uvm_fault(0xfffffd807a287970, 0x3f, 0, 2) -> e kernel: page fault trap, code=2 Stopped at uao_detach+0xb9: movq %rax,0x40(%r15) TID PID UID PRFLAGS PFLAGS CPU COMMAND *160794 35252 0 0 0x4000000 0 syz-executor uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824 shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152 sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278 syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b6d7dc4380, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd807a287970, 0x3f, 0, 2) -> e ddb> trace uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824 shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152 sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278 syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b6d7dc4380, count: -5 ddb> show registers rdi 0xffff800030e04000 rsi 0x12c rbp 0xffff800037679a80 rbx 0xfffffd8075cefae8 rdx 0xffff800030e04000 rcx 0x12b rax 0xffffffffffffffff r8 0x20003000 r9 0x3000 __ALIGN_SIZE+0x2000 r10 0x2197eebded698252 r11 0xb59bf6591c883df4 r12 0x200 r13 0xfffffd8075cefa80 r14 0xfffffd807e14bc60 r15 0xffffffffffffffff rip 0xffffffff8226b179 uao_detach+0xb9 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800037679a40 ss 0x10 uao_detach+0xb9: movq %rax,0x40(%r15) ddb> show proc PROC (syz-executor) tid=160794 pid=35252 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000376676f0,0xffff80002a48c538 process=0xffff8000ffffaf28 user=0xffff800037674000, vmspace=0xfffffd807a287970 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 52067 65255 83528 0 2 0 syz-executor 52067 130911 83528 0 3 0x4000080 fsleep syz-executor 4947 31144 59380 0 2 0 syz-executor 4947 280665 59380 0 2 0x4000000 syz-executor 4947 170876 59380 0 2 0x4000000 syz-executor 87971 294646 89340 0 2 0 syz-executor 87971 248209 89340 0 3 0x4000080 fsleep syz-executor 87971 278106 89340 0 2 0x4000000 syz-executor 41993 134601 31274 -1 2 0x10 syz-executor 41993 71220 31274 -1 3 0x4000090 sbwait syz-executor 41993 146875 31274 -1 2 0x4000010 syz-executor 35252 310838 85490 0 2 0 syz-executor *35252 160794 85490 0 7 0x4000000 syz-executor 35252 214243 85490 0 2 0x4000000 syz-executor 10607 380526 25389 0 2 0 syz-executor 10607 331314 25389 0 2 0x4000000 syz-executor 10607 478385 25389 0 3 0x4000000 inode syz-executor 97674 404146 2618 0 3 0x3000 suspend syz-executor 97674 199735 2618 0 2 0x4081000 syz-executor 59380 288687 51891 0 3 0x82 nanoslp syz-executor 72876 28385 51891 0 3 0x2 biowait syz-executor 25389 291969 51891 0 3 0x82 nanoslp syz-executor 85490 522823 51891 0 3 0x82 nanoslp syz-executor 2618 359984 51891 0 3 0x82 nanoslp syz-executor 83528 20252 51891 0 3 0x82 nanoslp syz-executor 31274 158789 51891 0 3 0x82 nanoslp syz-executor 89340 87337 51891 0 3 0x82 nanoslp syz-executor 97725 178750 0 0 3 0x14200 bored sosplice 51891 257700 12373 0 3 0x82 kqread syz-executor 12373 470267 20144 0 3 0x10008a sigsusp ksh 20144 177871 44221 0 3 0x98 kqread sshd-session 44221 35186 68601 0 3 0x92 kqread sshd-session 88907 107581 1 0 3 0x100083 ttyin getty 68601 37000 1 0 3 0x88 kqread sshd 5974 187788 17706 73 3 0x1100090 kqread syslogd 17706 216152 1 0 3 0x100082 sbwait syslogd 40953 178354 1 0 3 0x100080 kqread resolvd 16858 304742 37534 77 3 0x100092 kqread dhcpleased 28265 272583 37534 77 3 0x100092 kqread dhcpleased 37534 369449 1 0 3 0x80 kqread dhcpleased 83898 433799 0 0 3 0x14200 bored smr 99498 169821 0 0 2 0x14200 zerothread 50945 196916 0 0 3 0x14200 aiodoned aiodoned 77605 43234 0 0 3 0x14200 syncer update 6040 199878 0 0 3 0x14200 cleaner cleaner 58774 135170 0 0 3 0x14200 reaper reaper 10053 127885 0 0 3 0x14200 pgdaemon pagedaemon 21231 231847 0 0 3 0x14200 bored viomb 30509 329165 0 0 3 0x40014200 acpi0 acpi0 27559 483467 0 0 3 0x14200 bored softnet3 5686 194290 0 0 3 0x14200 bored softnet2 77038 400753 0 0 3 0x14200 bored softnet1 85286 93827 0 0 3 0x14200 bored softnet0 66991 408035 0 0 3 0x14200 bored systqmp 56181 305360 0 0 3 0x14200 bored systq 75820 214079 0 0 3 0x40014200 tmoslp softclock 28608 261543 0 0 3 0x40014200 idle0 1 345869 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10180 14131K 14382K 166960K 11420 0 pcb 17 14K 16K 166960K 119 0 rtable 234 9K 9K 166960K 613 0 pf 32 13K 13K 166960K 50 0 ifaddr 42 7K 7K 166960K 81 0 ifgroup 54 2K 2K 166960K 88 0 sysctl 2 0K 0K 166960K 2 0 counters 31 17K 17K 166960K 40 0 ioctlops 0 0K 4K 166960K 47 0 iov 1 16K 16K 166960K 7 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1367 86K 86K 166960K 1581 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 13 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 17 61K 81K 166960K 397 0 sigio 0 0K 0K 166960K 3 0 proc 60 59K 83K 166960K 714 0 subproc 104 6K 6K 166960K 208 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 19 0 in_multi 98 7K 7K 166960K 190 0 ether_multi 1 0K 0K 166960K 2 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 461 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 230 72K 74K 166960K 4687 0 UVM aobj 7 2K 2K 166960K 8 0 pinsyscall 38 76K 89K 166960K 1618 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 13 0 NDP 12 0K 2K 166960K 53 0 temp 38 6803K 6899K 166960K 13132 0 kqueue 14 22K 28K 166960K 47 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 63 0 58 1 0 1 1 0 8 0 rtentry 112 201 0 94 4 0 4 4 0 8 0 unpcb 144 143 0 120 2 0 2 2 0 8 1 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 51 0 46 1 0 1 1 0 8 0 arp 88 34 0 16 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 336 306 0 298 7 0 7 7 0 8 6 nd6 104 48 0 24 1 0 1 1 0 8 0 kcovpl 48 16 0 8 1 0 1 1 0 8 0 ppxss 1072 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 2 0 1 2 0 2 2 0 8 1 art_heap4 256 813 0 364 31 2 29 29 0 8 0 art_table 32 815 0 365 4 0 4 4 0 8 0 art_node 16 200 0 103 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 33 1 0 1 1 0 8 0 semapl 112 11 0 1 1 0 1 1 0 8 0 shmpl 112 5 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1805 0 292 95 0 95 95 0 8 0 ffsino 240 1805 0 292 90 0 90 90 0 8 0 nchpl 144 2180 0 495 63 0 63 63 0 8 0 uvmvnodes 80 2078 0 0 43 0 43 43 0 8 0 vnodes 216 2078 0 0 116 0 116 116 0 8 0 namei 1024 7185 0 7181 4 2 2 2 0 8 1 kstatmem 264 42 0 18 2 0 2 2 0 8 0 scxspl 216 10482 0 10481 4 3 1 4 1 8 0 plimitpl 152 86 0 70 1 0 1 1 0 8 0 sigapl 424 659 0 613 6 0 6 6 0 8 0 futexpl 64 2217 0 2215 1 0 1 1 0 8 0 knotepl 120 7628 0 7578 10 0 10 10 0 8 7 kqueuepl 184 58 0 48 1 0 1 1 0 8 0 pipepl 288 137 0 110 3 0 3 3 0 8 0 fdescpl 432 642 0 613 4 0 4 4 0 8 0 filepl 120 2524 0 2270 10 0 10 10 0 8 1 lockfpl 104 70 0 66 1 0 1 1 0 8 0 lockfspl 48 36 0 32 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 47 0 31 1 0 1 1 0 8 0 ucredpl 104 201 0 189 1 0 1 1 0 8 0 zombiepl 144 703 0 700 2 1 1 1 0 8 0 processpl 1096 659 0 613 4 0 4 4 0 8 0 procpl 648 931 0 870 6 0 6 6 0 8 0 sockpl 504 513 0 477 14 1 13 13 0 8 8 mcl64k 65536 6 0 6 1 0 1 1 0 8 1 mcl16k 16384 5 0 5 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 14 0 14 2 1 1 1 0 8 1 mcl4k 4096 11 0 11 2 1 1 1 0 8 1 mcl2k 2048 5344 0 5251 26 11 15 26 0 8 3 mtagpl 96 10 0 5 1 0 1 1 0 8 0 mbufpl 256 8395 0 8188 16 2 14 14 0 8 0 bufpl 280 4841 0 96 339 0 339 339 0 8 0 anonpl 24 187325 0 184134 54 4 50 50 0 187 29 amapchunkpl 152 15508 0 15003 31 0 31 31 0 158 10 amappl16 200 4924 0 4907 9 4 5 5 0 8 4 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 125 0 115 1 0 1 1 0 8 0 amappl13 176 11 0 11 1 1 0 1 0 8 0 amappl12 168 1397 0 1368 2 0 2 2 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 137 0 137 1 1 0 1 0 8 0 amappl8 136 24 0 23 1 0 1 1 0 8 0 amappl7 128 113 0 103 1 0 1 1 0 8 0 amappl6 120 261 0 260 1 0 1 1 0 8 0 amappl5 112 171 0 162 1 0 1 1 0 8 0 amappl4 104 305 0 289 1 0 1 1 0 8 0 amappl3 96 2864 0 2750 4 0 4 4 0 8 1 amappl2 88 754 0 693 2 0 2 2 0 8 0 amappl1 80 8367 0 7854 13 1 12 12 0 8 1 amappl 88 4278 0 4102 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 7 0 1 1 0 1 1 0 8 0 uaddrrnd 24 642 0 613 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 642 0 613 1 0 1 1 0 8 0 vmmpekpl 168 6383 0 6332 3 0 3 3 0 8 0 vmmpepl 168 48569 0 46841 78 0 78 78 0 357 0 vmsppl 344 641 0 613 4 1 3 4 0 8 0 rwobjpl 24 20385 0 17455 18 0 18 18 0 8 0 pdppl 4096 1291 0 1226 99 32 67 75 0 8 2 pvpl 32 376569 0 367365 206 0 206 206 0 265 122 pmappl 216 641 0 613 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 401 0 55 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824 shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152 sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278 syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b6d7dc4380, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824 shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152 sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278 syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b6d7dc4380, count: -5