Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8159b4f1 stack pointer = 0x0:0xfffffe0056b48440 frame pointer = 0x0:0xfffffe0056b48580 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 12 (swi1: hpts) rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000000000 rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 0000000000000001 rax: fffffe0000000000 rbx: fffffe00541099e8 rbp: fffffe0056b48580 r10: ec35c7dbfe30d77b r11: 0000000000000017 r12: 0000000000000000 r13: 0000002fee07bd86 r14: fffffe00541099e0 r15: 0000000000000000 trap number = 12 panic: page fault cpuid = 0 time = 5 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056b47c70 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056b47dd0 vpanic() at vpanic+0x257/frame 0xfffffe0056b47f90 panic() at panic+0xb5/frame 0xfffffe0056b48050 trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe0056b48190 trap() at trap+0x78e/frame 0xfffffe0056b48370 calltrap() at calltrap+0x8/frame 0xfffffe0056b48370 --- trap 0xc, rip = 0xffffffff8159b4f1, rsp = 0xfffffe0056b48440, rbp = 0xfffffe0056b48580 --- callout_process() at callout_process+0x441/frame 0xfffffe0056b48580 handleevents() at handleevents+0x3ee/frame 0xfffffe0056b485f0 timercb() at timercb+0x3cb/frame 0xfffffe0056b486c0 lapic_handle_timer() at lapic_handle_timer+0x17f/frame 0xfffffe0056b48700 Xtimerint() at Xtimerint+0xb1/frame 0xfffffe0056b48700 --- interrupt, rip = 0xffffffff814d2640, rsp = 0xfffffe0056b487d8, rbp = 0xfffffe0056b48850 --- trace_cmp() at trace_cmp/frame 0xfffffe0056b48850 __mtx_lock_flags() at __mtx_lock_flags+0x21f/frame 0xfffffe0056b48930 tcp_hptsi() at tcp_hptsi+0x1a96/frame 0xfffffe0056b48c90 tcp_hpts_thread() at tcp_hpts_thread+0x303/frame 0xfffffe0056b48d90 ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0056b48ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056b48f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056b48f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100034 ] Stopped at kdb_enter+0x6e: movq $0,0x259ea97(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff82805aa0 .str.27 rsp 0xfffffe0056b47db0 rbp 0xfffffe0056b47dd0 rsi 0 rdi 0xffffffff816425c9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe0007821000 r13 0xfffffffffffffffe r14 0xffffffff82805aa0 .str.27 r15 0 rip 0xffffffff8162c0fe kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x259ea97(%rip) db> show proc Process 12 (intr) at 0xfffffe0007808560: state: NORMAL uid: 0 gid: 0 supp gids: 0 parent: pid 0 at 0xffffffff83b55080 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b55080 reapsubtree: 12 sigparent: 20 vmspace: 0xffffffff83b56060 (map 0xffffffff83b56060) (map.pmap 0xffffffff83b56100) (pmap 0xffffffff83b56170) threads: 20 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 Run CPU 0 [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] db> ps pid ppid pgrp uid state wmesg wchan cmd 922 920 764 0 S uwait 0xfffffe006ddf1180 syz-executor 921 919 763 0 S uwait 0xfffffe00584e9400 syz-executor 920 764 764 0 R (threaded) syz-executor 100139 D vm map 0xfffffe000780f2a8 syz-executor 100215 S uwait 0xfffffe006ddf0e00 syz-executor 100216 D vm map 0xfffffe000780f2a8 syz-executor 100217 RunQ syz-executor 919 763 763 0 R (threaded) syz-executor 100100 RunQ syz-executor 100213 D bo_wwai 0xfffffe006de02690 syz-executor 918 765 765 0 R (threaded) syz-executor 100208 RunQ syz-executor 100211 D biowr 0xfffffe0007c028c8 syz-executor 100214 D ranged1 0xfffffe006de5e870 syz-executor 100219 S uwait 0xfffffe00584eb100 syz-executor 909 766 766 0 R (threaded) syz-executor 100129 RunQ syz-executor 100189 S sbwait 0xfffffe006b7156dc syz-executor 100194 S uwait 0xfffffe00584e9000 syz-executor 905 1 765 0 S uwait 0xfffffe006ddf3080 syz-executor 901 1 764 0 S uwait 0xfffffe00584eab80 syz-executor 899 1 764 0 S uwait 0xfffffe0057d91500 syz-executor 895 1 765 0 S uwait 0xfffffe0057d92380 syz-executor 893 0 0 0 DL (threaded) [so_splice] 100108 D - 0xfffffe005858f880 [thr_0] 100164 D - 0xfffffe005858f8c0 [thr_1] 890 1 890 0 Ts+ ttyin 0xfffffe0058630cb0 getty 889 1 889 0 Ts+ ttyin 0xfffffe00586308b0 getty 888 1 888 0 Ts+ ttyin 0xfffffe00586304b0 getty 887 1 887 0 Ts+ ttyin 0xfffffe00586300b0 getty 886 1 886 0 Ts+ ttyin 0xfffffe0058279cb0 getty 885 1 885 0 Ts+ ttyin 0xfffffe005862f0b0 getty 884 1 884 0 Ts+ ttyin 0xfffffe005862fcb0 getty 883 1 883 0 Ts+ ttyin 0xfffffe005862f4b0 getty 878 1 878 0 Ts+ ttyin 0xfffffe005862f8b0 getty 813 0 0 0 DL aiordy 0xfffffe00540dc008 [aiod4] 812 0 0 0 DL aiordy 0xfffffe00540f2ab8 [aiod3] 811 0 0 0 DL aiordy 0xfffffe00540f2560 [aiod2] 810 0 0 0 DL aiordy 0xfffffe0054109ac0 [aiod1] 766 762 766 0 R syz-executor 765 762 765 0 R nanslp 0xffffffff83babc41 syz-executor 764 762 764 0 S nanslp 0xffffffff83babc40 syz-executor 763 762 763 0 S nanslp 0xffffffff83babc40 syz-executor 762 1 760 0 S select 0xfffffe0057df8840 syz-executor 737 1 17 0 S+ piperd 0xfffffe006b4392e0 logger 736 735 17 0 S+ nanslp 0xffffffff83babc41 sleep 735 1 17 0 S+ wait 0xfffffe00540f1ab0 sh 685 1 685 0 Ss nanslp 0xffffffff83babc41 cron 681 1 681 0 Ss select 0xfffffe0057ddbd40 sshd 494 1 494 0 Ss select 0xfffffe0057ddbdc0 syslogd 16 0 0 0 DL syncer 0xffffffff83cc9820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe005409d558 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cc7d60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100095 D sdflush 0xfffffe005862dce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d12cc0 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf8d88 [dom0] 100080 D launds 0xffffffff83cf8d94 [laundry: dom0] 100081 D umarcl 0xffffffff81e11f30 [uma] 7 0 0 0 DL - 0xffffffff839245d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff843b9f20 [pf purge] 5 0 0 0 DL waiting 0xffffffff848d9700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100045 RunQ [doneq0] 100046 D - 0xffffffff838ee2c0 [async] 100075 D - 0xffffffff838ee140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cf4660 [crypto] 100043 D crypto_ 0xfffffe0053ee4d30 [crypto returns 0] 100044 D crypto_ 0xfffffe0053ee4d80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b54640 [g_event] 100038 D - 0xffffffff83b54660 [g_up] 100039 D - 0xffffffff83b54680 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 Run CPU 0 [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83cf5100 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c48ff0 [swapper] 100005 D - 0xfffffe0053ea0100 [softirq_0] 100006 D - 0xfffffe0053ea0000 [softirq_1] 100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0] 100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1] 100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0] 100010 D - 0xfffffe000776eb00 [kqueue_ctx taskq] 100011 D - 0xfffffe000776ea00 [jail_remove taskq] 100012 D - 0xfffffe000776e900 [bus taskq] 100015 D - 0xfffffe000776e600 [thread taskq] 100017 D - 0xfffffe000776e400 [aiod_kick taskq] 100018 D - 0xfffffe000776e300 [deferred_unmount ta] 100019 D - 0xfffffe000776e200 [inm_free taskq] 100020 D - 0xfffffe000776e100 [in6m_free taskq] 100021 D - 0xfffffe000776e000 [linuxkpi_irq_wq] 100022 D - 0xfffffe000776de00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe000776de00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe000776de00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe000776de00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe000776dd00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe000776dd00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe000776dd00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe000776dd00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe000776db00 [firmware taskq] 100040 D - 0xfffffe000776da00 [crypto_0] 100041 D - 0xfffffe000776da00 [crypto_1] 100056 D - 0xfffffe0057de6e00 [vtnet0 rxq 0] 100057 D - 0xfffffe0057de6d00 [vtnet0 txq 0] 100058 D - 0xfffffe0057de6c00 [vtnet0 rxq 1] 100059 D - 0xfffffe0057de6b00 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057de0380 [virtio_balloon] 100065 D - 0xffffffff8280a181 [deadlkres] 100069 D - 0xfffffe00593fd500 [acpi_task_0] 100070 D - 0xfffffe00593fd500 [acpi_task_1] 100071 D - 0xfffffe00593fd500 [acpi_task_2] 100073 D - 0xfffffe000776ec00 [mca taskq] 100074 D - 0xfffffe000776d800 [CAM taskq] 100076 D - 0xfffffe00593fd400 [ipsec_offload] 100160 D - 0xfffffe006b6c7100 [netlink_socket (PID] db> show all locks Process 920 (syz-executor) thread 0xfffffe0054122000 (100217) exclusive rw vmobject (vmobject) r = 0 (0xfffffe005411a1f0) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_fault.c:1609 shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe000780f2a8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 919 (syz-executor) thread 0xfffffe0054114780 (100213) exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006de02598) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3595 Process 918 (syz-executor) thread 0xfffffe005411b000 (100211) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007c02948) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006de5e750) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1243 Process 909 (syz-executor) thread 0xfffffe0054121000 (100189) exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe006b715580) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4835 Process 12 (intr) thread 0xfffffe0007821000 (100034) exclusive sleep mutex tcp_hpts_lck (hpts) r = 0 (0xfffffe0053ee5100) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1442 db>