Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff816f5183
stack pointer = 0x28:0xfffffe00574e15f0
frame pointer = 0x28:0xfffffe00574e1650
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 890 (
syz-executor)
FreeBSD/amd64rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000200000
(ci-freebsd-maircx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000001
n-0.us-central1-rax: fffffe00033eee30 rbx: 0000000000000000 rbp: fffffe00574e1650
b.c.syzkaller.inr10: 0000000000000000 r11: fffffe0054925c60 r12: 0000000000200000
ternal) (ttyu0)r13: 0000000000200000 r14: fffffe005a154e80 r15: fffffe006d35bb00
trap number = 12
panic: page fault
cpuid = 0
time = 1746578986
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00574e0e10
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00574e0f70
vpanic() at vpanic+0x257/frame 0xfffffe00574e1130
panic() at panic+0xb5/frame 0xfffffe00574e11f0
trap_pfault() at trap_pfault+0xaec/frame 0xfffffe00574e1330
trap() at trap+0x78e/frame 0xfffffe00574e1520
calltrap() at calltrap+0x8/frame 0xfffffe00574e1520
--- trap 0xc, rip = 0xffffffff816f5183, rsp = 0xfffffe00574e15f0, rbp = 0xfffffe00574e1650 ---
unp_dispose() at unp_dispose+0x583/frame 0xfffffe00574e1650
uipc_detach() at uipc_detach+0xbe/frame 0xfffffe00574e1730
sorele_locked() at sorele_locked+0x264/frame 0xfffffe00574e1770
soclose() at soclose+0x41f/frame 0xfffffe00574e1860
_fdrop() at _fdrop+0x58/frame 0xfffffe00574e1890
closef() at closef+0x655/frame 0xfffffe00574e1a70
fdescfree() at fdescfree+0xa5e/frame 0xfffffe00574e1c50
exit1() at exit1+0x887/frame 0xfffffe00574e1cf0
sys_exit() at sys_exit+0x28/frame 0xfffffe00574e1d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe00574e1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00574e1f30
--- syscall (1, FreeBSD ELF64, exit), rip = 0x3a1d1a, rsp = 0x8212d6b48, rbp = 0x8212d6b50 ---
KDB: enter: panic
[ thread pid 890 tid 100129 ]
Stopped at kdb_enter+0x6e: movq $0,0x25bd747(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff827b0b80 .str.27
rsp 0xfffffe00574e0f50
rbp 0xfffffe00574e0f70
rsi 0
rdi 0xffffffff81614469 printf+0x149
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe005489d000
r13 0xfffffffffffffffe
r14 0xffffffff827b0b80 .str.27
r15 0
rip 0xffffffff815fea4e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25bd747(%rip)
db>