Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x1a0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff817bdd10 stack pointer = 0x28:0xfffffe0056e27400 frame pointer = 0x28:0xfffffe0056e274f0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1016 (syz-executor) rdi: 00000000000001a0 rsi: 0000000000000000 rdx: 0000000000080000 rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 0000000000000038 FreeBSD/amd64 (ci-freebsd-main-1.us-central1-b.c.syzkaller.internal) (ttyu0) login: set $lines = 0 Password: Login incorrect login: rax: fffffe0002bf1850 rbx: 1fffffc00adc4e84 rbp: fffffe0056e274f0 r10: e1f6b59d48e91d4b r11: fffffe0054132550 r12: 0000000000080400 r13: fffffe0077ef8040 r14: 0000000000000000 r15: fffffe0077ef8188 trap number = 12 panic: page fault cpuid = 1 time = 9 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056e26c30 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056e26d90 vpanic() at vpanic+0x257/frame 0xfffffe0056e26f50 panic() at panic+0xb5/frame 0xfffffe0056e27010 trap_pfault() at trap_pfault+0xaec/frame 0xfffffe0056e27150 trap() at trap+0x78e/frame 0xfffffe0056e27330 calltrap() at calltrap+0x8/frame 0xfffffe0056e27330 --- trap 0xc, rip = 0xffffffff817bdd10, rsp = 0xfffffe0056e27400, rbp = 0xfffffe0056e274f0 --- _vn_lock() at _vn_lock+0xb0/frame 0xfffffe0056e274f0 mddestroy() at mddestroy+0x3ba/frame 0xfffffe0056e275d0 mdctlioctl() at mdctlioctl+0x1680/frame 0xfffffe0056e27730 devfs_ioctl() at devfs_ioctl+0x266/frame 0xfffffe0056e27820 VOP_IOCTL_APV() at VOP_IOCTL_APV+0x87/frame 0xfffffe0056e27850 vn_ioctl() at vn_ioctl+0x3c7/frame 0xfffffe0056e27a60 devfs_ioctl_f() at devfs_ioctl_f+0x69/frame 0xfffffe0056e27ab0 kern_ioctl() at kern_ioctl+0x4ca/frame 0xfffffe0056e27b90 sys_ioctl() at sys_ioctl+0x36e/frame 0xfffffe0056e27d10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056e27f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056e27f30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x827d6ff08, rbp = 0x827d6ff80 --- KDB: enter: panic [ thread pid 1016 tid 100447 ] Stopped at kdb_enter+0x6e: movq $0,0x25b9147(%rip) db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0075200000 rdx 0x7ffff rbx 0xffffffff827bcf60 .str.27 rsp 0xfffffe0056e26d70 rbp 0xfffffe0056e26d90 rsi 0x80001 rdi 0xffffffff8161a6c9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe005414a780 r13 0xfffffffffffffffd --More-- r14 0xffffffff827bcf60 .str.27 r15 0 rip 0xffffffff8160424e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b9147(%rip) db> proc No such command; use "help" to list available commands db> ps pid ppid pgrp uid state wmesg wchan cmd 1021 1019 765 0 S uwait 0xfffffe00584ebc80 syz-executor 1020 764 764 0 R (threaded) syz-executor 100287 RunQ syz-executor 100452 S uwait 0xfffffe006df31900 syz-executor 1019 765 765 0 R (threaded) syz-executor 100280 RunQ syz-executor 100450 RunQ syz-executor 100451 S uwait 0xfffffe006df2fc80 syz-executor 1018 766 766 -1 R (threaded) syz-executor 100448 RunQ syz-executor 100449 S uwait 0xfffffe00584eb200 syz-executor 1016 767 767 -1 R (threaded) syz-executor 100364 RunQ syz-executor 100447 Run CPU 1 syz-executor 1010 1 764 0 S uwait 0xfffffe006df30d00 syz-executor 1008 1 765 0 S uwait 0xfffffe0057d75b00 syz-executor 996 1 767 0 S uwait 0xfffffe006df32500 syz-executor 994 1 767 0 S uwait 0xfffffe005824e880 syz-executor 992 1 767 0 S uwait 0xfffffe006df2fb80 syz-executor --More-- 986 1 765 0 S uwait 0xfffffe006df32600 syz-executor 980 1 767 0 S uwait 0xfffffe006df31800 syz-executor 973 0 0 0 DL (threaded) [so_splice] 100362 D - 0xfffffe00584eba00 [thr_0] 100363 D - 0xfffffe00584eba40 [thr_1] 972 1 765 0 S uwait 0xfffffe006df31880 syz-executor 965 1 765 0 S uwait 0xfffffe00584ec700 syz-executor 961 0 0 0 DL mdwait 0xfffffe0077cdc000 [md2] 951 1 764 0 S uwait 0xfffffe006df2fa80 syz-executor 949 1 764 0 S uwait 0xfffffe006df30600 syz-executor 944 1 765 0 S uwait 0xfffffe00584ec180 syz-executor 943 1 766 0 SV uwait 0xfffffe006df31e80 syz-executor 935 1 766 0 S uwait 