kernel: page fault trap, code=3 Stopped at copyout+0x57: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND 13278 3033 0 0x40 0 1 syz-executor *500668 41638 0 0x2 0 0K syz-executor copyout() at copyout+0x57 ufs_readdir(ffff80002a396ac0) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80606905e8,ffff80002a396b40,fffffd80097fb410,ffff80002a396b84) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff8000ffffca48,ffff80002a396ce0,ffff80002a396c30) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80002a396ce0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a396ce0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x775d308daae0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to access user address 0x8a5c3712000 in supervisor mode ddb{0}> trace copyout() at copyout+0x57 ufs_readdir(ffff80002a396ac0) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80606905e8,ffff80002a396b40,fffffd80097fb410,ffff80002a396b84) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff8000ffffca48,ffff80002a396ce0,ffff80002a396c30) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80002a396ce0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a396ce0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x775d308daae0, count: -6 ddb{0}> show registers rdi 0x8a5c3712000 rsi 0xffff80002a3968e8 rbp 0xffff80002a3968d0 rbx 0xffff80002a396b70 rdx 0xffff80002a391000 rcx 0x4 rax 0x20 r8 0x7f7fffffc000 r9 0 r10 0x2462589bbab94781 r11 0xffffffff82a3e8e0 copy_fault r12 0x8a5c3712000 r13 0x20 r14 0xffff80002a396b40 r15 0 rip 0xffffffff82a3e807 copyout+0x57 cs 0x8 rflags 0x50202 acpi_pdirpa+0x3c073 rsp 0xffff80002a396820 ss 0x10 copyout+0x57: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=500668 pid=41638 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2bb498,0xffff8000ffffd498 process=0xffff80002a39ba38 user=0xffff80002a391000, vmspace=0xfffffd800b0261e0 estcpu=36, cpticks=1, pctcpu=0.6, user=0, sys=16, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3033 13278 87658 0 7 0x40 syz-executor 90418 158053 96543 0 2 0 syz-executor 90418 196374 96543 0 2 0x4000000 syz-executor 90418 420798 96543 0 3 0x4000080 fsleep syz-executor 4844 399188 19620 0 2 0 syz-executor 4844 469984 19620 0 3 0x4000080 fsleep syz-executor 4844 178042 19620 0 3 0x4000080 fsleep syz-executor 4844 360874 19620 0 3 0x4000080 fsleep syz-executor 4844 357795 19620 0 3 0x4000080 fsleep syz-executor 11990 147806 24779 0 2 0 syz-executor 11990 481227 24779 0 3 0x4000080 fsleep syz-executor 11990 260452 24779 0 3 0x4000080 fsleep syz-executor 11990 306850 24779 0 3 0x4000080 fsleep syz-executor 11990 471850 24779 0 3 0x4000080 fsleep syz-executor 87658 37193 70511 0 3 0x82 ppwait syz-executor 7803 194920 0 0 3 0x14200 acct acct 44369 132851 0 0 3 0x14200 bored sosplice 62406 382268 54781 0 3 0x100082 sbwait ndp 40966 406537 93409 0 3 0x100082 sbwait ndp 93409 175481 34026 0 3 0x10008a sigsusp sh 54781 229160 30436 0 3 0x10008a sigsusp sh 19620 497712 70511 0 2 0xc82 syz-executor 43281 360452 70511 0 2 0x2 syz-executor *41638 500668 70511 0 7 0x2 syz-executor 96543 9556 70511 0 3 0x82 nanoslp syz-executor 24779 343800 70511 0 3 0x82 nanoslp syz-executor 30436 162242 70511 0 3 0x82 wait syz-executor 34026 459395 70511 0 3 0x82 wait syz-executor 70511 398553 59597 0 2 0x2 syz-executor 59597 499746 93198 0 3 0x10008a sigsusp ksh 93198 278213 84029 0 3 0x98 kqread sshd-session 84029 8957 13864 0 3 0x92 kqread sshd-session 98166 88865 1 0 3 0x100083 ttyin getty 13864 211824 1 0 3 0x88 kqread sshd 46733 86087 32415 74 3 0x1100092 bpf pflogd 32415 289620 1 0 3 0x80 sbwait pflogd 66952 233783 86991 73 3 0x1100090 kqread syslogd 86991 81579 1 0 3 0x100082 sbwait syslogd 22885 350867 1 0 3 0x100080 kqread resolvd 95526 208348 83732 77 3 0x100092 kqread dhcpleased 22978 198113 83732 77 3 0x100092 kqread dhcpleased 83732 418445 1 0 3 0x80 kqread dhcpleased 62570 24 0 0 3 0x14200 bored smr 18141 30340 0 0 2 0x14200 zerothread 69022 324656 0 0 3 0x14200 aiodoned aiodoned 65430 7386 0 0 3 0x14200 syncer update 55013 501687 0 0 3 0x14200 cleaner cleaner 84177 329701 0 0 3 0x14200 reaper reaper 99983 7946 0 0 3 0x14200 pgdaemon pagedaemon 43686 117855 0 0 3 0x14200 bored viomb 15458 111062 0 0 3 0x40014200 acpi0 acpi0 45054 163451 0 0 3 0x40014200 idle1 71899 461855 0 0 3 0x14200 bored softnet3 1473 481587 0 0 3 0x14200 bored softnet2 35371 388528 0 0 3 0x14200 bored softnet1 50626 322644 0 0 2 0x14200 softnet0 84427 149614 0 0 3 0x14200 bored systqmp 23839 516704 0 0 3 0x14200 bored systq 44544 518878 0 0 3 0x14200 tmoslp softclockmp 19932 475463 0 0 2 0x40014200 softclock 63847 470847 0 0 3 0x40014200 idle0 1 348400 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 43281 (syz-executor) thread 0xffff8000ffffd488 (360452) exclusive rrwlock inode r = 0 (0xfffffd806bff8e20) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2bd sys/kern/vfs_subr.c:693 #6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203 #8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #11 namei+0x7aa sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1864 #13 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806bff8be0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2bd sys/kern/vfs_subr.c:693 #6 cache_lookup+0x36e sys/kern/vfs_cache.c:222 #7 ufs_lookup+0x21b sys/ufs/ufs/ufs_lookup.c:160 #8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #10 namei+0x7aa sys/kern/vfs_lookup.c:250 #11 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1864 #12 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #12 syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 #13 Xsyscall+0x128 Process 41638 (syz-executor) thread 0xffff8000ffffca48 (500668) exclusive rrwlock inode r = 0 (0xfffffd806bff8880) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 sys_getdents+0x264 sys/kern/vfs_syscalls.c:-1 #6 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838ce1f0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 syscall+0xae6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #1 syscall+0xae6 sys/arch/amd64/amd64/trap.c:579 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10219 11175K 11303K 166960K 11567 0 pcb 17 12K 12K 166960K 42 0 rtable 219 10K 10K 166960K 487 0 pf 39 18K 22K 166960K 88 0 ifaddr 39 6K 8K 166960K 65 0 ifgroup 59 2K 2K 166960K 98 0 sysctl 2 1K 9K 166960K 6 0 counters 70 37K 38K 166960K 108 0 ioctlops 0 0K 4K 166960K 1514 0 iov 0 0K 12K 166960K 16 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1346 85K 85K 166960K 1532 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 4 0K 0K 166960K 6 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 352 0 sigio 0 0K 0K 166960K 1 0 proc 72 91K 140K 166960K 577 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 27 0 in_multi 78 5K 7K 166960K 112 0 ether_multi 1 0K 0K 166960K 3 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 447 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 235 163K 169K 166960K 4879 0 UVM aobj 7 2K 4K 166960K 8 0 pinsyscall 45 90K 105K 166960K 1447 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 24 0 NDP 13 0K 1K 166960K 41 0 temp 41 8747K 8747K 166960K 6689 0 kqueue 15 24K 27K 166960K 66 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 53 0 47 1 0 1 1 0 8 0 rtentry 176 123 0 30 6 0 6 6 0 8 0 unpcb 144 266 0 248 6 0 6 6 0 8 5 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 68 0 62 1 0 1 1 0 8 0 arp 128 21 0 5 1 0 1 1 0 8 0 inpcb 328 336 0 327 7 0 7 7 0 8 6 nd6 144 23 0 6 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 0 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 13 0 13 1 0 1 1 0 8 1 pppxif 1504 4 0 4 1 0 1 1 0 8 1 pffrag 232 1 0 0 1 0 1 1 0 482 0 pffrnode 88 1 0 0 1 0 1 1 0 8 0 pffrent 40 2 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 5 0 2 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 31 0 1 1 0 1 1 0 8 0 pfstkey 128 31 0 1 1 0 1 1 0 8 0 pfstate 384 31 0 1 3 0 3 3 0 8 0 pfrule 1344 23 0 16 2 0 2 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 482 0 108 29 0 29 29 0 8 2 art_table 32 485 0 108 4 0 4 4 0 8 0 art_node 16 121 0 36 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 3 0 1 1 0 1 1 0 8 0 shmpl 112 5 0 1 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 1942 0 435 95 0 95 95 0 8 0 ffsino 288 1942 0 435 109 0 109 109 0 8 0 nchpl 144 2430 0 742 63 0 63 63 0 8 0 uvmvnodes 80 2134 0 0 44 0 44 44 0 8 0 vnodes 216 2134 0 0 119 0 119 119 0 8 0 namei 1024 7896 0 7896 3 1 2 2 0 8 2 percpumem 16 69 0 19 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 1 1 0 1 1 0 8 0 kstatmem 264 54 0 24 3 0 3 3 0 8 1 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 7779 0 7779 4 1 3 3 1 8 3 plimitpl 152 98 0 81 1 0 1 1 0 8 0 sigapl 424 651 0 599 7 0 7 7 0 8 0 knotepl 120 556 0 0 17 0 17 17 0 8 0 kqueuepl 224 97 0 86 2 0 2 2 0 8 1 pipepl 336 124 0 95 3 0 3 3 0 8 0 fdescpl 520 630 0 598 3 0 3 3 0 8 0 filepl 160 3194 0 2969 18 1 17 18 0 8 7 lockfpl 104 67 0 65 1 0 1 1 0 8 0 lockfspl 48 32 0 30 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 33 0 16 1 0 1 1 0 8 0 ucredpl 104 271 0 258 1 0 1 1 0 8 0 zombiepl 144 599 0 599 1 0 1 1 0 8 1 processpl 1240 651 0 599 5 0 5 5 0 8 0 procpl 656 1027 0 965 6 0 6 6 0 8 0 srpgc 96 4 0 4 1 0 1 1 0 8 1 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 728 664 0 630 16 5 11 16 0 8 7 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 15 0 15 15 0 8 0 mcl2k 2048 31 0 0 4 0 4 4 0 8 0 mtagpl 96 8 0 0 1 0 1 1 0 8 0 mbufpl 256 409 0 0 26 0 26 26 0 8 0 bufpl 280 2803 0 123 192 0 192 192 0 8 0 anonpl 32 5678 0 0 46 0 46 46 0 246 0 amapchunkpl 152 14826 0 14388 24 0 24 24 0 158 4 amappl16 200 2287 0 2266 9 3 6 6 0 8 4 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 113 0 99 1 0 1 1 0 8 0 amappl13 176 51 0 50 1 0 1 1 0 8 0 amappl12 168 1280 0 1247 4 1 3 3 0 8 0 amappl11 160 53 0 39 1 0 1 1 0 8 0 amappl10 152 35 0 35 1 1 0 1 0 8 0 amappl9 144 274 0 274 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 107 0 93 1 0 1 1 0 8 0 amappl6 120 183 0 178 1 0 1 1 0 8 0 amappl5 112 130 0 121 1 0 1 1 0 8 0 amappl4 104 331 0 309 1 0 1 1 0 8 0 amappl3 96 2696 0 2596 4 0 4 4 0 8 0 amappl2 88 638 0 570 2 0 2 2 0 8 0 amappl1 80 9138 0 8482 16 1 15 15 0 8 1 amappl 88 4175 0 4023 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 7 0 1 1 0 1 1 0 8 0 uaddrrnd 24 630 0 598 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 630 0 598 1 0 1 1 0 8 0 vmmpekpl 168 6733 0 6689 3 0 3 3 0 8 0 vmmpepl 168 46062 0 44086 96 0 96 96 0 357 3 vmsppl 480 629 0 598 5 0 5 5 0 8 0 rwobjpl 72 17160 0 14015 60 1 59 59 0 8 0 pdppl 4096 1268 0 1196 100 22 78 86 0 8 6 pvpl 32 13163 0 0 109 2 107 107 0 265 0 pmappl 256 629 0 598 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 400 0 26 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace copyout() at copyout+0x57 ufs_readdir(ffff80002a396ac0) at ufs_readdir+0x419 sys/ufs/ufs/ufs_vnops.c:1403 VOP_READDIR(fffffd80606905e8,ffff80002a396b40,fffffd80097fb410,ffff80002a396b84) at VOP_READDIR+0x126 sys/kern/vfs_vops.c:453 sys_getdents(ffff8000ffffca48,ffff80002a396ce0,ffff80002a396c30) at sys_getdents+0x2f2 sys/kern/vfs_syscalls.c:3179 syscall(ffff80002a396ce0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a396ce0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x775d308daae0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149 syscall(ffff80002b3f31c0) at syscall+0xae6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002b3f31c0) at syscall+0xae6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72b41e9fc9e0, count: 9 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149 syscall(ffff80002b3f31c0) at syscall+0xae6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002b3f31c0) at syscall+0xae6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72b41e9fc9e0, count: -6