kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(dbb3ebdf1173499) at m_tag_delete_chain+0x25 m_free(ffffff00750a1100) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006f2e6480,ffff800021164300,220,ffff800021164390,ffff8000211642a0) at soreceive+0x1131 recvit(ffff8000211643c0,ffff8000211644c8,ffff8000211644b0,ffff8000ffffc968,0) at recvit+0x28c sys_recvmsg(ffff800021164550,ffff8000ffffc968,ffff80002105ffd0) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,40c5eb12010) at Xsyscall+0x128 end of kernel end trace frame: 0x40e6f4c38d0, count: -8 ddb> show registers rdi 0xffffff00750a1100 rsi 0xffffffff816fd2a0 m_tag_delete_chain+0x10 rbp 0xffff800021164190 rbx 0 rdx 0xffff800001ccf000 rcx 0xac rax 0xffff800001ccf000 r8 0 r9 0xffff8000ffffc968 r10 0xdbb3ebdf1173499 r11 0xffffffff819f3400 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006f2e6480 r14 0xffffff00750a1100 r15 0xdeafbeaddeafbead rip 0xffffffff816fd2b5 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800021164180 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor0) pid=18262 stat=onproc flags process=0 proc=4000000 pri=74, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffc710,0xffffffff81e8ea18 process=0xffff80002105ffd0 user=0xffff80002115f000, vmspace=0xffffff007f12bb58 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 67671 124756 53679 0 2 0 syz-executor0 *67671 18262 53679 0 7 0x4000000 syz-executor0 12306 288904 88258 0 3 0x80 nanosleep syz-executor1 12306 273786 88258 0 3 0x4000080 poll syz-executor1 12306 31089 88258 0 3 0x4000080 fsleep syz-executor1 49029 450503 1 0 3 0x100083 ttyin getty 56255 460464 0 0 3 0x14200 bored sosplice 53679 517430 79685 0 3 0x82 nanosleep syz-executor0 88258 436195 79685 0 3 0x82 nanosleep syz-executor1 79685 513964 61718 0 3 0x82 thrsleep syz-fuzzer 79685 450090 61718 0 3 0x4000082 thrsleep syz-fuzzer 79685 182499 61718 0 3 0x4000082 thrsleep syz-fuzzer 79685 260015 61718 0 3 0x4000082 thrsleep syz-fuzzer 79685 324788 61718 0 3 0x4000082 thrsleep syz-fuzzer 79685 38408 61718 0 3 0x4000082 thrsleep syz-fuzzer 79685 43881 61718 0 3 0x4000082 kqread syz-fuzzer 79685 493909 61718 0 3 0x4000082 thrsleep syz-fuzzer 61718 297779 74160 0 3 0x10008a pause ksh 74160 157662 39242 0 3 0x92 select sshd 39242 325211 1 0 3 0x80 select sshd 69231 417459 60055 73 3 0x100090 kqread syslogd 60055 423835 1 0 3 0x100082 netio syslogd 91463 369093 0 0 2 0x14200 zerothread 9363 508762 0 0 3 0x14200 aiodoned aiodoned 9948 73666 0 0 3 0x14200 syncer update 96671 266206 0 0 3 0x14200 cleaner cleaner 45450 168260 0 0 3 0x14200 reaper reaper 95660 405447 0 0 3 0x14200 pgdaemon pagedaemon 80287 250233 0 0 3 0x14200 bored crynlk 19910 448755 0 0 3 0x14200 bored crypto 98591 350542 0 0 3 0x40014200 acpi0 acpi0 70459 244818 0 0 3 0x14200 bored softnet 1901 483630 0 0 3 0x14200 bored systqmp 83587 342501 0 0 3 0x14200 bored systq 94286 232985 0 0 3 0x40014200 bored softclock 13334 47512 0 0 3 0x40014200 idle0 1 93354 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper