syzbot

 sign-in | mailing list | source | docs
🐞 Open [167]
🐞 Fixed [299]
🐞 Invalid [989]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

uvm_fault: sys_shmat (2)

Status: upstream: reported on 2025/10/01 08:49
Reported-by: syzbot+9669e87e543ae1f05884@syzkaller.appspotmail.com
First crash: 167d, last: 34d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd uvm_fault: sys_shmat -1 1 262d 262d 0/3 auto-obsoleted due to no activity on 2025/09/26 10:39

Sample crash report:
uvm_fault(0xffffffff839170c0, 0xffff8000016fe000, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at      sys_shmat+0xe0: movl    $0xffffffffffffffff,0(%r14)
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
* 19899  74265      0           0  0x4000000    0  syz-executor
sys_shmat(ffff80002a788030,ffff80003c95f570,ffff80003c95f4c0) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c95f570) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c95f570) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f3f23f9f50, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff839170c0, 0xffff8000016fe000, 0, 2) -> e
ddb> trace
sys_shmat(ffff80002a788030,ffff80003c95f570,ffff80003c95f4c0) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c95f570) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c95f570) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f3f23f9f50, count: -3
ddb> show registers
rdi               0xffff80002ecec000
rsi                          0x18090    acpi_pdirpa+0x3f01
rbp               0xffff80003c95f4a0
rbx               0xffff80003c95f570
rdx               0xffff80002ecec000
rcx                          0x1808f    acpi_pdirpa+0x3f00
rax               0xffffffff828bd612    sys_shmat+0xf2
r8                    0x7f7fffffc000
r9                                 0
r10               0xb939be9b9ae2a493
r11               0x74efbc56b305f302
r12               0xffff80002a788030
r13               0xffff80000157e000
r14               0xffff8000016fe000
r15                          0x18000    acpi_pdirpa+0x3e71
rip               0xffffffff828bd600    sys_shmat+0xe0
cs                               0x8
rflags                       0x10216    __ALIGN_SIZE+0xf216
rsp               0xffff80003c95f410
ss                              0x10
sys_shmat+0xe0: movl    $0xffffffffffffffff,0(%r14)
ddb> show proc
PROC (syz-executor) tid=19899 pid=74265 tcnt=3 stat=onproc
    flags process=0 proc=4000000<THREAD>
    runpri=81, usrpri=81, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff80002a7bca78,0xffff80002a788d38
    process=0xffff8000ffffba98 user=0xffff80003c95a000, vmspace=0xfffffd806f585008
    estcpu=31, cpticks=6, pctcpu=0.4, user=0, sys=6, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 56340   89255  35718      0  2           0                syz-executor
 56340  312928  35718      0  3   0x4000080  fsleep        syz-executor
 42976   36132  25548      0  2           0                syz-executor
 42976  175877  25548      0  2   0x4000000                syz-executor
 42976  488861  25548      0  3   0x4000080  fsleep        syz-executor
 42976  477155  25548      0  3   0x4000080  fsleep        syz-executor
 97934  513313  90744      0  2           0                syz-executor
 97934  231648  90744      0  2   0x4000000                syz-executor
  3275  365600  28664      0  2           0                syz-executor
  3275   75138  28664      0  2   0x4000000                syz-executor
  3275  433865  28664      0  3   0x4000080  fsleep        syz-executor
 24145  424674  98857     -1  2        0x10                syz-executor
 24145  435340  98857     -1  3   0x4000090  fsleep        syz-executor
 24145  372715  98857     -1  3   0x4000090  fsleep        syz-executor
 55550  353511  39247      0  3        0x80  nanoslp       syz-executor
 55550  368481  39247      0  3   0x4000080  kqread        syz-executor
 55550   63792  39247      0  3   0x4000080  fsleep        syz-executor
 28947  218328  54869      0  3           0  vmmaplk       syz-executor
 28947  394958  54869      0  3   0x4000080  fifor         syz-executor
 28947   80927  54869      0  3   0x4000080  fifor         syz-executor
 28947  412752  54869      0  2   0x4000000                syz-executor
 74265  269815  56190      0  2           0                syz-executor
*74265   19899  56190      0  7   0x4000000                syz-executor
 74265  188419  56190      0  3   0x4000080  fsleep        syz-executor
 62611  194219      0      0  3     0x14200  acct          acct
 35718  278795  86711      0  2         0x3                syz-executor
 98857  496814  86711      0  2         0x3                syz-executor
 33973  474559      1      0  3    0x100083  ttyin         getty
 39247  343274  86711      0  2         0x3                syz-executor
 28664  181707  86711      0  2         0x3                syz-executor
 25548  175036  86711      0  2         0x3                syz-executor
 90744  222820  86711      0  2         0x3                syz-executor
 54869   40354  86711      0  2         0x3                syz-executor
 56190  397123  86711      0  2         0x3                syz-executor
 86711  143566  96644      0  3        0x82  kqread        syz-executor
 96644  189656  73008      0  3    0x10008a  sigsusp       ksh
 73008  448482  37099      0  3        0x98  kqread        sshd-session
 37099   32103  15208      0  3        0x92  kqread        sshd-session
 15208   72703      1      0  3        0x88  kqread        sshd
 53441  295838  54177     73  3   0x1100090  kqread        syslogd
 54177   46668      1      0  3    0x100082  sbwait        syslogd
 73442  375374      1      0  3    0x100080  kqread        resolvd
 46715  298679  85879     77  3    0x100092  kqread        dhcpleased
 14814  480160  85879     77  3    0x100092  kqread        dhcpleased
 85879   38779      1      0  3        0x80  kqread        dhcpleased
 12762  332769      0      0  3     0x14200  bored         smr
 12426  130294      0      0  2     0x14200                zerothread
 60301  501171      0      0  3     0x14200  aiodoned      aiodoned
 10733    8649      0      0  3     0x14200  syncer        update
 89206  483557      0      0  3     0x14200  cleaner       cleaner
 12940  253301      0      0  3     0x14200  reaper        reaper
 42878  458325      0      0  3     0x14200  pgdaemon      pagedaemon
 53683  208597      0      0  3     0x14200  bored         viomb
 80288  183537      0      0  3  0x40014200  acpi0         acpi0
 80904  114168      0      0  3     0x14200  bored         softnet0
 26441  420725      0      0  3     0x14200  bored         systqmp
 49208  407223      0      0  3     0x14200  bored         systq
 91663  120767      0      0  3  0x40014200  tmoslp        softclock
 30956    4756      0      0  3  0x40014200                idle0
     1  109523      0      0  3        0x82  wait          init
     0       0     -1      0  3  0x10010200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 11063  12269K   13247K 166960K     13924        0
            pcb    18     16K      18K 166960K       270        0
         rtable   241     12K      12K 166960K       751        0
             pf    36     14K      17K 166960K       166        0
         ifaddr    42      7K       8K 166960K        95        0
        ifgroup    51      2K       2K 166960K       129        0
         sysctl     4      1K       9K 166960K        19        0
       counters    34     17K      18K 166960K        73        0
       ioctlops     0      0K       4K 166960K       293        0
            iov     0      0K      16K 166960K       103        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1492     94K      94K 166960K      2298        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     3      5K       9K 166960K        15        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K        86        0
        dirhash    12      2K       2K 166960K        36        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    18     65K     240K 166960K       964        0
          sigio     0      0K       0K 166960K        12        0
           proc    60     59K     124K 166960K       662        0
        subproc    72      4K       4K 166960K       109        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       258        0
       in_multi    91      6K       7K 166960K       190        0
    ether_multi     1      0K       0K 166960K         5        0
            mrt     1      0K       0K 166960K         4        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    79    360K     360K 166960K        79        0
           exec     0      0K       1K 166960K       539        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   266    154K     169K 166960K     10633        0
       UVM aobj    68      5K       7K 166960K        71        0
     pinsyscall    39     78K      96K 166960K      2142        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       1K 166960K        66        0
            NDP    12      0K       2K 166960K        60        0
           temp    56   8674K    8800K 166960K     69323        0
         kqueue    14     22K      32K 166960K       153        0
      SYN cache     2     16K      16K 166960K         2        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb      120      144    0      141     2     1     1     2     0     8    0
rtentry    136      180    0       87     4     0     4     4     0     8    0
unpcb      144      620    0      598     1     0     1     1     0     8    0
syncache   336        5    0        5     2     1     1     1     0     8    1
tcpqe       32        1    0        1     1     1     0     1     0     8    0
tcpcb      736      241    0      235     5     1     4     4     0     8    3
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 0; addr 0xffff8000016f9710 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 0; addr 0xffff8000016f9710 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 1; addr 0xffff8000016f9430 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 1; addr 0xffff8000016f9430 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 2; addr 0xffff8000016f8e70 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 2; addr 0xffff8000016f8e70 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 3; addr 0xffff8000016f8b90 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 3; addr 0xffff8000016f8b90 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 4; addr 0xffff8000016f88b0 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 4; addr 0xffff8000016f88b0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 5; addr 0xffff8000016f82f0 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 5; addr 0xffff8000016f82f0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 6; addr 0xffff8000016f8010 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 6; addr 0xffff8000016f8010 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 7; addr 0xffff8000016f85d0 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 7; addr 0xffff8000016f85d0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 8; addr 0xffff8000016f9150 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 8; addr 0xffff8000016f9150 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 9; addr 0xffff8000016f99f0 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 9; addr 0xffff8000016f99f0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 10; addr 0xffff8000016f9cd0 (p 0xfffffd8060254000); offset 0x0=0x6e2f9e71ffffffff
pool(tcpcb): free list modified: page 0xffff8000016f8000; item ordinal 10; addr 0xffff8000016f9cd0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
pool(tcpcb): free list modified: page 0xffff8000015c0000; item ordinal 0; addr 0xffff8000015c1cd8 (p 0xfffffd8060254000); offset 0x8=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): page inconsistency: page 0xffff8000015c0000; item ordinal 1; addr 0xffff8000848b5b19
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 0; addr 0xffff8000015c5440 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 0; addr 0xffff8000015c5440 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 1; addr 0xffff8000015c5160 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 1; addr 0xffff8000015c5160 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 2; addr 0xffff8000015c5720 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 2; addr 0xffff8000015c5720 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 3; addr 0xffff8000015c5a00 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 3; addr 0xffff8000015c5a00 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 4; addr 0xffff8000015c5ce0 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 4; addr 0xffff8000015c5ce0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 5; addr 0xffff8000015c4ba0 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 5; addr 0xffff8000015c4ba0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 6; addr 0xffff8000015c4020 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 6; addr 0xffff8000015c4020 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 7; addr 0xffff8000015c4300 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 7; addr 0xffff8000015c4300 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 8; addr 0xffff8000015c45e0 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 8; addr 0xffff8000015c45e0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 9; addr 0xffff8000015c48c0 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 9; addr 0xffff8000015c48c0 (p 0xfffffd8060254000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff839bf528:tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 10; addr 0xffff8000015c4e80 (p 0xfffffd8060254000); offset 0x0=0xe8c7ee92ffffffff
pool(tcpcb): free list modified: page 0xffff8000015c4000; item ordinal 10; addr 0xffff8000015c4e80 (p 0xfffffd8060254000); offset 0x0=0xffffffff
arp         96       31    0       13     1     0     1     1     0     8    0
ipq         40        7    0        4     1     0     1     1     0     8    0
ipqe        40        8    0        5     1     0     1     1     0     8    0
inpcb      328      981    0      904    12     5     7     7     0     8    0
nd6        112       38    0       17     1     0     1     1     0     8    0
pkpcb       40        4    0        4     2     1     1     1     0     8    1
kcovpl      48       12    0        4     1     0     1     1     0     8    0
mppekey    1024       2    0        2     2     1     1     1     0     8    1
ppxss      1072      28    0       28     2     1     1     1     0     8    1
pppxif     1384       4    0        4     2     1     1     1     0     8    1
pfrktable  1344       4    0        2     1     0     1     1     0     8    0
pfanchor   1288       2    0        0     1     0     1     1     0     8    0
pfanchor: pool(0xffffffff839c0118:pfanchor): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff8000015f3f90 (p 0xffff8000015f0000)
uvm_fault(0xfffffd806f585008, 0x10000004f, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> machine ddbcpu 0
No such command
ddb> trace
sys_shmat(ffff80002a788030,ffff80003c95f570,ffff80003c95f4c0) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c95f570) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c95f570) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f3f23f9f50, count: -3
ddb> machine ddbcpu 1
No such command
ddb> trace
sys_shmat(ffff80002a788030,ffff80003c95f570,ffff80003c95f4c0) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c95f570) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c95f570) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f3f23f9f50, count: -3

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/11 11:51 openbsd 960213463517 018ebef2 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main uvm_fault: sys_shmat
2026/01/18 06:56 openbsd f5df22e61f89 56f88057 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main uvm_fault: sys_shmat
2025/12/05 14:18 openbsd 4f07d5022fc4 cee4cb10 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: sys_shmat
2025/12/01 22:42 openbsd 6cbdb9457802 d4611817 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: sys_shmat
2025/11/18 14:29 openbsd ae8b598acb72 ef766cd7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main uvm_fault: sys_shmat
2025/10/01 08:49 openbsd ae814b404f5c 770ff59f .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: sys_shmat
* Struck through repros no longer work on HEAD.