kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(aaf445f6f084dbe8) at m_tag_delete_chain+0x25 m_free(ffffff006e125d00) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006f2dea80,ffff800021196d00,12ec,ffff800021196d90,ffff800021196ca0) at soreceive+0x1131 recvit(ffff800021196dc0,ffff800021196ec8,ffff800021196eb0,ffff8000ffffd778,0) at recvit+0x28c sys_recvmsg(ffff800021196f50,ffff8000ffffd778,ffff8000210a6300) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,34cf70a3010) at Xsyscall+0x128 end of kernel end trace frame: 0x34feb528db0, count: -8 ddb> show registers rdi 0xffffff006e125d00 rsi 0xffffffff810af670 m_tag_delete_chain+0x10 rbp 0xffff800021196b90 rbx 0 rdx 0xffff800002ad0000 rcx 0xa7 rax 0xffff800002ad0000 r8 0 r9 0xffff8000ffffd778 r10 0xaaf445f6f084dbe8 r11 0xffffffff815aaa10 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006f2dea80 r14 0xffffff006e125d00 r15 0xdeafbeaddeafbead rip 0xffffffff810af685 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800021196b80 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor0) pid=377760 stat=onproc flags process=0 proc=4000000 pri=76, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffc4b8,0xffffffff81e98cf0 process=0xffff8000210a6300 user=0xffff800021192000, vmspace=0xffffff007f12b108 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69123 135779 99858 0 2 0 syz-executor0 *69123 377760 99858 0 7 0x4000000 syz-executor0 15762 362648 43033 0 3 0x80 nanosleep syz-executor1 15762 475453 43033 0 3 0x4000080 poll syz-executor1 15762 295248 43033 0 3 0x4000080 fsleep syz-executor1 86112 9448 0 0 3 0x14200 bored sosplice 99858 39013 73268 0 3 0x82 nanosleep syz-executor0 43033 96818 73268 0 3 0x82 nanosleep syz-executor1 73268 435497 8629 0 3 0x82 thrsleep syz-fuzzer 73268 468555 8629 0 3 0x4000082 thrsleep syz-fuzzer 73268 371223 8629 0 3 0x4000082 thrsleep syz-fuzzer 73268 417809 8629 0 3 0x4000082 thrsleep syz-fuzzer 73268 132800 8629 0 3 0x4000082 thrsleep syz-fuzzer 73268 80533 8629 0 3 0x4000082 thrsleep syz-fuzzer 73268 101286 8629 0 3 0x4000082 kqread syz-fuzzer 8629 214900 43459 0 3 0x10008a pause ksh 43459 155188 95799 0 3 0x92 select sshd 75976 69883 1 0 3 0x100083 ttyin getty 95799 424062 1 0 3 0x80 select sshd 17066 113096 71031 73 3 0x100090 kqread syslogd 71031 154920 1 0 3 0x100082 netio syslogd 11080 293571 1 77 3 0x100090 poll dhclient 5838 75901 1 0 3 0x80 poll dhclient 8020 107277 0 0 2 0x14200 zerothread 55823 197416 0 0 3 0x14200 aiodoned aiodoned 45508 141047 0 0 3 0x14200 syncer update 61180 78325 0 0 3 0x14200 cleaner cleaner 47182 472906 0 0 3 0x14200 reaper reaper 30177 172487 0 0 3 0x14200 pgdaemon pagedaemon 54537 387804 0 0 3 0x14200 bored crynlk 74579 436832 0 0 3 0x14200 bored crypto 88481 426147 0 0 3 0x40014200 acpi0 acpi0 15238 434288 0 0 3 0x14200 bored softnet 72480 309868 0 0 3 0x14200 bored systqmp 37380 265756 0 0 3 0x14200 bored systq 42994 473607 0 0 3 0x40014200 bored softclock 59003 343171 0 0 3 0x40014200 idle0 1 59370 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper