kernel: page fault trap, code=3 Stopped at copyout+0x57: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND * 33890 11980 0 0 0x4000000 0 syz-executor 129193 44640 0 0 0x4000c80 1 syz-executor copyout() at copyout+0x57 syscall(ffff80003c451440) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c451440) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4ac761b74c0, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to access user address 0x200000000f00 in supervisor mode ddb{0}> trace copyout() at copyout+0x57 syscall(ffff80003c451440) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c451440) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4ac761b74c0, count: -3 ddb{0}> show registers rdi 0x200000000f00 rsi 0xffff80003c4510c0 rbp 0xffff80003c451360 rbx 0xfffb4101 rdx 0xffff80003c44c000 rcx 0x4 rax 0x20 r8 0x7f7fffffc000 r9 0x1 r10 0xcdd95883b7c8b7cc r11 0xffffffff81669080 copy_fault r12 0x7 r13 0x16 r14 0xffff80003c4510c0 r15 0xffff80003c451440 rip 0xffffffff81668fa7 copyout+0x57 cs 0x8 rflags 0x50202 acpi_pdirpa+0x3c073 rsp 0xffff80003c4510b0 ss 0x10 copyout+0x57: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=33890 pid=11980 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800038809a10,0xffffffff838e7480 process=0xffff80003a8275c0 user=0xffff80003c44c000, vmspace=0xfffffd8077ffc9a0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 11980 71454 82102 0 2 0 syz-executor *11980 33890 82102 0 7 0x4000000 syz-executor 44640 21072 52209 0 2 0 syz-executor 44640 129193 52209 0 7 0x4000c80 syz-executor 44640 488726 52209 0 3 0x4000080 fsleep syz-executor 56518 502054 87188 0 2 0 syz-executor 56518 33167 87188 0 3 0x4000080 fsleep syz-executor 70681 35158 42220 0 2 0 syz-executor 70681 381895 42220 0 3 0x4000080 fsleep syz-executor 26215 312234 4891 0 2 0 syz-executor 26215 73523 4891 0 3 0x4000080 fsleep syz-executor 14518 306699 49194 0 2 0 syz-executor 14518 341260 49194 0 3 0x4000080 fsleep syz-executor 75090 141593 33590 0 2 0xc80 syz-executor 75090 107948 33590 0 3 0x4000080 fifor syz-executor 75090 173119 33590 0 3 0x4000080 fsleep syz-executor 75090 21223 33590 0 3 0x4000080 fsleep syz-executor 37168 450040 61930 0 3 0x3000 suspend syz-executor 37168 139408 61930 0 2 0x4081000 syz-executor 37168 146973 61930 0 3 0x4081000 inode syz-executor 18461 147231 0 0 3 0x14200 bored sosplice 82102 1243 45274 0 3 0x82 nanoslp syz-executor 33590 234022 45274 0 2 0xc82 syz-executor 49194 73332 45274 0 2 0xc82 syz-executor 61930 219975 45274 0 2 0xc82 syz-executor 87188 458646 45274 0 3 0x82 nanoslp syz-executor 4891 343926 45274 0 3 0x82 nanoslp syz-executor 42220 446478 45274 0 2 0x2 syz-executor 52209 117206 45274 0 3 0x82 nanoslp syz-executor 45274 329307 48898 0 3 0x82 kqread syz-executor 48898 309975 46266 0 3 0x10008a sigsusp ksh 46266 461795 86313 0 3 0x98 kqread sshd-session 86313 408185 32400 0 3 0x92 kqread sshd-session 29626 314521 1 0 3 0x100083 ttyin getty 32400 373777 1 0 3 0x88 kqread sshd 93770 59036 87293 74 3 0x1100092 bpf pflogd 87293 234529 1 0 3 0x80 sbwait pflogd 9736 176305 97779 73 3 0x1100090 kqread syslogd 97779 18664 1 0 3 0x100082 sbwait syslogd 47312 417921 1 0 3 0x100080 kqread resolvd 69343 433934 18881 77 3 0x100092 kqread dhcpleased 75883 80148 18881 77 3 0x100092 kqread dhcpleased 18881 33719 1 0 3 0x80 kqread dhcpleased 24331 145796 0 0 3 0x14200 bored smr 62867 278355 0 0 2 0x14200 zerothread 10912 178711 0 0 3 0x14200 aiodoned aiodoned 50119 268390 0 0 3 0x14200 syncer update 1343 94261 0 0 3 0x14200 cleaner cleaner 58223 441182 0 0 3 0x14200 reaper reaper 331 177957 0 0 3 0x14200 pgdaemon pagedaemon 41270 406656 0 0 3 0x14200 bored viomb 97689 514898 0 0 3 0x40014200 acpi0 acpi0 50952 49271 0 0 3 0x40014200 idle1 97480 166737 0 0 3 0x14200 bored softnet7 51829 47484 0 0 3 0x14200 bored softnet6 75414 201020 0 0 3 0x14200 bored softnet5 80621 461326 0 0 3 0x14200 bored softnet4 63044 193072 0 0 3 0x14200 bored softnet3 47655 361830 0 0 3 0x14200 bored softnet2 80865 52146 0 0 3 0x14200 bored softnet1 30102 139772 0 0 3 0x14200 bored softnet0 33109 303619 0 0 3 0x14200 bored systqmp 78898 222188 0 0 3 0x14200 bored systq 18250 454500 0 0 3 0x14200 tmoslp softclockmp 10149 273850 0 0 2 0x40014200 softclock 7299 161570 0 0 3 0x40014200 idle0 1 365592 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 37168 (syz-executor) thread 0xffff800038c12030 (139408) exclusive rrwlock inode r = 0 (0xfffffd806ac128f8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 11277K 11277K 166960K 11468 0 pcb 18 12K 12K 166960K 45 0 rtable 215 7K 7K 166960K 351 0 pf 34 17K 18K 166960K 75 0 ifaddr 43 7K 8K 166960K 61 0 ifgroup 55 2K 2K 166960K 97 0 sysctl 3 1K 9K 166960K 7 0 counters 68 36K 37K 166960K 98 0 ioctlops 0 0K 4K 166960K 1497 0 iov 0 0K 28K 166960K 10 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1340 84K 85K 166960K 1444 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 18 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 110K 166960K 252 0 proc 72 115K 164K 166960K 544 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 18 0 in_multi 99 7K 7K 166960K 106 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 378 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 256 172K 179K 166960K 4003 0 UVM aobj 5 2K 4K 166960K 6 0 pinsyscall 43 86K 106K 166960K 1358 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 14 0 NDP 12 0K 1K 166960K 40 0 temp 36 8638K 8706K 166960K 9179 0 kqueue 13 20K 28K 166960K 40 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 47 0 42 1 0 1 1 0 8 0 rtentry 176 98 0 3 5 0 5 5 0 8 0 unpcb 144 102 0 83 2 0 2 2 0 8 1 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpcb 736 79 0 75 5 0 5 5 0 8 4 arp 128 10 0 0 1 0 1 1 0 8 0 inpcb 328 198 0 190 5 0 5 5 0 8 4 nd6 144 17 0 0 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1192 9 0 9 1 0 1 1 0 8 1 pppxif 1504 2 0 2 1 0 1 1 0 8 1 pffrag 232 2 0 2 1 0 1 1 0 482 1 pffrnode 88 2 0 2 1 0 1 1 0 8 1 pffrent 40 4 0 4 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 21 0 0 1 0 1 1 0 8 0 pfstkey 128 21 0 0 1 0 1 1 0 8 0 pfstate 384 21 0 0 3 0 3 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 450 0 12 29 0 29 29 0 8 1 art_table 40 451 0 12 5 0 5 5 0 8 0 art_node 32 98 0 13 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 16 0 13 1 0 1 1 0 8 0 shmpl 112 3 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1762 0 251 95 0 95 95 0 8 0 ffsino 296 1762 0 251 117 0 117 117 0 8 0 nchpl 144 2094 0 401 63 0 63 63 0 8 0 uvmvnodes 80 1890 0 0 39 0 39 39 0 8 0 vnodes 216 1890 0 0 105 0 105 105 0 8 0 namei 1024 6443 0 6443 2 0 2 2 0 8 2 percpumem 16 64 0 15 1 0 1 1 0 8 0 kstatmem 264 50 0 24 3 0 3 3 0 8 1 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 8893 0 8893 10 2 8 8 1 8 8 plimitpl 152 52 0 33 1 0 1 1 0 8 0 sigapl 424 558 0 503 7 0 7 7 0 8 0 knotepl 120 336 0 0 11 0 11 11 0 8 0 kqueuepl 224 70 0 60 2 0 2 2 0 8 1 pipepl 344 118 0 91 3 0 3 3 0 8 0 fdescpl 528 535 0 503 3 0 3 3 0 8 0 filepl 160 2170 0 1947 12 0 12 12 0 8 2 lockfpl 104 57 0 55 1 0 1 1 0 8 0 lockfspl 48 24 0 22 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 31 0 14 1 0 1 1 0 8 0 ucredpl 104 186 0 173 1 0 1 1 0 8 0 zombiepl 144 504 0 503 1 0 1 1 0 8 0 processpl 1248 558 0 503 5 0 5 5 0 8 0 procpl 664 756 0 689 7 0 7 7 0 8 0 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 752 348 0 316 8 0 8 8 0 8 4 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 134 0 0 17 0 17 17 0 8 0 mcl2k 2048 22 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 148 0 0 9 0 9 9 0 8 0 bufpl 280 3788 0 121 262 0 262 262 0 8 0 anonpl 32 5855 0 0 48 0 48 48 0 246 0 amapchunkpl 152 11496 0 10955 27 0 27 27 0 158 6 amappl16 200 1055 0 918 9 1 8 8 0 8 0 amappl15 192 48 0 48 1 1 0 1 0 8 0 amappl14 184 117 0 105 1 0 1 1 0 8 0 amappl13 176 4 0 3 1 0 1 1 0 8 0 amappl12 168 1191 0 1159 2 0 2 2 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 2 0 1 1 0 1 1 0 8 0 amappl9 144 258 0 258 1 1 0 1 0 8 0 amappl8 136 39 0 36 1 0 1 1 0 8 0 amappl7 128 106 0 94 1 0 1 1 0 8 0 amappl6 120 174 0 171 1 0 1 1 0 8 0 amappl5 112 120 0 111 1 0 1 1 0 8 0 amappl4 104 305 0 285 1 0 1 1 0 8 0 amappl3 96 2018 0 1895 4 0 4 4 0 8 1 amappl2 88 644 0 582 2 0 2 2 0 8 0 amappl1 80 8990 0 8384 15 0 15 15 0 8 1 amappl 88 3294 0 3113 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 5 0 1 1 0 1 1 0 8 0 uaddrrnd 24 535 0 503 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 535 0 503 1 0 1 1 0 8 0 vmmpekpl 168 6025 0 5993 2 0 2 2 0 8 0 vmmpepl 168 39703 0 37558 95 1 94 95 0 357 0 vmsppl 488 534 0 503 5 0 5 5 0 8 1 rwobjpl 80 14870 0 11925 61 0 61 61 0 8 0 pdppl 4096 1078 0 1006 106 34 72 88 0 8 0 pvpl 32 15482 0 0 125 0 125 125 0 265 0 pmappl 256 534 0 503 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 281 0 36 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace copyout() at copyout+0x57 syscall(ffff80003c451440) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c451440) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4ac761b74c0, count: -3 ddb{0}> machine ddbcpu 1