0xfffffe006df31680 syz-executor 920 1 764 0 S uwait 0xfffffe00584eca00 syz-executor 916 1 765 0 S uwait 0xfffffe006df30f00 syz-executor 913 1 913 0 Ss+ ttyin 0xfffffe0058287cb0 login 912 1 912 0 Ss+ ttyin 0xfffffe00593f58b0 getty 911 1 911 0 Ss+ ttyin 0xfffffe00593f5cb0 getty 910 1 910 0 Ss+ ttyin 0xfffffe00593f60b0 getty 909 1 909 0 Ss+ ttyin 0xfffffe00582868b0 getty --More-- 908 1 908 0 Ss+ ttyin 0xfffffe0058286cb0 getty 907 1 907 0 Ss+ ttyin 0xfffffe00593f64b0 getty 906 1 906 0 Ss+ ttyin 0xfffffe00593f68b0 getty 905 1 905 0 Ss+ ttyin 0xfffffe00593f6cb0 getty 902 1 765 0 S uwait 0xfffffe006df31080 syz-executor 900 1 766 0 S uwait 0xfffffe00584ec080 syz-executor 898 1 766 0 S uwait 0xfffffe00584ec900 syz-executor 891 1 765 0 S umtxn 0xfffffe005824fb80 syz-executor 888 1 765 0 S uwait 0xfffffe006df30e00 syz-executor 887 1 764 0 S uwait 0xfffffe006df32100 syz-executor 886 1 766 0 S uwait 0xfffffe00584ed380 syz-executor 872 0 0 0 DL mdwait 0xfffffe006e5d7000 [md273] 866 0 0 0 DL mdwait 0xfffffe00083f7000 [md1] 863 0 0 0 DL (threaded) [KTLS] 100117 D - 0xfffffe0053fd3a00 [thr_0] 100192 D - 0xfffffe0053fd3a80 [thr_1] 100193 D - 0xffffffff83cafe28 [reclaim_0] 862 1 765 0 S uwait 0xfffffe00584ed180 syz-executor 859 1 765 0 S uwait 0xfffffe005824fa80 syz-executor 858 1 765 0 S uwait 0xfffffe005824f900 syz-executor --More-- 856 1 765 0 S uwait 0xfffffe005824e580 syz-executor --More-- 855 1 765 0 S uwait 0xfffffe005824e380 syz-executor 839 0 0 0 DL mdwait 0xfffffe006e5d8000 [md0] 836 1 764 0 S uwait 0xfffffe006df31780 syz-executor 829 1 766 0 SV uwait 0xfffffe006df30800 syz-executor 823 0 0 0 DL aiordy 0xfffffe0054109ae0 [aiod4] 822 0 0 0 DL aiordy 0xfffffe0054007ae0 [aiod3] 821 0 0 0 DL aiordy 0xfffffe005410a040 [aiod2] 820 0 0 0 DL aiordy 0xfffffe005410a5a0 [aiod1] 819 1 766 0 S uwait 0xfffffe006df31d80 syz-executor 818 805 818 0 Ss piperd 0xfffffe006e48e2e0 dhclient 816 1 767 0 S uwait 0xfffffe006df31280 syz-executor 805 1 424 65 S select 0xfffffe0057d75ec0 dhclient 767 763 767 0 R syz-executor 766 763 766 0 R syz-executor 765 763 765 0 R syz-executor 764 763 764 0 R syz-executor 763 761 761 0 R syz-executor 761 759 761 0 Ss sigsusp 0xfffffe0007826b70 csh 759 1 759 0 Ss select 0xfffffe006df32440 sshd 17 0 0 0 DL syncer 0xffffffff83cbbfa0 [syncer] --More-- 16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru] --More-- 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cba560 [bufdaemon] 100081 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100095 D sdflush 0xfffffe00596c0ce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d05400 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83ceb4c8 [dom0] 100082 D launds 0xffffffff83ceb4d4 [laundry: dom0] 100083 D umarcl 0xffffffff81dda750 [uma] 7 0 0 0 DL - 0xffffffff8391bcd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84859980 [pf purge] 5 0 0 0 DL waiting 0xffffffff84556700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e6340 [doneq0] 100047 D - 0xffffffff838e62c0 [async] 100076 D - 0xffffffff838e6140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce6d80 [crypto] 100044 D crypto_ 0xfffffe0007a72d30 [crypto returns 0] 100045 D crypto_ 0xfffffe0007a72d80 [crypto returns 1] --More-- 14 0 0 0 DL seqstat 0xfffffe0057cba488 [sequencer 00] --More-- 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b46f20 [g_event] 100038 D - 0xffffffff83b46f40 [g_up] 100039 D - 0xffffffff83b46f60 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 I [clock (0)] 100032 Run CPU 0 [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] --More-- 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce7820 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c36ff0 [swapper] 100005 D - 0xfffffe0053ea0100 [softirq_0] 100006 D - 0xfffffe0053ea0000 [softirq_1] 100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0] 100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1] 100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0] --More-- 100010 D - 0xfffffe0007769900 [kqueue_ctx taskq]