Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xffffffffffffffff fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff8193f071 stack pointer = 0x28:0xfffffe007e77d3b0 frame pointer = 0x28:0xfffffe007e77d3f0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 6046 (syz-executor) rdi: fffffe0080958a80 rsi: 0000000000000304 rdx: 0000000000000303 rcx: 0000000000000000 r8: 0000000000000000 r9: 0000000000000001 rax: ffffffffffffffff rbx: fffffe0070377200 rbp: fffffe007e77d3f0 r10: 0000000000000000 r11: 0000000000000085 r12: fffffe0080958a80 r13: fffffe0080958a88 r14: fffffe0080958ac4 r15: ffffffffffffffff trap number = 12 panic: page fault cpuid = 0 time = 14 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe007e77cbd0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe007e77cd30 vpanic() at vpanic+0x257/frame 0xfffffe007e77cef0 panic() at panic+0xb5/frame 0xfffffe007e77cfb0 trap_pfault() at trap_pfault+0xab4/frame 0xfffffe007e77d0f0 trap() at trap+0x753/frame 0xfffffe007e77d2e0 calltrap() at calltrap+0x8/frame 0xfffffe007e77d2e0 --- trap 0xc, rip = 0xffffffff8193f071, rsp = 0xfffffe007e77d3b0, rbp = 0xfffffe007e77d3f0 --- in_pcbremhash_locked() at in_pcbremhash_locked+0x2c1/frame 0xfffffe007e77d3f0 in_pcbdrop() at in_pcbdrop+0x98/frame 0xfffffe007e77d410 tcp_close() at tcp_close+0x177/frame 0xfffffe007e77d4e0 tcp_disconnect() at tcp_disconnect+0x1ef/frame 0xfffffe007e77d510 tcp_usr_close() at tcp_usr_close+0x189/frame 0xfffffe007e77d5f0 soclose() at soclose+0x3d0/frame 0xfffffe007e77d6e0 _fdrop() at _fdrop+0x58/frame 0xfffffe007e77d710 closef() at closef+0x655/frame 0xfffffe007e77d8f0 fdescfree() at fdescfree+0xa5e/frame 0xfffffe007e77dad0 fork1() at fork1+0x833/frame 0xfffffe007e77dbf0 sys_rfork() at sys_rfork+0x1b7/frame 0xfffffe007e77dd10 amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe007e77df30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe007e77df30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x821afdf08, rbp = 0x821afdf80 --- KDB: enter: panic [ thread pid 6046 tid 107688 ] Stopped at kdb_enter+0x6e: movq $0,0x23e80d7(%rip) db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0073400000 rdx 0x7ffff rbx 0xffffffff82747440 .str.27 rsp 0xfffffe007e77cd10 rbp 0xfffffe007e77cd30 rsi 0x80001 rdi 0xffffffff815d95b9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe0070e1f740 r13 0xfffffffffffffffe r14 0xffffffff82747440 .str.27 r15 0 rip 0xffffffff815c3f3e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x23e80d7(%rip) db> show proc Process 6046 (syz-executor) at 0xfffffe0070e18560: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 766 at 0xfffffe00080085c0 ABI: FreeBSD ELF64 flag: 0x10480080 flag2: 0 arguments: ./syz-executor exec reaper: 0xfffffe0008007040 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe007d5e96d8 (map 0xfffffe007d5e96d8) (map.pmap 0xfffffe007d5e9778) (pmap 0xfffffe007d5e97e8) threads: 2 107457 s syz-executor 107688 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 6047 767 767 0 R (threaded) syz-executor 107677 Run CPU 1 syz-executor 107689 L *tcphash 0xfffffe007d5f96c0 syz-executor 107690 L *tcpinp 0xfffffe007d5fa240 syz-executor 107691 S uwait 0xfffffe0080adae80 syz-executor 107692 S uwait 0xfffffe0080b30a80 syz-executor 6046 766 766 0 T (threaded) syz-executor 107457 s syz-executor 107688 Run CPU 0 syz-executor 6045 6044 765 0 SV uwait 0xfffffe0080b2fc80 syz-executor 6044 765 765 0 T (threaded) syz-executor 107606 s syz-executor 107686 D ppwait 0xfffffe0070e44ac0 syz-executor 6038 1 5223 0 S uwait 0xfffffe00792fd280 syz-executor 6037 1 5223 0 S uwait 0xfffffe008093cc00 syz-executor 6028 1 767 0 S uwait 0xfffffe00792fda00 syz-executor 6024 1 767 0 S uwait 0xfffffe008093c380 syz-executor 6023 1 767 0 S uwait 0xfffffe008093dc80 syz-executor 6013 1 5223 0 S uwait 0xfffffe0080b30680 syz-executor 6012 1 5223 0 S uwait 0xfffffe0080b30580 syz-executor 6011 1 766 0 S uwait 0xfffffe0080b31080 syz-executor 6008 1 767 0 S uwait 0xfffffe0080b30480 syz-executor 6007 1 767 0 S uwait 0xfffffe0071add200 syz-executor 6006 1 765 0 S uwait 0xfffffe0071adc280 syz-executor 6004 1 765 0 S uwait 0xfffffe008093cb00 syz-executor 5995 1 5223 0 S uwait 0xfffffe008093b900 syz-executor 5994 1 5223 0 S uwait 0xfffffe00792fdb00 syz-executor 5989 1 766 0 S uwait 0xfffffe00792fd300 syz-executor 5984 1 766 0 S uwait 0xfffffe008093b180 syz-executor 5983 1 766 0 S uwait 0xfffffe008093cf00 syz-executor 5978 1 767 0 S uwait 0xfffffe0080adad80 syz-executor 5977 1 767 0 S uwait 0xfffffe008093bd80 syz-executor 5975 1 767 60929 S uwait 0xfffffe0080b31180 syz-executor 5965 1 766 60929 S uwait 0xfffffe0080b31280 syz-executor 5963 1 5223 0 S uwait 0xfffffe008093b300 syz-executor 5962 1 5223 0 S uwait 0xfffffe008093c900 syz-executor 5958 1 765 0 S uwait 0xfffffe008093d180 syz-executor