kernel: page fault trap, code=3 Stopped at copyout+0x57: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND 334457 33551 0 0 0x4000000 1K syz-executor *225471 86461 0 0x10000002 0 0 syz-executor copyout() at copyout+0x57 postsig(ffff80002a297c50,14,ffff80002a338b98) at postsig+0x4e5 sys/kern/kern_sig.c:1801 userret(ffff80002a297c50) at userret+0x24e sys/kern/kern_sig.c:2207 syscall(ffff80002a338cd0) at syscall+0x9c0 mi_syscall_return sys/sys/syscall_mi.h:203 [inline] syscall(ffff80002a338cd0) at syscall+0x9c0 sys/arch/amd64/amd64/trap.c:600 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a36b6d86480, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to access user address 0x7a36b6d85fb0 in supervisor mode ddb{0}> trace copyout() at copyout+0x57 postsig(ffff80002a297c50,14,ffff80002a338b98) at postsig+0x4e5 sys/kern/kern_sig.c:1801 userret(ffff80002a297c50) at userret+0x24e sys/kern/kern_sig.c:2207 syscall(ffff80002a338cd0) at syscall+0x9c0 mi_syscall_return sys/sys/syscall_mi.h:203 [inline] syscall(ffff80002a338cd0) at syscall+0x9c0 sys/arch/amd64/amd64/trap.c:600 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a36b6d86480, count: -5 ddb{0}> show registers rdi 0x7a36b6d85fb0 rsi 0xffff80002a3388e8 rbp 0xffff80002a338a70 rbx 0x7a36b6d860a0 rdx 0xffff80002a333000 rcx 0x1d rax 0xe8 r8 0x7f7fffffc000 r9 0 r10 0x8cf9c3c33d9815aa r11 0xffffffff82f33900 copy_fault r12 0xffff80002a297c50 r13 0xffff80002a338cd0 r14 0 r15 0x7a36b6d85fb0 rip 0xffffffff82f33827 copyout+0x57 cs 0x8 rflags 0x50206 acpi_pdirpa+0x3c077 rsp 0xffff80002a3388d0 ss 0 copyout+0x57: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=225471 pid=86461 tcnt=1 stat=onproc flags process=10000002 proc=0 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff3490,0xffff80002a297740 process=0xffff8000ffff7550 user=0xffff80002a333000, vmspace=0xfffffd800b026780 estcpu=36, cpticks=2, pctcpu=0.20, user=3, sys=98, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65416 217232 47920 0 2 0 syz-executor 65416 414841 47920 0 2 0x4000000 syz-executor 36958 218753 46720 0 2 0 syz-executor 27716 342530 35156 0 2 0 syz-executor 6388 333985 15082 0 2 0 syz-executor 6388 91824 15082 0 3 0x4000080 fsleep syz-executor 6388 167409 15082 0 3 0x4000080 fsleep syz-executor 33551 413091 27741 0 2 0 syz-executor 33551 334457 27741 0 7 0x4000000 syz-executor 33551 203302 27741 0 2 0x4000000 syz-executor 33551 46606 27741 0 3 0x4000080 fsleep syz-executor 27741 281792 14381 0 3 0x82 nanoslp syz-executor 61426 320758 1 0 3 0x80 nanoslp init 16109 365264 0 0 3 0x14280 nfsidl nfsio 21011 130712 0 0 3 0x14280 nfsidl nfsio 18351 336023 0 0 3 0x14280 nfsidl nfsio 36865 346779 0 0 3 0x14280 nfsidl nfsio 26920 172066 0 0 3 0x14280 nfsidl nfsio 70189 8601 0 0 3 0x14280 nfsidl nfsio 18256 462427 0 0 3 0x14280 nfsidl nfsio 8526 256492 0 0 3 0x14280 nfsidl nfsio 16668 155869 0 0 3 0x14280 nfsidl nfsio 27766 105220 0 0 3 0x14280 nfsidl nfsio 82709 343875 0 0 3 0x14280 nfsidl nfsio 78063 282307 0 0 3 0x14280 nfsidl nfsio 14504 254640 0 0 3 0x14280 nfsidl nfsio 35154 368931 0 0 3 0x14280 nfsidl nfsio 58157 425266 0 0 3 0x14280 nfsidl nfsio 86122 119698 0 0 3 0x14280 nfsidl nfsio 66618 437146 0 0 3 0x14280 nfsidl nfsio 87828 263832 0 0 3 0x14280 nfsidl nfsio 23786 381447 0 0 3 0x14280 nfsidl nfsio 52753 270167 0 0 3 0x14280 nfsidl nfsio 15698 298772 0 0 3 0x14200 bored sosplice 81526 489275 14381 0 3 0x82 wait syz-executor 47920 54189 14381 0 2 0xc82 syz-executor 46720 290812 14381 0 3 0x82 nanoslp syz-executor 90246 47363 14381 0 3 0x82 nanoslp syz-executor *86461 225471 14381 0 7 0x10000002 syz-executor 15082 352828 14381 0 3 0x82 nanoslp syz-executor 35156 277917 14381 0 2 0xc82 syz-executor 14381 75870 13567 0 3 0x82 kqread syz-executor 13567 416726 93234 0 3 0x10008a sigsusp ksh 93234 281513 91594 0 3 0x98 kqread sshd-session 91594 492813 57686 0 3 0x92 kqread sshd-session 57686 124727 1 0 3 0x88 kqread sshd 62138 307287 22839 74 3 0x1100092 bpf pflogd 22839 160693 1 0 3 0x80 sbwait pflogd 91703 468607 64817 73 3 0x1100090 kqread syslogd 64817 27408 1 0 3 0x100082 sbwait syslogd 67020 235843 1 0 3 0x100080 kqread resolvd 49949 355824 64867 77 3 0x100092 kqread dhcpleased 24937 329173 64867 77 3 0x100092 kqread dhcpleased 64867 22163 1 0 3 0x80 kqread dhcpleased 89410 254057 0 0 3 0x14200 bored smr 44035 255920 0 0 2 0x14200 zerothread 67300 160320 0 0 3 0x14200 aiodoned aiodoned 94954 4272 0 0 3 0x14200 syncer update 24797 251828 0 0 3 0x14200 cleaner cleaner 86438 144895 0 0 3 0x14200 reaper reaper 73687 95402 0 0 3 0x14200 pgdaemon pagedaemon 90701 308003 0 0 3 0x14200 bored viomb 46624 345770 0 0 3 0x40014200 acpi0 acpi0 43630 473772 0 0 3 0x40014200 idle1 56362 490031 0 0 3 0x14200 bored softnet3 46750 398525 0 0 3 0x14200 bored softnet2 65278 334007 0 0 3 0x14200 bored softnet1 15821 384148 0 0 3 0x14200 bored softnet0 37858 37521 0 0 3 0x14200 bored systqmp 97448 182008 0 0 3 0x14200 bored systq 27660 435397 0 0 3 0x14200 tmoslp softclockmp 80080 395147 0 0 2 0x40014200 softclock 49013 343877 0 0 3 0x40014200 idle0 1 421160 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &map->flags_lock r = 0 (0xffff800000025370) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:301 #2 mtx_enter+0x62 sys/kern/kern_lock.c:258 #3 vm_map_lock_ln+0x66 sys/uvm/uvm_map.c:5155 #4 uvm_unmap+0x81 sys/uvm/uvm_map.c:1792 #5 km_free+0x87 sys/uvm/uvm_km.c:831 #6 vunmapbuf+0xc7 sys/arch/amd64/amd64/vm_machdep.c:204 #7 physio+0x3f9 sys/kern/kern_physio.c:180 #8 spec_read+0x155 sys/kern/spec_vnops.c:215 #9 VOP_READ+0x102 sys/kern/vfs_vops.c:227 #10 vn_read+0x17b sys/kern/vfs_vnops.c:369 #11 dofilereadv+0x230 sys/kern/sys_generic.c:252 #12 sys_pread+0xae sys/kern/vfs_syscalls.c:3303 #13 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 #14 Xsyscall+0x128 Process 33551 (syz-executor) thread 0xffff80003c4ad9d8 (334457) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10254 11092K 11716K 166960K 16308 0 pcb 20 16K 18K 166960K 692 0 rtable 218 12K 12K 166960K 647 0 pf 40 18K 81K 166960K 266 0 ifaddr 40 7K 7K 166960K 146 0 ifgroup 64 2K 3K 166960K 311 0 sysctl 4 1K 9K 166960K 30 0 counters 72 37K 38K 166960K 580 0 ioctlops 0 0K 8K 166960K 2253 0 iov 0 0K 30K 166960K 237 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1460 92K 92K 166960K 4151 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 37 0 VM map 2 1K 1K 166960K 2 0 sem 24 20K 20K 166960K 263 0 dirhash 12 2K 2K 166960K 54 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 106K 166960K 2552 0 sigio 0 0K 0K 166960K 66 0 proc 64 79K 140K 166960K 865 0 subproc 72 4K 4K 166960K 83 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 525 0 in_multi 77 5K 7K 166960K 186 0 ether_multi 1 0K 0K 166960K 33 0 mrt 2 0K 0K 166960K 16 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 812 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 233 163K 185K 166960K 26058 0 UVM aobj 50 6K 8K 166960K 56 0 pinsyscall 41 82K 102K 166960K 3718 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 150 0 NDP 14 0K 1K 166960K 106 0 temp 77 8696K 8776K 166960K 115469 0 kqueue 14 22K 30K 166960K 437 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 235 0 232 1 0 1 1 0 8 0 rtentry 176 167 0 79 5 0 5 5 0 8 0 unpcb 144 1911 0 1894 13 11 2 6 0 8 1 syncache 336 9 0 9 4 4 0 1 0 8 0 tcpqe 32 4 0 4 2 2 0 1 0 8 0 tcpcb 736 760 0 753 15 8 7 7 0 8 6 arp 128 29 0 12 1 0 1 1 0 8 0 inpcb 328 2795 0 2780 21 12 9 13 0 8 7 nd6 144 32 0 7 1 0 1 1 0 8 0 pkpcb 40 17 0 17 6 5 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 218 0 217 5 4 1 1 0 8 0 pppxif 1504 81 0 81 4 3 1 1 0 8 1 pffrag 232 16 0 9 1 0 1 1 0 482 0 pffrnode 88 14 0 7 1 0 1 1 0 8 0 pffrent 40 30 0 23 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 135 0 29 1 0 1 1 0 8 0 pfstkey 128 135 0 29 4 0 4 4 0 8 0 pfstate 384 135 0 29 11 0 11 11 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 679 0 325 30 7 23 29 0 8 0 art_table 32 680 0 325 4 0 4 4 0 8 0 art_node 16 162 0 86 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 11 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 253 0 231 1 0 1 1 0 8 0 shmpl 112 53 0 6 2 0 2 2 0 8 0 dirhash 1024 47 0 30 3 0 3 3 0 8 0 dino2pl 256 6394 0 4887 95 0 95 95 0 8 0 ffsino 288 6394 0 4887 109 0 109 109 0 8 0 nchpl 144 10064 0 9512 64 40 24 64 0 8 0 rtmask 32 19 0 19 5 4 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 36076 0 36076 4 3 1 2 0 8 1 percpumem 16 305 0 254 1 0 1 1 0 8 0 kstatmem 264 180 0 148 6 3 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 10 0 10 5 4 1 1 0 8 1 scxspl 216 60132 0 60132 15 13 2 8 1 8 2 plimitpl 152 620 0 604 1 0 1 1 0 8 0 sigapl 424 2887 0 2816 11 2 9 9 0 8 0 knotepl 120 590 0 0 18 1 17 17 0 8 0 kqueuepl 224 1122 0 1112 14 9 5 5 0 8 4 pipepl 336 402 0 375 8 5 3 8 0 8 0 fdescpl 520 2842 0 2811 3 0 3 3 0 8 0 filepl 160 20469 0 20248 29 14 15 19 0 8 4 lockfpl 104 943 0 941 1 0 1 1 0 8 0 lockfspl 48 370 0 368 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 192 0 176 1 0 1 1 0 8 0 ucredpl 104 3389 0 3375 1 0 1 1 0 8 0 zombiepl 144 2819 0 2816 1 0 1 1 0 8 0 processpl 1240 2887 0 2816 7 1 6 6 0 8 0 procpl 656 7131 0 7054 9 1 8 8 0 8 0 srpgc 96 4 0 4 1 1 0 1 0 8 0 sosppl 168 22 0 22 4 3 1 1 0 8 1 sockpl 728 5075 0 5040 32 20 12 16 0 8 7 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 128 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 33 0 0 5 0 5 5 0 8 0 mtagpl 96 116 0 0 3 0 3 3 0 8 0 mbufpl 256 1225 0 0 77 0 77 77 0 8 0 bufpl 280 22843 0 16700 440 0 440 440 0 8 0 anonpl 32 15474 0 0 125 0 125 125 0 246 0 amapchunkpl 152 88469 0 87960 49 21 28 34 0 158 6 amappl16 200 9598 0 9543 88 70 18 40 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 129 0 118 1 0 1 1 0 8 0 amappl13 176 32 0 32 1 1 0 1 0 8 0 amappl12 168 3524 0 3494 4 2 2 3 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 248 0 247 1 0 1 1 0 8 0 amappl8 136 30 0 27 1 0 1 1 0 8 0 amappl7 128 128 0 117 1 0 1 1 0 8 0 amappl6 120 196 0 192 1 0 1 1 0 8 0 amappl5 112 141 0 130 1 0 1 1 0 8 0 amappl4 104 352 0 332 1 0 1 1 0 8 0 amappl3 96 18035 0 17926 4 0 4 4 0 8 0 amappl2 88 711 0 647 2 0 2 2 0 8 0 amappl1 80 19013 0 18439 17 2 15 15 0 8 0 amappl 88 24858 0 24694 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 258 0 258 3 3 0 1 0 8 0 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 24 0 23 1 0 1 1 0 8 0 aobjpl 72 55 0 6 1 0 1 1 0 8 0 uaddrrnd 24 2842 0 2811 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2842 0 2811 1 0 1 1 0 8 0 vmmpekpl 168 24511 0 24464 3 0 3 3 0 8 0 vmmpepl 168 182258 0 180289 145 39 106 121 0 357 10 vmsppl 480 2841 0 2811 7 2 5 5 0 8 0 rwobjpl 72 52912 0 46023 133 0 133 133 0 8 1 pdppl 4096 5691 0 5622 113 42 71 83 0 8 2 pvpl 32 22524 0 0 182 0 182 182 0 265 0 pmappl 256 2841 0 2811 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 494 0 76 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace copyout() at copyout+0x57 postsig(ffff80002a297c50,14,ffff80002a338b98) at postsig+0x4e5 sys/kern/kern_sig.c:1801 userret(ffff80002a297c50) at userret+0x24e sys/kern/kern_sig.c:2207 syscall(ffff80002a338cd0) at syscall+0x9c0 mi_syscall_return sys/sys/syscall_mi.h:203 [inline] syscall(ffff80002a338cd0) at syscall+0x9c0 sys/arch/amd64/amd64/trap.c:600 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a36b6d86480, count: -5 ddb{0}> machine ddbcpu 1