Beware secsupport, I think you mix up FGT A and B. FGT A is the one with internet access.
As a FGT is not only a router, you need a couple of things in order to make this work:
routes - phase 2 selectors - policies - NAT
1- a default route on FGT B pointing to the tunnel
1b- a route on FGT B pointing to FGT A's public address (the VPN gateway address)
1c- a route on FGT A with FGT B's LAN address, pointing to the tunnel
2a- on FGT B, phase 2 selector for "destination" is "0.0.0.0/0" (source is FGT_B_LAN)
2b- on FGT A, phase 2 selector for "source" is "0.0.0.0/0" (dest is FGT_B_LAN)
3a- a policy on FGT B to allow traffic to the internet (from LAN to tunnel, dest=ALL)
3b- a policy on FGT A to allow tunnel traffic to the internet (from tunnel to WAN, dest=ALL) - NAT enabled
As a rule of thumb, enable NAT only in the last policy facing the internet.
So, never on FGT B.
"Kernel panic: Aiee, killing interrupt handler!"