kernel: protection fault trap, code=0 Stopped at m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> ddb> set $lines = 0 ddb> show panic the kernel did not panic ddb> trace m_tag_delete_chain(af1df84c4e0cc938) at m_tag_delete_chain+0x25 m_free(ffffff006a323d00) at m_free+0xfd m_freem(16) at m_freem+0x2d soreceive(0,ffffff006f2dba80,ffff80002113a580,259,ffff80002113a610,ffff80002113a520) at soreceive+0x1131 recvit(ffff80002113a640,ffff80002113a748,ffff80002113a730,ffff80002116a720,0) at recvit+0x28c sys_recvmsg(ffff80002113a7d0,ffff80002116a720,ffff80002105f980) at sys_recvmsg+0x120 syscall(0) at syscall+0x3e4 Xsyscall(6,0,ffffffffffffffbf,0,3,c6d6d7a9010) at Xsyscall+0x128 end of kernel end trace frame: 0xc6ff2cebc70, count: -8 ddb> show registers rdi 0xffffff006a323d00 rsi 0xffffffff81a79ed0 m_tag_delete_chain+0x10 rbp 0xffff80002113a410 rbx 0x2 rdx 0xffff800002ad0000 rcx 0xa4 rax 0xffff800002ad0000 r8 0 r9 0xffff80002116a720 r10 0xaf1df84c4e0cc938 r11 0xffffffff8186f430 pool_lock_mtx_leave r12 0xdeaf __ALIGN_SIZE+0xceaf r13 0xffffff006f2dba80 r14 0xffffff006a323d00 r15 0xdeaf4152deaf4152 rip 0xffffffff81a79ee5 m_tag_delete_chain+0x25 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80002113a400 ss 0x10 m_tag_delete_chain+0x25: movq 0(%r15),%rax ddb> show proc PROC (syz-executor1) pid=464245 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff80002116b530,0xffffffff81e956a0 process=0xffff80002105f980 user=0xffff800021135000, vmspace=0xffffff007f12ba50 estcpu=32, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61763 12890 35223 0 2 0 syz-executor1 *61763 464245 35223 0 7 0x4000000 syz-executor1 46863 522193 1 0 3 0x100083 ttyin getty 39756 131733 0 0 3 0x14200 bored sosplice 14504 157769 48643 0 2 0x2 syz-executor0 35223 449363 48643 0 3 0x82 nanosleep syz-executor1 48643 511476 33397 0 3 0x82 thrsleep syz-fuzzer 48643 15569 33397 0 3 0x4000082 nanosleep syz-fuzzer 48643 94276 33397 0 3 0x4000082 thrsleep syz-fuzzer 48643 309123 33397 0 3 0x4000082 thrsleep syz-fuzzer 48643 390963 33397 0 3 0x4000082 kqread syz-fuzzer 48643 518385 33397 0 3 0x4000082 thrsleep syz-fuzzer 48643 196661 33397 0 3 0x4000082 thrsleep syz-fuzzer 33397 495303 39954 0 3 0x10008a pause ksh 39954 189903 25637 0 3 0x92 select sshd 25637 430580 1 0 3 0x80 select sshd 81916 475279 19976 73 3 0x100090 kqread syslogd 19976 392418 1 0 3 0x100082 netio syslogd 56838 40223 1 77 3 0x100090 poll dhclient 72397 334840 1 0 3 0x80 poll dhclient 74156 200074 0 0 2 0x14200 zerothread 23120 165753 0 0 3 0x14200 aiodoned aiodoned 47723 130791 0 0 3 0x14200 syncer update 50667 334734 0 0 3 0x14200 cleaner cleaner 16565 279801 0 0 3 0x14200 reaper reaper 51502 462689 0 0 3 0x14200 pgdaemon pagedaemon 26657 191307 0 0 3 0x14200 bored crynlk 77251 334704 0 0 3 0x14200 bored crypto 85122 123418 0 0 3 0x40014200 acpi0 acpi0 77532 362698 0 0 3 0x14200 bored softnet 8283 495971 0 0 3 0x14200 bored systqmp 56667 479154 0 0 3 0x14200 bored systq 36523 399237 0 0 3 0x40014200 bored softclock 50134 45701 0 0 3 0x40014200 idle0 1 227763 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper