kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(4443b62912d14acf) at m_tag_delete_chain+0x25 m_free(ffffff00745a1600) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006e706788,ffff80002118dd00,34cb,ffff80002118dd90,ffff80002118dca0) at soreceive+0x1131 recvit(ffff800001d3fb00,ffff80002118dec8,ffff80002118deb0,ffff8000210c3c30,0) at recvit+0x28c sys_recvmsg(ffff80002118df50,ffff8000210c3c30,ffff80002105ffd0) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,13b7cc69010) at Xsyscall+0x128 end of kernel end trace frame: 0x13d9619f470, count: -8 ddb> show registers rdi 0xffffff00745a1600 rsi 0xffffffff817c0a10 m_tag_delete_chain+0x10 rbp 0xffff80002118db90 rbx 0 rdx 0xffff800002ad0000 rcx 0xf3 rax 0xffff800002ad0000 r8 0 r9 0xffff8000210c3c30 r10 0x4443b62912d14acf r11 0xffffffff816a34a0 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006e706788 r14 0xffffff00745a1600 r15 0xdeafbeaddeafbead rip 0xffffffff817c0a25 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80002118db80 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor0) pid=479973 stat=onproc flags process=0 proc=4000000 pri=67, usrpri=67, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffc260,0xffffffff81eafaa0 process=0xffff80002105ffd0 user=0xffff800021189000, vmspace=0xffffff007f12ba50 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 38048 384355 52010 0 2 0 syz-executor0 *38048 479973 52010 0 7 0x4000000 syz-executor0 40375 123139 46865 0 3 0x82 nanosleep syz-executor1 5080 432233 1 0 3 0x100083 ttyin getty 97595 240649 0 0 3 0x14200 bored sosplice 52010 514016 46865 0 3 0x82 nanosleep syz-executor0 46865 343688 43524 0 3 0x82 thrsleep syz-fuzzer 46865 171854 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 225566 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 91106 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 99761 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 178599 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 408095 43524 0 3 0x4000082 thrsleep syz-fuzzer 46865 274915 43524 0 3 0x4000082 kqread syz-fuzzer 43524 286925 3719 0 3 0x10008a pause ksh 3719 182935 14616 0 3 0x92 select sshd 14616 301696 1 0 3 0x80 select sshd 25813 105668 48887 73 3 0x100090 kqread syslogd 48887 356039 1 0 3 0x100082 netio syslogd 746 298739 1 77 3 0x100090 poll dhclient 61497 160931 1 0 3 0x80 poll dhclient 93496 485556 0 0 2 0x14200 zerothread 61225 370573 0 0 3 0x14200 aiodoned aiodoned 76096 96249 0 0 3 0x14200 syncer update 7909 465687 0 0 3 0x14200 cleaner cleaner 27326 267690 0 0 3 0x14200 reaper reaper 25172 150660 0 0 3 0x14200 pgdaemon pagedaemon 26345 177567 0 0 3 0x14200 bored crynlk 76161 198954 0 0 3 0x14200 bored crypto 80027 16390 0 0 3 0x40014200 acpi0 acpi0 88361 420290 0 0 3 0x14200 bored softnet 1688 2903 0 0 3 0x14200 bored systqmp 95434 240491 0 0 3 0x14200 bored systq 73641 371781 0 0 3 0x40014200 bored softclock 69953 460181 0 0 3 0x40014200 idle0 1 25032 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper