kernel: page fault trap, code=3 Stopped at copyout+0x57: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND 362595 17713 0 0 0x4000000 1 syz-executor *373955 80113 0 0 0x4000000 0 syz-executor copyout() at copyout+0x57 syscall(ffff80003c429840) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c429840) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe6e451310b0, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to access user address 0x200000000400 in supervisor mode ddb{0}> trace copyout() at copyout+0x57 syscall(ffff80003c429840) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c429840) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe6e451310b0, count: -3 ddb{0}> show registers rdi 0x200000000400 rsi 0xffff80003c429680 rbp 0xffff80003c429760 rbx 0x200000000400 rdx 0xffff80003c424000 rcx 0x7 rax 0x38 r8 0x7f7fffffc000 r9 0 r10 0x6a7e2fff8e2b1bc8 r11 0xffffffff82d8af20 copy_fault r12 0 r13 0 r14 0 r15 0 rip 0xffffffff82d8ae47 copyout+0x57 cs 0x8 rflags 0x50202 acpi_pdirpa+0x3c073 rsp 0xffff80003c4295e0 ss 0x10 copyout+0x57: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=373955 pid=80113 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800035407740,0xffff8000354062d0 process=0xffff80002a2bfa98 user=0xffff80003c424000, vmspace=0xfffffd806b7e05d8 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 17713 447271 97688 0 2 0 syz-executor 17713 506632 97688 0 3 0x4000080 ttyout syz-executor 17713 362595 97688 0 7 0x4000000 syz-executor 8078 137904 52638 0 2 0 syz-executor 8078 256765 52638 0 3 0x4000080 kqsel syz-executor 8078 73235 52638 0 3 0x4000000 smrbar syz-executor 8078 20166 52638 0 3 0x4000080 fsleep syz-executor 80113 46971 8149 0 2 0 syz-executor 80113 89652 8149 0 3 0x4000080 fsleep syz-executor *80113 373955 8149 0 7 0x4000000 syz-executor 80113 56879 8149 0 2 0x4000080 syz-executor 80113 367765 8149 0 2 0x4000000 syz-executor 33486 347748 51074 0 3 0x80 nanoslp syz-executor 33486 322421 51074 0 2 0x4000000 syz-executor 33486 5237 51074 0 3 0x4000080 kqsel syz-executor 33486 435584 51074 0 3 0x4000080 fsleep syz-executor 98938 368984 76161 0 2 0xc90 syz-executor 98938 228135 76161 0 3 0x4000090 piperd syz-executor 98938 185602 76161 0 3 0x4000090 fsleep syz-executor 58898 150462 1893 0 3 0x80 nanoslp syz-executor 58898 158946 1893 0 3 0x4000080 fifor syz-executor 58898 312891 1893 0 3 0x4000080 fsleep syz-executor 74788 403531 47870 0 3 0x3000 suspend syz-executor 74788 57313 47870 0 2 0x4081000 syz-executor 74788 92346 47870 0 3 0x4081000 inode syz-executor 74788 290165 47870 0 3 0x4081000 inode syz-executor 74788 235569 47870 0 3 0x4081000 inode syz-executor 91302 80888 19809 0 2 0xc82 syz-executor 8149 74486 19809 0 2 0xc82 syz-executor 51074 429568 19809 0 3 0x82 nanoslp syz-executor 52638 361515 19809 0 3 0x82 nanoslp syz-executor 76161 440235 19809 0 2 0xc82 syz-executor 65843 74381 1 0 3 0x100083 ttyopn getty 1893 89699 19809 0 3 0x82 nanoslp syz-executor 26675 87618 0 0 3 0x14200 bored sosplice 97688 66183 19809 0 3 0x82 nanoslp syz-executor 47870 188420 19809 0 2 0xc82 syz-executor 19809 334223 99600 0 3 0x82 kqread syz-executor 99600 382475 28089 0 3 0x10008a sigsusp ksh 28089 265236 47102 0 3 0x98 kqread sshd-session 47102 161689 26589 0 3 0x92 kqread sshd-session 26589 268642 1 0 3 0x88 kqread sshd 24530 404245 80378 74 3 0x1100092 bpf pflogd 80378 25966 1 0 3 0x80 sbwait pflogd 78867 104971 30250 73 3 0x1100090 kqread syslogd 30250 69797 1 0 3 0x100082 sbwait syslogd 23072 466690 1 0 3 0x100080 kqread resolvd 99689 222933 0 0 3 0x14200 bored smr 25542 22545 0 0 3 0x14200 pgzero zerothread 4317 176476 0 0 3 0x14200 aiodoned aiodoned 65645 397727 0 0 3 0x14200 syncer update 97194 281329 0 0 3 0x14200 cleaner cleaner 21833 187594 0 0 3 0x14200 reaper reaper 6055 69210 0 0 3 0x14200 pgdaemon pagedaemon 3113 180982 0 0 3 0x14200 bored viomb 18676 406664 0 0 3 0x40014200 acpi0 acpi0 14972 347841 0 0 3 0x40014200 idle1 63863 306672 0 0 3 0x14200 bored softnet7 13946 15860 0 0 3 0x14200 bored softnet6 27325 244723 0 0 3 0x14200 bored softnet5 83285 260754 0 0 3 0x14200 bored softnet4 13828 346288 0 0 3 0x14200 bored softnet3 78692 51047 0 0 3 0x14200 bored softnet2 40027 492401 0 0 3 0x14200 bored softnet1 14432 445107 0 0 3 0x14200 bored softnet0 45727 455348 0 0 3 0x14200 bored systqmp 67009 357638 0 0 3 0x14200 bored systq 33746 357129 0 0 3 0x14200 tmoslp softclockmp 48006 183446 0 0 2 0x40014200 softclock 15704 441973 0 0 3 0x40014200 idle0 1 421973 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 8078 (syz-executor) thread 0xffff800035404a68 (73235) Process 33486 (syz-executor) thread 0xffff800035406030 (322421) Process 74788 (syz-executor) thread 0xffff8000354079d0 (57313) Process 74788 (syz-executor) thread 0xffff8000ffff3200 (92346) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10259 11122K 21304K 166960K 16744 0 pcb 19 18K 23K 166960K 1132 0 rtable 234 15K 15K 166960K 1374 0 pf 44 19K 67485K 166960K 467 0 ifaddr 104 24K 24K 166960K 339 0 ifgroup 67 2K 3K 166960K 489 0 sysctl 4 1K 9K 166960K 42 0 counters 72 37K 38K 166960K 540 0 ioctlops 0 0K 8K 166960K 2302 0 iov 1 0K 28K 166960K 412 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1519 95K 96K 166960K 5158 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 92 23K 23K 166960K 192 0 dirhash 12 2K 3K 166960K 96 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 4222 0 sigio 1 0K 0K 166960K 68 0 proc 67 83K 180K 166960K 1325 0 subproc 72 4K 4K 166960K 164 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 777 0 in_multi 77 5K 7K 166960K 408 0 ether_multi 1 0K 0K 166960K 62 0 mrt 2 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 1110 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 256 140K 179K 166960K 39033 0 UVM aobj 83 3K 3K 166960K 85 0 pinsyscall 37 74K 102K 166960K 5551 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 233 0 NDP 14 0K 1K 166960K 193 0 temp 83 8684K 8940K 166960K 193915 0 kqueue 9 16K 34K 166960K 818 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 596 0 595 8 5 3 3 0 8 2 rtentry 176 509 0 430 5 0 5 5 0 8 0 unpcb 144 3094 0 3079 20 18 2 6 0 8 1 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpqe 32 5 0 5 3 3 0 1 0 8 0 tcpcb 736 1385 0 1377 18 17 1 7 0 8 0 arp 128 111 0 96 1 0 1 1 0 8 0 inpcb 328 4607 0 4594 41 34 7 10 0 8 5 nd6 144 49 0 33 1 0 1 1 0 8 0 pkpcb 40 44 0 44 6 5 1 1 0 8 1 kcovpl 48 18 0 10 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1192 179 0 179 5 4 1 1 0 8 1 pppxif 1504 34 0 34 5 4 1 1 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pffrag 232 26 0 18 1 0 1 1 0 482 0 pffrnode 88 24 0 16 1 0 1 1 0 8 0 pffrent 40 76 0 68 1 0 1 1 0 8 0 pfosfp 40 1432 0 1007 5 0 5 5 0 8 0 pfosfpen 112 1432 0 714 21 0 21 21 0 8 0 pfanchor 1288 4 0 3 2 1 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 321 0 166 2 0 2 2 0 8 0 pfstkey 128 321 0 166 6 0 6 6 0 8 0 pfstate 384 321 0 166 17 0 17 17 0 8 0 pfrule 1344 37 0 31 2 1 1 2 0 8 0 rttmr 136 5 0 5 4 4 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 1495 0 1113 41 17 24 31 0 8 0 art_table 40 1498 0 1113 5 0 5 5 0 8 0 art_node 32 509 0 442 2 0 2 2 0 8 0 sysvmsgpl 40 18 0 8 1 0 1 1 0 8 0 semupl 112 5 0 5 3 2 1 1 0 8 1 semapl 112 171 0 81 3 0 3 3 0 8 0 shmpl 112 82 0 2 3 0 3 3 0 8 0 dirhash 1024 76 0 59 3 0 3 3 0 8 0 dino2pl 256 9392 0 7866 96 0 96 96 0 8 0 ffsino 296 9392 0 7866 118 0 118 118 0 8 0 nchpl 144 15153 0 13433 65 0 65 65 0 8 0 rtmask 32 34 0 34 4 3 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 53873 0 53870 5 4 1 2 0 8 0 percpumem 16 285 0 234 1 0 1 1 0 8 0 kstatmem 264 320 0 286 5 2 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 23 0 23 10 9 1 1 0 8 1 scxspl 216 105347 0 105347 16 14 2 8 1 8 2 plimitpl 152 795 0 777 1 0 1 1 0 8 0 sigapl 424 4488 0 4436 9 2 7 9 0 8 0 knotepl 120 600 0 0 18 0 18 18 0 8 0 kqueuepl 224 1984 0 1972 27 22 5 5 0 8 4 pipepl 344 871 0 842 16 13 3 9 0 8 0 fdescpl 528 4432 0 4403 3 0 3 3 0 8 0 filepl 160 31845 0 31623 40 26 14 19 0 8 1 lockfpl 104 1853 0 1851 2 1 1 2 0 8 0 lockfspl 48 720 0 718 1 0 1 1 0 8 0 sessionpl 144 36 0 28 1 0 1 1 0 8 0 pgrppl 48 308 0 292 1 0 1 1 0 8 0 ucredpl 104 5292 0 5280 1 0 1 1 0 8 0 zombiepl 144 5713 0 5711 1 0 1 1 0 8 0 processpl 1248 4488 0 4436 6 1 5 6 0 8 0 procpl 656 11469 0 11397 8 1 7 8 0 8 0 srpgc 96 1 0 1 1 1 0 1 0 8 0 sosppl 168 26 0 26 6 5 1 1 0 8 1 sockpl 752 8472 0 8442 71 61 10 18 0 8 6 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 111 0 0 11 1 10 11 0 8 0 mtagpl 96 23 0 0 1 0 1 1 0 8 0 mbufpl 256 1266 0 0 78 0 78 78 0 8 0 bufpl 280 45655 0 39513 440 0 440 440 0 8 0 anonpl 32 18744 0 0 152 1 151 151 0 246 0 amapchunkpl 152 138586 0 137839 68 35 33 36 0 158 4 amappl16 200 16077 0 15821 138 116 22 43 0 8 8 amappl15 192 5 0 4 1 0 1 1 0 8 0 amappl14 184 143 0 134 1 0 1 1 0 8 0 amappl13 176 26 0 26 5 5 0 1 0 8 0 amappl12 168 5257 0 5228 3 1 2 2 0 8 0 amappl11 160 53 0 45 1 0 1 1 0 8 0 amappl10 152 20 0 20 1 1 0 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 30 0 27 1 0 1 1 0 8 0 amappl7 128 146 0 136 1 0 1 1 0 8 0 amappl6 120 292 0 288 1 0 1 1 0 8 0 amappl5 112 170 0 162 1 0 1 1 0 8 0 amappl4 104 338 0 317 1 0 1 1 0 8 0 amappl3 96 28663 0 28540 5 1 4 4 0 8 0 amappl2 88 826 0 780 2 0 2 2 0 8 0 amappl1 80 26109 0 25590 15 0 15 15 0 8 0 amappl 88 37376 0 37176 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 264 0 264 9 8 1 1 0 8 1 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 84 0 2 2 0 2 2 0 8 0 uaddrrnd 24 4432 0 4403 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4432 0 4403 1 0 1 1 0 8 0 vmmpekpl 168 33907 0 33841 4 0 4 4 0 8 0 vmmpepl 168 281724 0 279681 153 51 102 128 0 357 9 vmsppl 488 4431 0 4403 6 1 5 5 0 8 0 rwobjpl 80 76934 0 69832 168 16 152 160 0 8 3 pdppl 4096 8871 0 8806 127 62 65 85 0 8 0 pvpl 32 25963 0 0 211 2 209 209 0 265 0 pmappl 256 4431 0 4403 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 416 0 109 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace copyout() at copyout+0x57 syscall(ffff80003c429840) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c429840) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe6e451310b0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838ead30) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838ead30) at __mp_lock+0x192 sys/kern/kern_lock.c:165 vn_write(fffffd806b7f52c0,ffff80003c4a7828,0) at vn_write+0x4e sys/kern/vfs_vnops.c:393 dofilewritev(ffff8000354067e0,c8,ffff80003c4a7828,0,ffff80003c4a78e0) at dofilewritev+0x23c sys/kern/sys_generic.c:380 sys_write(ffff8000354067e0,ffff80003c4a7990,ffff80003c4a78e0) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff80003c4a7990) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4a7990) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6d082dafa50, count: 6 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838ead30) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838ead30) at __mp_lock+0x192 sys/kern/kern_lock.c:165 vn_write(fffffd806b7f52c0,ffff80003c4a7828,0) at vn_write+0x4e sys/kern/vfs_vnops.c:393 dofilewritev(ffff8000354067e0,c8,ffff80003c4a7828,0,ffff80003c4a78e0) at dofilewritev+0x23c sys/kern/sys_generic.c:380 sys_write(ffff8000354067e0,ffff80003c4a7990,ffff80003c4a78e0) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff80003c4a7990) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4a7990) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6d082dafa50, count: -9