Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xfffff8004d000000 fault code = supervisor write data, protection violation instruction pointer = 0x20:0xffffffff8213c4eb stack pointer = 0x0:0xfffffe0056cbb830 frame pointer = 0x0:0xfffffe0056cbb830 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 264 (sort) rdi: fffff8004d000000 rsi: 0000000100000000 rdx: 0000000000000000 rcx: 0000000000001000 r8: 0000000000000000 r9: 0000000000000001 rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe0056cbb830 r10: 0000000000000000 r11: 0000000000000017 r12: fffffe0056cbba98 r13: 0000000000000002 r14: 0000000000000001 r15: fffffe0001a77fa8 trap number = 12 panic: page fault cpuid = 1 time = 1755503932 KDB: stack backtrace: kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xffffffff844c5ac8 fault code = supervisor read data, protection violation instruction pointer = 0x20:0xffffffff822c2148 stack pointer = 0x0:0xfffffe0056cbab70 frame pointer = 0x0:0xfffffe0056cbabd0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 serialport: Connected to syzkaller.us-central1-b.ci-freebsd-i386-2 port 1 (session ID: 1e71ab893f2d92e557e4580da43a56feded6360661e96346a3ca4ecdea0cb421, active connections: 1). processor eflags = resume, IOPL = 0 current process = 264 (sort) rdi: ffffffff844c5ac8 rsi: 00000000000004eb rdx: fffffe0056cbac40 rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 00000000ffffffff rax: fffffe0000000000 rbx: ffffffff844c5ac8 rbp: fffffe0056cbabd0 r10: 0000000000000000 r11: 0000000000000017 r12: fffffe0056cbac60 r13: 0000000000000001 r14: ffffffff844c5ac8 r15: fffffe0056cbac40 trap number = 12 panic: page fault cpuid = 1 time = 1755503932 KDB: stack backtrace: kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0xffffffff844c5ac8 fault code = supervisor read data, protection violation instruction pointer = 0x20:0xffffffff822c2148 stack pointer = 0x0:0xfffffe0056cb9eb0 frame pointer = 0x0:0xfffffe0056cb9f10 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 264 (sort) rdi: ffffffff844c5ac8 rsi: 00000000000004eb rdx: fffffe0056cb9f80 rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 00000000ffffffff rax: fffffe0000000000 rbx: ffffffff844c5ac8 rbp: fffffe0056cb9f10 r10: 0000000000000000 r11: 0000000000000017 r12: fffffe0056cb9fa0 r13: 0000000000000001 r14: ffffffff844c5ac8 r15: fffffe0056cb9f80 trap number = 12 panic: page fault cpuid = 1 time = 1755503932 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cb96d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cb9830 vpanic() at vpanic+0x257/frame 0xfffffe0056cb99f0 panic() at panic+0xb5/frame 0xfffffe0056cb9ab0 trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe0056cb9bf0 trap() at trap+0x78e/frame 0xfffffe0056cb9de0 calltrap() at calltrap+0x8/frame 0xfffffe0056cb9de0 --- trap 0xc, rip = 0xffffffff822c2148, rsp = 0xfffffe0056cb9eb0, rbp = 0xfffffe0056cb9f10 --- link_elf_search_symbol() at link_elf_search_symbol+0x98/frame 0xfffffe0056cb9f10 linker_ddb_search_symbol() at linker_ddb_search_symbol+0x15d/frame 0xfffffe0056cba010 X_db_search_symbol() at X_db_search_symbol+0x41d/frame 0xfffffe0056cba130 db_search_symbol() at db_search_symbol+0x107/frame 0xfffffe0056cba210 db_backtrace() at db_backtrace+0xe1/frame 0xfffffe0056cba290 db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cba390 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cba4f0 vpanic() at vpanic+0x257/frame 0xfffffe0056cba6b0 panic() at panic+0xb5/frame 0xfffffe0056cba770 trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe0056cba8b0 trap() at trap+0x78e/frame 0xfffffe0056cbaaa0 calltrap() at calltrap+0x8/frame 0xfffffe0056cbaaa0 --- trap 0xc, rip = 0xffffffff822c2148, rsp = 0xfffffe0056cbab70, rbp = 0xfffffe0056cbabd0 --- link_elf_search_symbol() at link_elf_search_symbol+0x98/frame 0xfffffe0056cbabd0 linker_ddb_search_symbol() at linker_ddb_search_symbol+0x15d/frame 0xfffffe0056cbacd0 X_db_search_symbol() at X_db_search_symbol+0x41d/frame 0xfffffe0056cbadf0 db_search_symbol() at db_search_symbol+0x107/frame 0xfffffe0056cbaed0 db_backtrace() at db_backtrace+0xe1/frame 0xfffffe0056cbaf50 db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cbb050 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cbb1b0 vpanic() at vpanic+0x257/frame 0xfffffe0056cbb370 panic() at panic+0xb5/frame 0xfffffe0056cbb430 trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe0056cbb570 trap() at trap+0x78e/frame 0xfffffe0056cbb760 calltrap() at calltrap+0x8/frame 0xfffffe0056cbb760 --- trap 0xc, rip = 0xffffffff8213c4eb, rsp = 0xfffffe0056cbb830, rbp = 0xfffffe0056cbb830 --- pagezero_erms() at pagezero_erms+0xb/frame 0xfffffe0056cbb830 vm_fault() at vm_fault+0x306d/frame 0xfffffe0056cbbbc0 vm_fault_trap() at vm_fault_trap+0xbd/frame 0xfffffe0056cbbc10 trap_pfault() at trap_pfault+0x691/frame 0xfffffe0056cbbd50 trap() at trap+0xf4b/frame 0xfffffe0056cbbf30 calltrap() at calltrap+0x8/frame 0xfffffe0056cbbf30 --- trap 0xc, rip = 0x823230170, rsp = 0x8207e8900, rbp = 0x8207e8960 --- KDB: enter: panic [ thread pid 264 tid 100097 ] Stopped at kdb_enter+0x6e: movq $0,0x25b6f77(%rip) db>