ucopystr can't find its way home
The amd64 version of the ucopystr routine can end up causing an 8-byte stack entry to be lost and result in a rather confused system. The problem is that ucopystr ends up doing a jmp to do_copystr, from which it returns from. do_copystr is part of copystr. copystr pushes on a frame pointer; however, ucopystr does not. This means that when we end up leaving do_copystr we do a leave and a ret.
Because ucopystr does not push on a frame pointer, that results in the leave from do_copystr losing the return address and returning to something else entirely.