kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(ce886ea511342edb) at m_tag_delete_chain+0x25 m_free(ffffff00719fde00) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006f2eaa80,ffff8000211566e0,142d,ffff800021156770,ffff800021156680) at soreceive+0x1131 recvit(ffff8000211567a0,ffff8000211568a8,ffff800021156890,ffff8000ffffc008,0) at recvit+0x28c sys_recvmsg(ffff800021156930,ffff8000ffffc008,ffff800021060948) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,3d72a27d010) at Xsyscall+0x128 end of kernel end trace frame: 0x3d986d45f80, count: -8 ddb> show registers rdi 0xffffff00719fde00 rsi 0xffffffff817c0a10 m_tag_delete_chain+0x10 rbp 0xffff800021156570 rbx 0x2 rdx 0xffff800002acd000 rcx 0xa5 rax 0xffff800002acd000 r8 0 r9 0xffff8000ffffc008 r10 0xce886ea511342edb r11 0xffffffff816a34a0 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006f2eaa80 r14 0xffffff00719fde00 r15 0xdeafbeaddeafbead rip 0xffffffff817c0a25 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800021156560 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor1) pid=233883 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffce18,0xffffffff81eafaa0 process=0xffff800021060948 user=0xffff800021151000, vmspace=0xffffff007f12b318 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40872 134874 26547 0 2 0 syz-executor1 *40872 233883 26547 0 7 0x4000000 syz-executor1 96903 337394 0 0 3 0x14200 bored sosplice 26547 270104 29768 0 3 0x82 nanosleep syz-executor1 4801 41576 29768 0 2 0x2 syz-executor0 29768 332740 65859 0 3 0x82 thrsleep syz-fuzzer 29768 473706 65859 0 3 0x4000082 nanosleep syz-fuzzer 29768 202831 65859 0 3 0x4000082 thrsleep syz-fuzzer 29768 496097 65859 0 3 0x4000082 kqread syz-fuzzer 29768 106939 65859 0 3 0x4000082 thrsleep syz-fuzzer 29768 160953 65859 0 3 0x4000082 thrsleep syz-fuzzer 29768 223451 65859 0 3 0x4000082 thrsleep syz-fuzzer 65859 148821 67511 0 3 0x10008a pause ksh 67511 14863 34445 0 3 0x92 select sshd 9907 497547 1 0 3 0x100083 ttyin getty 34445 264540 1 0 3 0x80 select sshd 51200 429961 35192 73 3 0x100090 kqread syslogd 35192 168987 1 0 3 0x100082 netio syslogd 23295 86642 1 77 3 0x100090 poll dhclient 87849 499101 1 0 3 0x80 poll dhclient 46969 88239 0 0 2 0x14200 zerothread 29336 123912 0 0 3 0x14200 aiodoned aiodoned 81480 340374 0 0 3 0x14200 syncer update 22553 153365 0 0 3 0x14200 cleaner cleaner 69628 126356 0 0 3 0x14200 reaper reaper 436 77740 0 0 3 0x14200 pgdaemon pagedaemon 95740 89985 0 0 3 0x14200 bored crynlk 98347 45188 0 0 3 0x14200 bored crypto 7427 137168 0 0 3 0x40014200 acpi0 acpi0 67844 367058 0 0 3 0x14200 bored softnet 41977 519714 0 0 3 0x14200 bored systqmp 76875 85969 0 0 3 0x14200 bored systq 47570 189005 0 0 3 0x40014200 bored softclock 47748 456795 0 0 3 0x40014200 idle0 1 246193 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper