kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(9fa4e1f24aa097c) at m_tag_delete_chain+0x25 m_free(ffffff006dc1ff00) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006e6fda88,ffff80002113c8a0,1d,ffff80002113c930,ffff80002113c840) at soreceive+0x1131 recvit(ffff80002113c960,ffff80002113ca68,ffff80002113ca50,ffff8000210c1790,0) at recvit+0x28c sys_recvmsg(ffff80002113caf0,ffff8000210c1790,ffff80002105f330) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,390abc3c010) at Xsyscall+0x128 end of kernel end trace frame: 0x3932a9048c0, count: -8 ddb> show registers rdi 0xffffff006dc1ff00 rsi 0xffffffff816fd2a0 m_tag_delete_chain+0x10 rbp 0xffff80002113c730 rbx 0x2 rdx 0xffff800000cce000 rcx 0xaa rax 0xffff800000cce000 r8 0 r9 0xffff8000210c1790 r10 0x9fa4e1f24aa097c r11 0xffffffff819f3400 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006e6fda88 r14 0xffffff006dc1ff00 r15 0xdeaf4152deaf4152 rip 0xffffffff816fd2b5 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80002113c720 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor0) pid=8504 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000210c0e30,0xffffffff81e8ea18 process=0xffff80002105f330 user=0xffff800021137000, vmspace=0xffffff007f12bc60 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 32864 97916 15664 0 2 0 syz-executor0 *32864 8504 15664 0 7 0x4000000 syz-executor0 96879 113337 1 0 3 0x100083 ttyin getty 91250 448571 0 0 3 0x14200 bored sosplice 15664 272491 93696 0 3 0x82 nanosleep syz-executor0 29934 273255 93696 0 2 0x2 syz-executor1 93696 403753 81160 0 3 0x82 thrsleep syz-fuzzer 93696 214753 81160 0 3 0x4000082 nanosleep syz-fuzzer 93696 82073 81160 0 3 0x4000082 thrsleep syz-fuzzer 93696 212590 81160 0 3 0x4000082 kqread syz-fuzzer 93696 417671 81160 0 3 0x4000082 thrsleep syz-fuzzer 93696 406904 81160 0 3 0x4000082 thrsleep syz-fuzzer 93696 62950 81160 0 3 0x4000082 thrsleep syz-fuzzer 81160 59015 63797 0 3 0x10008a pause ksh 63797 508253 58072 0 3 0x92 select sshd 58072 450994 1 0 3 0x80 select sshd 97762 474677 25685 73 3 0x100090 kqread syslogd 25685 117181 1 0 3 0x100082 netio syslogd 32796 466188 1 77 3 0x100090 poll dhclient 8189 30933 1 0 3 0x80 poll dhclient 50909 18848 0 0 2 0x14200 zerothread 7667 259626 0 0 3 0x14200 aiodoned aiodoned 53708 38645 0 0 3 0x14200 syncer update 42372 477059 0 0 3 0x14200 cleaner cleaner 71425 72985 0 0 3 0x14200 reaper reaper 34517 43317 0 0 3 0x14200 pgdaemon pagedaemon 54526 303699 0 0 3 0x14200 bored crynlk 70912 360905 0 0 3 0x14200 bored crypto 6800 31249 0 0 3 0x40014200 acpi0 acpi0 94657 44947 0 0 3 0x14200 bored softnet 42374 207019 0 0 3 0x14200 bored systqmp 79780 118237 0 0 3 0x14200 bored systq 87118 341321 0 0 3 0x40014200 bored softclock 78987 71782 0 0 3 0x40014200 idle0 1 64061 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper