Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff81a3008f stack pointer = 0x0:0xfffffe0056c8a1e0 FreeBSD/amd64frame pointer = 0x0:0xfffffe0056c8a710 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2 (clock (0)) rdi: 0000000000000000 rsi: 0000000000000000 rdx: 000000000dcabd60 rcx: fffffe00033eee30 r8: 0000000000000000 r9: 00000000060080fe rax: fffffe00033eee30 rbx: fffffe006e55e800 rbp: fffffe0056c8a710 r10: aa03000000000000 r11: 000000000000001f r12: fffffe006d506cd0 r13: fffffe0056c8a520 r14: 0000000000000000 r15: fffffe00829b6308 trap number = 12 panic: page fault cpuid = 1 time = 1730138322 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056c898f0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056c89a50 vpanic() at vpanic+0x257/frame 0xfffffe0056c89c10 panic() at panic+0xb5/frame 0xfffffe0056c89cd0 trap_fatal() at trap_fatal+0x7ef/frame 0xfffffe0056c89df0 trap_pfault() at trap_pfault+0x17b/frame 0xfffffe0056c89f30 trap() at trap+0x64a/frame 0xfffffe0056c8a110 calltrap() at calltrap+0x8/frame 0xfffffe0056c8a110 --- trap 0xc, rip = 0xffffffff81a3008f, rsp = 0xfffffe0056c8a1e0, rbp = 0xfffffe0056c8a710 --- ip6_output() at ip6_output+0x373f/frame 0xfffffe0056c8a710 sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x2078/frame 0xfffffe0056c8a9c0 sctp_send_initiate() at sctp_send_initiate+0x155b/frame 0xfffffe0056c8ab40 sctp_t1init_timer() at sctp_t1init_timer+0x66/frame 0xfffffe0056c8ab90 sctp_timeout_handler() at sctp_timeout_handler+0xb60/frame 0xfffffe0056c8acd0 softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0056c8ae80 softclock_thread() at softclock_thread+0x200/frame 0xfffffe0056c8aef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056c8af30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056c8af30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 2 tid 100030 ] Stopped at kdb_enter+0x6e: movq $0,0x23e6fb7(%rip) db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe00033eee30 rdx 0 rbx 0xffffffff827170a0 .str.27 rsp 0xfffffe0056c89a30 rbp 0xfffffe0056c89a50 rsi 0 rdi 0xffffffff815d0759 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe0007a19000 r13 0xfffffffffffffffd r14 0xffffffff827170a0 .str.27 r15 0 rip 0xffffffff815ba05e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x23e6fb7(%rip) db> show proc Process 2 (clock) at 0xfffffe0007a06020: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff8392b760 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff8392b760 reapsubtree: 2 sigparent: 20 vmspace: 0xffffffff8392c700 (map 0xffffffff8392c700) (map.pmap 0xffffffff8392c7c0) (pmap 0xffffffff8392c830) threads: 2 100030 Run CPU 1 [clock (0)] 100031 I [clock (1)] db> ps pid ppid pgrp uid state wmesg wchan cmd 933 922 922 0 R ifconfig 929 766 766 0 R (threaded) syz-executor 100149 RunQ syz-executor 100204 L *umtxql 0xfffffe0007bda000 syz-executor 927 764 764 0 R (threaded) syz-executor 100175 RunQ syz-executor 100203 S connec 0xfffffe006b9070da syz-executor 100205 S uwait 0xfffffe0074fddc00 syz-executor 100206 RunQ syz-executor 925 765 765 0 R (threaded) syz-executor 100154 RunQ syz-executor 100202 S uwait 0xfffffe00598b5600 syz-executor 922 763 922 0 S wait 0xfffffe005bce6000 syz-executor 919 1 765 0 S uwait 0xfffffe005960ad80 syz-executor 916 1 764 0 S uwait 0xfffffe00598a2c00 syz-executor 914 1 914 0 Ss+ ttyin 0xfffffe00587dd4b0 getty 913 1 913 0 Ss+ ttyin 0xfffffe00587dd8b0 getty 912 1 912 0 Ss+ ttyin 0xfffffe00584adcb0 getty 911 1 911 0 Ss+ ttyin 0xfffffe00587de0b0 getty 910 1 910 0 Rs+ getty 909 1 909 0 Ss+ ttyin 0xfffffe00587de8b0 getty 908 1 908 0 Ss+ ttyin 0xfffffe00587ddcb0 getty 907 1 907 0 Ss+ ttyin 0xfffffe00587de4b0 getty 906 1 906 0 Ss+ ttyin 0xfffffe00584ad8b0 getty 885 1 764 0 S uwait 0xfffffe00598a2900 syz-executor 873 1 765 0 S uwait 0xfffffe00598a2200 syz-executor 833 0 0 0 DL - 0xffffffff83a92200 [soaiod4] 832 0 0 0 DL - 0xffffffff83a92200 [soaiod3] 831 0 0 0 DL - 0xffffffff83a92200 [soaiod2] 830 0 0 0 DL - 0xffffffff83a92200 [soaiod1] 814 0 0 0 DL aiordy 0xfffffe005bcc85a0 [aiod4] 813 0 0 0 DL aiordy 0xfffffe005bcaf5c0 [aiod3] 812 0 0 0 DL aiordy 0xfffffe005bce85a0 [aiod2] 811 0 0 0 DL aiordy 0xfffffe005bce8b00 [aiod1] 766 763 766 0 R syz-executor 765 763 765 0 R syz-executor 764 763 764 0 R syz-executor 763 1 761 0 R syz-executor 17 0 0 0 DL syncer 0xffffffff83a9fbe0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0007a25020 [vnlru] 15 0 0 0 RL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83a9e1c0 [bufdaemon] 100080 D - 0xffffffff82e02140 [bufspacedaemon-0] 100094 RunQ [/ worker] 9 0 0 0 DL psleep 0xffffffff83ae98a0 [vmdaemon] 8 0 0 0 RL (threaded) [pagedaemon] 100077 RunQ [dom0] 100081 D launds 0xffffffff83acf844 [laundry: dom0] 100082 D umarcl 0xffffffff81d6b340 [uma] 7 0 0 0 RL [rand_harvestq] 6 0 0 0 RL [pf purge] 5 0 0 0 DL waiting 0xffffffff843cd9e0 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff836ca340 [doneq0] 100046 D - 0xffffffff836ca2c0 [async] 100075 D - 0xffffffff836ca140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83acb020 [crypto] 100043 D crypto_ 0xfffffe0057f7a030 [crypto returns 0] 100044 D crypto_ 0xfffffe0057f7a080 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe00543fbc88 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100036 D - 0xffffffff8392ad80 [g_event] 100037 D - 0xffffffff8392ada0 [g_up] 100038 D - 0xffffffff8392adc0 [g_down] 2 0 0 0 RL (threaded) [clock] 100030 Run CPU 1 [clock (0)] 100031 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100012 I [swi6: task queue] 100013 I [swi6: Giant taskq] 100015 I [swi5: fast taskq] 100032 I [swi1: netisr 0] 100033 Run CPU 0 [swi1: hpts] 100034 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007a07040 [init] 10 0 0 0 DL audit_w 0xffffffff83acba80 [audit] 0 0 0 0 RLs (threaded) [kernel] 100000 D parked 0xffffffff84c1aff0 [swapper] 100005 RunQ [softirq_0] 100006 D - 0xfffffe00085fec00 [softirq_1] 100007 D - 0xfffffe00085feb00 [if_io_tqg_0] 100008 D - 0xfffffe00085fea00 [if_io_tqg_1] 100009 D - 0xfffffe00085fe900 [if_config_tqg_0] 100010 D - 0xfffffe00085fe800 [pci_hp taskq] 100011 D - 0xfffffe00085fe700 [kqueue_ctx taskq] 100014 D - 0xfffffe00085fe400 [thread taskq] 100016 D - 0xfffffe00085fe200 [aiod_kick taskq] 100017 D - 0xfffffe00085fe100 [deferred_unmount ta] 100018 D - 0xfffffe00085fe000 [inm_free taskq] 100019 D - 0xfffffe00085fde00 [in6m_free taskq] 100020 D - 0xfffffe00085fdd00 [linuxkpi_irq_wq] 100021 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_0] 100022 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_1] 100023 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_2] 100024 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_3] 100025 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_0] 100026 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_1] 100027 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_2] 100028 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_3] 100035 D - 0xfffffe00085fda00 [firmware taskq] 100040 D - 0xfffffe00085fd700 [crypto_0] 100041 D - 0xfffffe00085fd700 [crypto_1] 100056 D - 0xfffffe00085fd500 [vtnet0 rxq 0] 100057 D - 0xfffffe00085fd400 [vtnet0 txq 0] 100058 D - 0xfffffe00085fd300 [vtnet0 rxq 1] 100059 D - 0xfffffe00085fd200 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057fa4100 [virtio_balloon] 100065 D - 0xffffffff8271c2e1 [deadlkres] 100069 D - 0xfffffe0058850000 [acpi_task_0] 100070 D - 0xfffffe0058850000 [acpi_task_1] 100071 D - 0xfffffe0058850000 [acpi_task_2] 100073 D - 0xfffffe00085ff100 [mca taskq] 100074 D - 0xfffffe00085fd600 [CAM taskq] 100076 D - 0xfffffe005884fe00 [ipsec_offload] 932 925 765 0 Z syz-executor db> show all locks Process 929 (syz-executor) thread 0xfffffe005bd04740 (100149) exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff8398f310) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:1290 Process 910 (getty) thread 0xfffffe005bca6740 (100100) exclusive sleep mutex ttymtx (ttymtx) r = 0 (0xfffffe00584aec08) locked @ /syzkaller/managers/main/kernel/sys/kern/tty.c:217 Process 2 (clock) thread 0xfffffe0007a19000 (100030) shared rw sctpinp (sctpinp) r = 0 (0xfffffe006e5bc020) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4552 exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0074eaa180) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctputil.c:1776 Process 12 (intr) thread 0xfffffe0007a1f740 (100033) exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006e117aa0) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1263 db>