panic: amap_lookup: offset out of range
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*459452 86279 0 0x2 0x4000000 0 syz-fuzzer
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82434763) at panic+0x15c sys/kern/subr_prf.c:207
amap_lookup(fffffd8068aa6bd0,0) at amap_lookup+0x19b sys/uvm/uvm_amap.c:1027
uvm_map_clean(fffffd806bc0a000,c0034f0000,c00351a000,8) at uvm_map_clean+0x43a sys/uvm/uvm_map.c:4670
syscall(ffff80001d73a690) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc000051ed0, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
amap_lookup: offset out of range
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82434763) at panic+0x15c sys/kern/subr_prf.c:207
amap_lookup(fffffd8068aa6bd0,0) at amap_lookup+0x19b sys/uvm/uvm_amap.c:1027
uvm_map_clean(fffffd806bc0a000,c0034f0000,c00351a000,8) at uvm_map_clean+0x43a sys/uvm/uvm_map.c:4670
syscall(ffff80001d73a690) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc000051ed0, count: -6
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001d73a3e0
rbx 0xffff80001d73a490
rdx 0x2
rcx 0
rax 0x1
r8 0xffffffff821959cf kprintf+0x15f
r9 0x1
r10 0x2
r11 0x29028af9b8ca2c62
r12 0x3000000008
r13 0xffff80001d73a3f0
r14 0x100
r15 0x1
rip 0xffffffff81e0dea8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001d73a3d0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-fuzzer) pid=459452 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=4000000<THREAD>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d718600,0xffff80001d717500
process=0xffff8000ffff83b0 user=0xffff80001d735000, vmspace=0xfffffd806bc0a000
estcpu=0, cpticks=0, pctcpu=0.8
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
24473 206129 28325 0 2 0x10 syz-executor.1
24473 388051 28325 0 2 0x4000010 syz-executor.1
24473 469892 28325 0 2 0x4000010 syz-executor.1
55614 380543 0 0 3 0x14200 bored sosplice
56150 494313 86279 0 2 0x2 syz-executor.0
30818 110741 0 0 3 0x14200 acct acct
28325 35004 86279 0 3 0x82 nanosleep syz-executor.1
86279 374892 94946 0 3 0x82 kqread syz-fuzzer
86279 104635 94946 0 2 0x4000002 syz-fuzzer
*86279 459452 94946 0 7 0x4000002 syz-fuzzer
86279 401689 94946 0 3 0x4000082 thrsleep syz-fuzzer
86279 212980 94946 0 3 0x4000082 thrsleep syz-fuzzer
86279 496373 94946 0 2 0x4000002 syz-fuzzer
86279 269315 94946 0 3 0x4000082 thrsleep syz-fuzzer
94946 350392 14867 0 3 0x10008a pause ksh
14867 73438 13542 0 3 0x92 select sshd
28615 52913 1 0 3 0x100083 ttyin getty
13542 118029 1 0 3 0x80 select sshd
93324 301882 70664 73 3 0x100090 kqread syslogd
70664 290012 1 0 3 0x100082 netio syslogd
39850 43498 1 77 3 0x100090 poll dhclient
52644 273106 1 0 3 0x80 poll dhclient
92331 407071 0 0 3 0x14200 bored smr
83718 273011 0 0 2 0x14200 zerothread
26725 308945 0 0 3 0x14200 aiodoned aiodoned
41794 145955 0 0 3 0x14200 syncer update
8625 172151 0 0 3 0x14200 cleaner cleaner
31785 402667 0 0 3 0x14200 reaper reaper
85622 341744 0 0 3 0x14200 pgdaemon pagedaemon
58256 53438 0 0 3 0x14200 bored crynlk
89111 114460 0 0 3 0x14200 bored crypto
23606 306742 0 0 3 0x40014200 acpi0 acpi0
2023 498622 0 0 3 0x14200 bored softnet
40640 493662 0 0 3 0x14200 bored systqmp
16691 102300 0 0 3 0x14200 bored systq
44420 217383 0 0 3 0x40014200 bored softclock
18993 143568 0 0 3 0x40014200 idle0
1 113502 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9512 6347K 6668K 78643K 11123 0
pcb 13 8K 8K 78643K 82 0
rtable 120 8K 8K 78643K 481 0
ifaddr 90 18K 18K 78643K 219 0
counters 21 16K 16K 78643K 32 0
ioctlops 0 0K 4K 78643K 140 0
iov 0 0K 16K 78643K 77 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1409 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 7 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 99 0
dirhash 9 1K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 566 0
sigio 0 0K 0K 78643K 8 0
proc 50 38K 63K 78643K 444 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 42 0
in_multi 93 4K 4K 78643K 140 0
ether_multi 1 0K 0K 78643K 11 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 240 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 131 39K 48K 78643K 2135 0
UVM aobj 18 4K 4K 78643K 24 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 78 0
NDP 13 0K 0K 78643K 31 0
temp 121 3852K 3916K 78643K 19088 0
kqueue 3 4K 12K 78643K 21 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 3 1 0 1 1 0 8 0
rtpcb 80 43 0 41 1 0 1 1 0 8 0
rtentry 112 63 0 22 2 0 2 2 0 8 0
unpcb 120 223 0 215 1 0 1 1 0 8 0
syncache 264 11 0 11 3 3 0 1 0 8 0
tcpqe 32 81 0 81 2 2 0 1 0 8 0
tcpcb 544 214 0 208 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 45 0 45 1 1 0 1 0 8 0
inpcb 280 1089 0 1077 2 0 2 2 0 8 1
nd6 48 12 0 8 1 0 1 1 0 8 0
ppxss 1128 1 0 1 1 1 0 1 0 8 0
pfrktable 1344 72 0 63 1 0 1 1 0 8 0
pftag 88 13 0 12 2 1 1 1 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 4 0 2 1 0 1 1 0 8 0
pfstate 328 2 0 1 1 0 1 1 0 8 0
pfrule 1360 18 0 12 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 280 0 105 14 1 13 14 0 8 0
art_table 32 281 0 105 2 0 2 2 0 8 0
art_node 16 62 0 24 1 0 1 1 0 8 0
sysvmsgpl 40 6 0 2 2 1 1 1 0 8 0
semupl 112 5 0 5 2 2 0 1 0 8 0
semapl 112 97 0 87 1 0 1 1 0 8 0
shmpl 112 22 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 10 3 1 2 3 0 8 0
dino2pl 256 2113 0 717 88 0 88 88 0 8 0
ffsino 240 2113 0 717 83 0 83 83 0 8 0
nchpl 144 2986 0 1399 60 0 60 60 0 8 0
uvmvnodes 72 2281 0 0 42 0 42 42 0 8 0
vnodes 208 2281 0 0 121 0 121 121 0 8 0
namei 1024 8127 0 8127 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 24 0 16 1 0 1 1 0 8 0
scxspl 192 9250 0 9250 1 0 1 1 0 8 1
plimitpl 152 49 0 42 1 0 1 1 0 8 0
sigapl 424 751 0 721 4 0 4 4 0 8 0
futexpl 56 9956 0 9956 1 0 1 1 0 8 1
knotepl 112 93 0 74 1 0 1 1 0 8 0
kqueuepl 144 56 0 54 1 0 1 1 0 8 0
pipepl 272 142 0 132 1 0 1 1 0 8 0
fdescpl 432 735 0 721 2 0 2 2 0 8 0
filepl 120 4271 0 4172 4 0 4 4 0 8 1
lockfpl 104 97 0 96 1 0 1 1 0 8 0
lockfspl 48 37 0 36 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 22 0 12 1 0 1 1 0 8 0
ucredpl 96 336 0 328 1 0 1 1 0 8 0
zombiepl 144 721 0 721 1 0 1 1 0 8 1
processpl 920 751 0 721 4 0 4 4 0 8 0
procpl 624 1386 0 1348 5 1 4 4 0 8 0
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 1359 0 1337 5 1 4 4 0 8 1
mcl64k 65536 288 0 288 32 14 18 32 0 8 18
mcl16k 16384 3 0 3 1 1 0 1 0 8 0
mcl12k 12288 14 0 14 2 1 1 1 0 8 1
mcl9k 9216 7 0 7 2 1 1 1 0 8 1
mcl8k 8192 16 0 16 2 1 1 1 0 8 1
mcl4k 4096 41 0 41 2 1 1 1 0 8 1
mcl2k2 2112 3 0 3 2 1 1 1 0 8 1
mcl2k 2048 73256 0 73213 13 7 6 12 0 8 0
mtagpl 80 41 0 11 2 1 1 1 0 8 0
mbufpl 256 119435 0 119277 31 16 15 26 0 8 1
bufpl 280 5129 0 126 358 0 358 358 0 8 0
anonpl 16 79787 0 64158 73 9 64 70 0 107 1
amapchunkpl 152 3984 0 3854 21 15 6 20 0 158 0
amappl16 192 3529 0 2678 58 13 45 54 0 8 2
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 25 0 18 1 0 1 1 0 8 0
amappl13 168 180 0 175 1 0 1 1 0 8 0
amappl12 160 235 0 231 1 0 1 1 0 8 0
amappl11 152 57 0 47 1 0 1 1 0 8 0
amappl10 144 169 0 164 1 0 1 1 0 8 0
amappl9 136 342 0 341 1 0 1 1 0 8 0
amappl8 128 354 0 309 2 0 2 2 0 8 0
amappl7 120 261 0 250 1 0 1 1 0 8 0
amappl6 112 31 0 23 1 0 1 1 0 8 0
amappl5 104 956 0 944 1 0 1 1 0 8 0
amappl4 96 581 0 555 1 0 1 1 0 8 0
amappl3 88 122 0 117 1 0 1 1 0 8 0
amappl2 80 5009 0 4943 2 0 2 2 0 8 0
amappl1 72 21791 0 21370 25 16 9 17 0 8 0
amappl 80 1621 0 1580 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 23 0 6 1 0 1 1 0 8 0
uaddrrnd 24 737 0 721 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 737 0 721 1 0 1 1 0 8 0
vmmpekpl 168 8171 0 8142 2 0 2 2 0 8 0
vmmpepl 168 92260 0 90306 140 36 104 117 0 357 19
vmsppl 272 736 0 721 3 1 2 2 0 8 0
pdppl 4096 1480 0 1444 6 1 5 6 0 8 0
pvpl 32 237943 0 219321 170 16 154 170 0 265 3
pmappl 200 736 0 721 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 295 0 48 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82434763) at panic+0x15c sys/kern/subr_prf.c:207
amap_lookup(fffffd8068aa6bd0,0) at amap_lookup+0x19b sys/uvm/uvm_amap.c:1027
uvm_map_clean(fffffd806bc0a000,c0034f0000,c00351a000,8) at uvm_map_clean+0x43a sys/uvm/uvm_map.c:4670
syscall(ffff80001d73a690) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc000051ed0, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82434763) at panic+0x15c sys/kern/subr_prf.c:207
amap_lookup(fffffd8068aa6bd0,0) at amap_lookup+0x19b sys/uvm/uvm_amap.c:1027
uvm_map_clean(fffffd806bc0a000,c0034f0000,c00351a000,8) at uvm_map_clean+0x43a sys/uvm/uvm_map.c:4670
syscall(ffff80001d73a690) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc000051ed0, count: -6