kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(138f4b0acd9bd4bb) at m_tag_delete_chain+0x25 m_free(ffffff006d3e9c00) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006e709908,0,49,ffff800021160048,ffff80002115ff50) at soreceive+0x1131 recvit(ffff8000210c0738,ffff8000211600e0,0,ffff8000211600f8,e0940fd9448) at recvit+0x28c sys_recvfrom(ffff800021160180,ffff8000210c0738,ffff8000210a5010) at sys_recvfrom+0xbc syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbe,0,6,e06f2dd8010) at Xsyscall+0x128 end of kernel end trace frame: 0xe0940fd94d0, count: -8 ddb> show registers rdi 0xffffff006d3e9c00 rsi 0xffffffff817c0a10 m_tag_delete_chain+0x10 rbp 0xffff80002115fe40 rbx 0x2 rdx 0xffff8000018ce000 rcx 0x9f rax 0xffff8000018ce000 r8 0 r9 0xffff8000210c0738 r10 0x138f4b0acd9bd4bb r11 0xffffffff816a34a0 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006e709908 r14 0xffffff006d3e9c00 r15 0xdeafbeaddeafbead rip 0xffffffff817c0a25 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80002115fe30 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor0) pid=117318 stat=onproc flags process=0 proc=4000000 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000210c04e0,0xffffffff81eafaa0 process=0xffff8000210a5010 user=0xffff80002115b000, vmspace=0xffffff007f12bd68 estcpu=7, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 18822 43033 3742 0 2 0 syz-executor0 *18822 117318 3742 0 7 0x4000000 syz-executor0 3742 172433 97052 0 3 0x82 nanosleep syz-executor0 78961 274839 97052 0 3 0x82 nanosleep syz-executor1 56367 476344 1 0 3 0x100083 ttyin getty 38414 408381 0 0 3 0x14200 bored sosplice 97052 197061 94367 0 3 0x82 thrsleep syz-fuzzer 97052 187412 94367 0 3 0x4000082 nanosleep syz-fuzzer 97052 63323 94367 0 3 0x4000082 thrsleep syz-fuzzer 97052 299458 94367 0 3 0x4000082 thrsleep syz-fuzzer 97052 446566 94367 0 3 0x4000082 kqread syz-fuzzer 97052 287867 94367 0 3 0x4000082 thrsleep syz-fuzzer 97052 505595 94367 0 3 0x4000082 thrsleep syz-fuzzer 97052 492272 94367 0 3 0x4000082 thrsleep syz-fuzzer 94367 380759 12092 0 3 0x10008a pause ksh 12092 287191 97637 0 3 0x92 select sshd 97637 382306 1 0 3 0x80 select sshd 71805 278004 48387 73 2 0x100010 syslogd 48387 129429 1 0 3 0x100082 netio syslogd 91575 450988 1 77 3 0x100090 poll dhclient 20062 504096 1 0 3 0x80 poll dhclient 22583 479681 0 0 3 0x14200 pgzero zerothread 58947 463329 0 0 3 0x14200 aiodoned aiodoned 78715 33705 0 0 3 0x14200 syncer update 24453 203647 0 0 3 0x14200 cleaner cleaner 14779 477636 0 0 3 0x14200 reaper reaper 65840 84464 0 0 3 0x14200 pgdaemon pagedaemon 81021 140979 0 0 3 0x14200 bored crynlk 67356 509974 0 0 3 0x14200 bored crypto 38819 484268 0 0 3 0x40014200 acpi0 acpi0 5154 422554 0 0 3 0x14200 bored softnet 22193 185816 0 0 3 0x14200 bored systqmp 97612 88923 0 0 3 0x14200 bored systq 55363 522014 0 0 3 0x40014200 bored softclock 92216 362853 0 0 3 0x40014200 idle0 1 46343 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper