kernel: page fault trap, code=3 Stopped at copyout+0x57: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *148448 68374 0 0x2 0 0K syz-executor copyout() at copyout+0x57 ufs_readdir(ffff80003c501a30) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80633edca8,ffff80003c501ab0,fffffd80097fb548,ffff80003c501af4) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff80003c414f98,ffff80003c501c50,ffff80003c501ba0) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80003c501c50) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c501c50) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72b1c60f0270, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to access user address 0x3bef46cc000 in supervisor mode ddb{0}> trace copyout() at copyout+0x57 ufs_readdir(ffff80003c501a30) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80633edca8,ffff80003c501ab0,fffffd80097fb548,ffff80003c501af4) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff80003c414f98,ffff80003c501c50,ffff80003c501ba0) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80003c501c50) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c501c50) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72b1c60f0270, count: -6 ddb{0}> show registers rdi 0x3bef46cc000 rsi 0xffff80003c501858 rbp 0xffff80003c501840 rbx 0xffff80003c501ae0 rdx 0xffff80003c4fc000 rcx 0x4 rax 0x20 r8 0x7f7fffffc000 r9 0 r10 0x40616d08b1f89dec r11 0xffffffff81b63960 copy_fault r12 0x3bef46cc000 r13 0x20 r14 0xffff80003c501ab0 r15 0 rip 0xffffffff81b63887 copyout+0x57 cs 0x8 rflags 0x50202 acpi_pdirpa+0x3c073 rsp 0xffff80003c501790 ss 0x10 copyout+0x57: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=148448 pid=68374 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000397fa2c0,0xffff8000397fb750 process=0xffff80003c41c4f8 user=0xffff80003c4fc000, vmspace=0xfffffd806c2211f8 estcpu=36, cpticks=6, pctcpu=0.4, user=1, sys=23, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 79341 262392 76381 0 2 0xc80 syz-executor 79341 494433 76381 0 3 0x4000080 kqpoll syz-executor 79341 451098 76381 0 3 0x4000080 fsleep syz-executor 52778 335383 68349 0 2 0 syz-executor 52778 409853 68349 0 3 0x4000080 fsleep syz-executor 52778 109673 68349 0 3 0x4000080 fsleep syz-executor 52778 283138 68349 0 3 0x4000080 fsleep syz-executor 17394 458642 41876 0 2 0xc80 syz-executor 17394 2398 41876 0 3 0x4000080 piperd syz-executor 17394 355167 41876 0 3 0x4000080 fsleep syz-executor 45357 492471 45617 0 2 0xc80 syz-executor 45357 240696 45617 0 3 0x4000080 fsleep syz-executor 45357 383253 45617 0 2 0x4000000 syz-executor 45357 210625 45617 0 3 0x4000080 fsleep syz-executor 88515 416178 1 0 3 0x80 nanoslp init *68374 148448 85823 0 7 0x2 syz-executor 29456 523780 0 0 3 0x14280 nfsidl nfsio 84226 126095 0 0 3 0x14280 nfsidl nfsio 87563 16781 0 0 3 0x14280 nfsidl nfsio 49963 31332 0 0 3 0x14280 nfsidl nfsio 51988 104584 0 0 3 0x14280 nfsidl nfsio 66162 29273 0 0 3 0x14280 nfsidl nfsio 55969 330354 0 0 3 0x14280 nfsidl nfsio 99349 380454 0 0 3 0x14280 nfsidl nfsio 7938 302182 0 0 3 0x14280 nfsidl nfsio 92095 363261 0 0 3 0x14280 nfsidl nfsio 62174 12774 0 0 3 0x14280 nfsidl nfsio 8025 514968 0 0 3 0x14280 nfsidl nfsio 41350 107121 0 0 3 0x14280 nfsidl nfsio 50619 383320 0 0 3 0x14280 nfsidl nfsio 66696 299959 0 0 3 0x14280 nfsidl nfsio 68749 516061 0 0 3 0x14280 nfsidl nfsio 5784 427566 0 0 3 0x14280 nfsidl nfsio 40950 338880 0 0 3 0x14280 nfsidl nfsio 9503 459612 0 0 3 0x14280 nfsidl nfsio 46865 366655 0 0 3 0x14280 nfsidl nfsio 76381 372889 85823 0 2 0xc82 syz-executor 80755 172281 0 0 3 0x14200 bored sosplice 45617 401796 85823 0 2 0xc82 syz-executor 19486 104581 17561 0 3 0x100082 sbwait arp 17561 228850 26421 0 3 0x10008a sigsusp sh 68349 202862 85823 0 2 0xc82 syz-executor 41876 222717 85823 0 2 0xc82 syz-executor 38437 261345 85823 0 2 0x2 syz-executor 47220 409487 85823 0 2 0xc82 syz-executor 26421 442717 85823 0 3 0x82 wait syz-executor 85823 116231 64632 0 3 0x82 kqread syz-executor 64632 119213 578 0 3 0x10008a sigsusp ksh 578 380556 88210 0 3 0x98 kqread sshd-session 88210 439598 12610 0 3 0x92 kqread sshd-session 12610 103158 1 0 3 0x88 kqread sshd 75812 154451 31050 74 3 0x1100092 bpf pflogd 31050 155871 1 0 3 0x80 sbwait pflogd 71816 206080 13464 73 3 0x1100090 kqread syslogd 13464 261244 1 0 3 0x100082 sbwait syslogd 61352 522830 1 0 3 0x100080 kqread resolvd 93837 467555 73924 77 3 0x100092 kqread dhcpleased 261 209574 73924 77 3 0x100092 kqread dhcpleased 73924 236550 1 0 3 0x80 kqread dhcpleased 75434 425464 0 0 2 0x14200 smr 87237 208800 0 0 2 0x14200 zerothread 85765 383073 0 0 3 0x14200 aiodoned aiodoned 13992 248727 0 0 3 0x14200 syncer update 24982 393699 0 0 3 0x14200 cleaner cleaner 1927 475023 0 0 3 0x14200 reaper reaper 84694 276868 0 0 3 0x14200 pgdaemon pagedaemon 94667 361022 0 0 3 0x14200 bored viomb 48342 331714 0 0 3 0x40014200 acpi0 acpi0 34550 117460 0 0 7 0x40014200 idle1 45901 495342 0 0 3 0x14200 bored softnet3 59778 208334 0 0 3 0x14200 bored softnet2 56650 39367 0 0 3 0x14200 bored softnet1 85462 449803 0 0 3 0x14200 bored softnet0 93937 382446 0 0 3 0x14200 bored systqmp 78399 340971 0 0 3 0x14200 bored systq 17846 153317 0 0 3 0x14200 tmoslp softclockmp 48084 513239 0 0 2 0x40014200 softclock 97794 190811 0 0 3 0x40014200 idle0 1 294619 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 68374 (syz-executor) thread 0xffff80003c414f98 (148448) Process 38437 (syz-executor) thread 0xffff80002a2bbc48 (261345) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 11119K 11882K 166960K 13679 0 pcb 17 22K 24K 166960K 287 0 rtable 161 8K 9K 166960K 555 0 pf 36 17K 67485K 166960K 149 0 ifaddr 36 6K 8K 166960K 107 0 ifgroup 57 2K 2K 166960K 191 0 sysctl 4 1K 9K 166960K 15 0 counters 70 37K 37K 166960K 196 0 ioctlops 0 0K 4K 166960K 1698 0 iov 0 0K 16K 166960K 123 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1434 90K 91K 166960K 2689 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 120 0 dirhash 15 2K 3K 166960K 45 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 114K 166960K 1322 0 sigio 1 0K 0K 166960K 23 0 proc 66 91K 127K 166960K 727 0 subproc 72 4K 4K 166960K 100 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 164 0 in_multi 66 4K 7K 166960K 169 0 ether_multi 1 0K 0K 166960K 9 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 573 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 248 177K 199K 166960K 13440 0 UVM aobj 18 2K 2K 166960K 19 0 pinsyscall 42 84K 103K 166960K 2504 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 57 0 NDP 13 0K 1K 166960K 76 0 temp 80 8760K 8774K 166960K 82873 0 kqueue 14 22K 30K 166960K 270 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 200 0 195 3 2 1 3 0 8 0 rtentry 176 172 0 107 5 0 5 5 0 8 0 unpcb 144 1222 0 1201 13 11 2 8 0 8 1 syncache 336 9 0 9 4 3 1 1 0 8 1 tcpqe 32 5 0 5 3 2 1 1 0 8 1 tcpcb 808 527 0 516 20 15 5 14 0 8 3 arp 128 31 0 17 1 0 1 1 0 8 0 inpcb 384 1868 0 1853 43 34 9 21 0 8 5 nd6 144 35 0 23 1 0 1 1 0 8 0 pkpcb 40 5 0 5 3 3 0 1 0 8 0 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 0 1 1 0 8 1 ppxss 1192 46 0 45 2 1 1 1 0 8 0 pppxif 1504 4 0 4 2 2 0 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 7 0 4 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfstitem 24 77 0 23 1 0 1 1 0 8 0 pfstkey 128 77 0 23 2 0 2 2 0 8 0 pfstate 384 77 0 23 6 0 6 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 623 0 333 27 3 24 26 0 8 1 art_table 32 626 0 333 4 0 4 4 0 8 0 art_node 16 166 0 108 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 11 2 1 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 115 0 105 1 0 1 1 0 8 0 shmpl 112 16 0 1 1 0 1 1 0 8 0 dirhash 1024 41 0 22 3 0 3 3 0 8 0 dino2pl 256 3826 0 2320 96 0 96 96 0 8 0 ffsino 288 3826 0 2320 109 0 109 109 0 8 0 nchpl 144 5622 0 3920 64 0 64 64 0 8 0 rtmask 32 10 0 10 2 1 1 1 0 8 1 uvmvnodes 80 4701 0 0 96 0 96 96 0 8 0 vnodes 216 4701 0 0 262 0 262 262 0 8 0 namei 1024 19976 0 19975 2 1 1 2 0 8 0 percpumem 16 113 0 63 1 0 1 1 0 8 0 kstatmem 264 114 0 84 4 1 3 3 0 8 0 scsiplug 72 6 0 6 5 4 1 1 0 8 1 scxspl 216 18077 0 18077 16 14 2 8 1 8 2 plimitpl 152 346 0 330 1 0 1 1 0 8 0 sigapl 424 1637 0 1567 9 0 9 9 0 8 0 knotepl 120 579 0 0 18 0 18 18 0 8 0 kqueuepl 224 586 0 575 5 2 3 3 0 8 2 pipepl 336 266 0 238 3 0 3 3 0 8 0 fdescpl 520 1594 0 1563 3 0 3 3 0 8 0 filepl 160 11354 0 11131 26 11 15 20 0 8 3 lockfpl 104 484 0 481 2 1 1 2 0 8 0 lockfspl 48 155 0 152 1 0 1 1 0 8 0 sessionpl 144 33 0 25 1 0 1 1 0 8 0 pgrppl 48 56 0 40 1 0 1 1 0 8 0 ucredpl 104 1451 0 1437 1 0 1 1 0 8 0 zombiepl 144 1568 0 1567 1 0 1 1 0 8 0 processpl 1240 1637 0 1567 6 0 6 6 0 8 0 procpl 656 3368 0 3288 8 0 8 8 0 8 0 srpgc 96 15 0 15 3 3 0 1 0 8 0 sosppl 168 12 0 12 2 1 1 1 0 8 1 sockpl 728 3336 0 3295 59 49 10 25 0 8 5 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 112 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 49 0 0 7 1 6 7 0 8 1 mtagpl 96 24 0 0 1 0 1 1 0 8 0 mbufpl 256 1244 0 0 77 0 77 77 0 8 0 bufpl 280 6966 0 824 439 0 439 439 0 8 0 anonpl 32 11565 0 0 93 0 93 93 0 246 0 amapchunkpl 152 45385 0 44816 53 16 37 37 0 158 11 amappl16 200 4428 0 4265 46 24 22 22 0 8 8 amappl15 192 6 0 6 2 2 0 1 0 8 0 amappl14 184 145 0 133 1 0 1 1 0 8 0 amappl13 176 9 0 9 2 2 0 1 0 8 0 amappl12 168 2299 0 2267 4 1 3 3 0 8 0 amappl11 160 53 0 38 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 119 0 106 1 0 1 1 0 8 0 amappl6 120 212 0 207 1 0 1 1 0 8 0 amappl5 112 143 0 133 1 0 1 1 0 8 0 amappl4 104 351 0 331 1 0 1 1 0 8 0 amappl3 96 8958 0 8852 5 1 4 4 0 8 0 amappl2 88 730 0 664 2 0 2 2 0 8 0 amappl1 80 14643 0 14036 16 1 15 15 0 8 0 amappl 88 12435 0 12262 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 18 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1594 0 1563 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1594 0 1563 1 0 1 1 0 8 0 vmmpekpl 168 13610 0 13549 3 0 3 3 0 8 0 vmmpepl 168 104353 0 102259 127 15 112 112 0 357 10 vmsppl 480 1593 0 1563 5 0 5 5 0 8 0 rwobjpl 72 32883 0 27084 113 2 111 111 0 8 4 pdppl 4096 3196 0 3126 114 38 76 84 0 8 6 pvpl 32 17915 0 0 146 2 144 144 0 265 0 pmappl 256 1593 0 1563 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 489 0 63 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace copyout() at copyout+0x57 ufs_readdir(ffff80003c501a30) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80633edca8,ffff80003c501ab0,fffffd80097fb548,ffff80003c501af4) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff80003c414f98,ffff80003c501c50,ffff80003c501ba0) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80003c501c50) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c501c50) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72b1c60f0270, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffff8000299ddff0) at sched_idle+0x448 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffff8000299ddff0) at sched_idle+0x448 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5