection fault trap, code=0

Stopped at      m_extfree+0x3d: movq    %rax,0x90(%r15)

ddb> 

ddb> set $lines = 0

ddb> show panic

the kernel did not panic

ddb> trace

m_extfree(eeae323926dacfb9) at m_extfree+0x3d

m_free(ffffff006e3b2800) at m_free+0xee

m_freem(16) at m_freem+0x2d

soreceive(0,ffffff006e708908,0,0,ffff8000210fa960,ffff8000210fa870) at soreceive+0x1131

recvit(ffff8000210fa990,ffff8000210faa98,ffff8000210faa80,ffff8000210c3078,0) at recvit+0x28c

sys_recvmsg(ffff8000210fab20,ffff8000210c3078,ffff8000210a5660) at sys_recvmsg+0x120

syscall(0) at syscall+0x3e4

Xsyscall(6,0,0,0,1,7f7ffffd8118) at Xsyscall+0x128

end of kernel

end trace frame: 0x7f7ffffd80d0, count: -8

ddb> show registers

rdi                              0x7

rsi                             0x42

rbp               0xffff8000210fa760

rbx                                0

rdx                           0x4110    __ALIGN_SIZE+0x3110

rcx               0xffffffff81e5dcc0    mbstat_boot_boot_cpumem

rax               0xe1311bd068d226d1

r8                                 0

r9                0xffff8000210c3078

r10               0xeeae323926dacfb9

r11               0xffffffff815aaa10    pool_lock_mtx_leave

r12                           0xdead    __ALIGN_SIZE+0xcead

r13               0xffffff006e708908

r14               0xffffff006e3b2800

r15               0x19fd241911c88e48

rip               0xffffffff8151b69d    m_extfree+0x3d

cs                               0x8

rflags                       0x10246    __ALIGN_SIZE+0xf246

rsp               0xffff8000210fa750

ss                              0x10

m_extfree+0x3d: movq    %rax,0x90(%r15)

ddb> show proc

PROC (syz-executor2746) pid=43702 stat=onproc

    flags process=2<EXEC> proc=0

    pri=50, usrpri=50, nice=20

    forw=0xffffffffffffffff, list=0xffff8000210c32d0,0xffffffff81e98cf0

    process=0xffff8000210a5660 user=0xffff8000210f5000, vmspace=0xffffff007f12b738

    estcpu=0, cpticks=0, pctcpu=0.0

    user=0, sys=0, intr=0

ddb> ps

   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND

*79018   43702  95832      0  7         0x2                syz-executor2746

 95832  427331  55680      0  3    0x10008a  pause         ksh

 55680  313355  24267      0  3        0x92  select        sshd

 10602  288144      1      0  3    0x100083  ttyin         getty

 24267  237753      1      0  3        0x80  select        sshd

 90806  332710   7968     73  3    0x100090  kqread        syslogd

  7968  520884      1      0  3    0x100082  netio         syslogd

 88963  201487      1     77  3    0x100090  poll          dhclient

 12226   54954      1      0  3        0x80  poll          dhclient

 16290  426033      0      0  2     0x14200                zerothread

 78023  377457      0      0  3     0x14200  aiodoned      aiodoned

 65835  304055      0      0  3     0x14200  syncer        update

 25536  172965      0      0  3     0x14200  cleaner       cleaner

 52190  319551      0      0  3     0x14200  reaper        reaper

 95903  297620      0      0  3     0x14200  pgdaemon      pagedaemon

 67386  496933      0      0  3     0x14200  bored         crynlk

 78545    3126      0      0  3     0x14200  bored         crypto

 24821  162148      0      0  3  0x40014200  acpi0         acpi0

 44462  326116      0      0  3     0x14200  bored         softnet

 67132  455602      0      0  3     0x14200  bored         systqmp

 23929  228998      0      0  3     0x14200  bored         systq

 68458  210791      0      0  3  0x40014200  bored         softclock

 45918  497678      0      0  3  0x40014200                idle0

     1  494986      0      0  3        0x82  wait          init

     0       0     -1      0  3     0x10200  scheduler     swapper

ddb>