panic: negative vmsize for uid 60928 cpuid = 0 time = 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056f0e2f0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056f0e450 vpanic() at vpanic+0x257/frame 0xfffffe0056f0e610 panic() at panic+0xb5/frame 0xfffffe0056f0e6d0 swap_release_by_cred() at swap_release_by_cred+0x14f/frame 0xfffffe0056f0e710 vm_map_entry_delete() at vm_map_entry_delete+0xca/frame 0xfffffe0056f0e790 vm_map_delete() at vm_map_delete+0x530/frame 0xfffffe0056f0e8d0 vm_map_fixed() at vm_map_fixed+0x181/frame 0xfffffe0056f0e9c0 vm_mmap_object() at vm_mmap_object+0x3d6/frame 0xfffffe0056f0ea70 kern_mmap() at kern_mmap+0xc81/frame 0xfffffe0056f0ec10 sys_mmap() at sys_mmap+0x153/frame 0xfffffe0056f0ed10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056f0ef30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056f0ef30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x82918ff08, rbp = 0x82918ff80 --- KDB: enter: panic [ thread pid 1146 tid 100645 ] Stopped at kdb_enter+0x6e: movq $0,0x25b84e7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0073200000 rdx 0x7ffff rbx 0xffffffff827bc9a0 .str.27 rsp 0xfffffe0056f0e430 rbp 0xfffffe0056f0e450 rsi 0x80001 rdi 0xffffffff8161a329 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0xb r12 0xfffffe0054144780 r13 0xfffffffffffffffe r14 0xffffffff827bc9a0 .str.27 r15 0 rip 0xffffffff81603eae kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b84e7(%rip) db> show proc Process 1146 (syz-executor) at 0xfffffe00540f85c0: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 766 at 0xfffffe00540ef040 ABI: FreeBSD ELF64 flag: 0x10000180 flag2: 0 arguments: ./syz-executor exec reaper: 0xfffffe0007809040 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00078106d8 (map 0xfffffe00078106d8) (map.pmap 0xfffffe0007810778) (pmap 0xfffffe00078107e8) threads: 5 100418 D vm map 0xfffffe0007810738 syz-executor 100639 RunQ syz-executor 100642 D ranged1 0xfffffe006dec7348 syz-executor 100644 RunQ syz-executor 100645 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1158 765 765 0 R (threaded) syz-executor 100422 RunQ syz-executor 100667 RunQ syz-executor 100668 L *sctp-cr 0xfffffe005413d840 syz-executor 1156 764 764 0 R (threaded) syz-executor 100187 RunQ syz-executor 100666 S uwait 0xfffffe0059639e00 syz-executor 1154 1 765 0 S uwait 0xfffffe006e4d7480 syz-executor 1146 766 766 60928 R (threaded) syz-executor 100418 D vm map 0xfffffe0007810738 syz-executor 100639 RunQ syz-executor 100642 D ranged1 0xfffffe006dec7348 syz-executor 100644 RunQ syz-executor 100645 Run CPU 0 syz-executor 1096 1095 765 0 S uwait 0xfffffe006e4d7b80 syz-executor 1095 1094 765 0 SV wait 0xfffffe00541515a0 syz-executor 1094 1 765 0 DV ppwait 0xfffffe0054151aa0 syz-executor 1020 0 0 0 DL - 0xffffffff83b47da0 [accounting] 954 1 954 0 Ds+ getblk 0xfffffe0007e15c18 getty 952 1 952 0 Ds+ rangelk 0xfffffe006e53d6c0 getty 951 1 951 0 Ds+ ufs 0xfffffe006e53d598 getty 948 1 948 0 Ds+ rangelk 0xfffffe006e53d6c0 getty 936 0 0 0 DL - 0xffffffff83cad600 [soaiod4] 935 0 0 0 DL - 0xffffffff83cad600 [soaiod3] 934 0 0 0 DL - 0xffffffff83cad600 [soaiod2] 933 0 0 0 DL - 0xffffffff83cad600 [soaiod1] 924 0 0 0 DL (threaded) [so_splice] 100101 D - 0xfffffe0059826200 [thr_0] 100235 D - 0xfffffe0059826240 [thr_1] 832 0 0 0 DL (threaded) [KTLS] 100098 D - 0xfffffe0007a6d800 [thr_0] 100153 D - 0xfffffe0007a6d880 [thr_1] 100154 D - 0xffffffff83caee28 [reclaim_0] 821 0 0 0 DL aiordy 0xfffffe0007826ac0 [aiod4] 820 0 0 0 DL aiordy 0xfffffe0007826560 [aiod3] 819 0 0 0 DL aiordy 0xfffffe000780a5c0 [aiod2] 818 0 0 0 DL aiordy 0xfffffe000780a060 [aiod1] 767 763 767 0 R syz-executor 766 763 766 0 R syz-executor 765 763 765 0 S nanslp 0xffffffff83b9d580 syz-executor 764 763 764 0 R syz-executor 763 1 761 0 S select 0xfffffe006dbcda40 syz-executor 17 0 0 0 DL syncer 0xffffffff83cbafa0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb9560 [bufdaemon] 100083 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100095 D sdflush 0xfffffe00596bf0e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d04400 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83cea4c8 [dom0] 100081 D launds 0xffffffff83cea4d4 [laundry: dom0] 100082 D umarcl 0xffffffff81dda440 [uma] 7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff846f4980 [pf purge] 5 0 0 0 DL waiting 0xffffffff84595700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100046 RunQ [doneq0] 100047 D - 0xffffffff838e52c0 [async] 100076 D - 0xffffffff838e5140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce5d80 [crypto] 100044 D crypto_ 0xfffffe0007a6fc30 [crypto returns 0] 100045 D crypto_ 0xfffffe0007a6fc80 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe0053ff0088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b45f20 [g_event] 100038 D - 0xffffffff83b45f40 [g_up] 100039 D - 0xffffffff83b45f60 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 Run CPU 1 [clock (0)] 100032 RunQ [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce6820 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c36ff0 [swapper] 100005 D - 0xfffffe0053e9c800 [softirq_0] 100006 D - 0xfffffe0053e9c700 [softirq_1] 100007 D - 0xfffffe0053e9c600 [if_io_tqg_0] 100008 D - 0xfffffe0053e9c500 [if_io_tqg_1] 100009 D - 0xfffffe0053e9c400 [if_config_tqg_0] 100010 D - 0xfffffe000776ab00 [kqueue_ctx taskq] 100011 D - 0xfffffe000776aa00 [jail_remove taskq] 100012 D - 0xfffffe000776a900 [bus taskq] 100015 D - 0xfffffe000776a600 [thread taskq] 100017 D - 0xfffffe000776a400 [aiod_kick taskq] 100018 D - 0xfffffe000776a300 [deferred_unmount ta] 100019 D - 0xfffffe000776a200 [inm_free taskq] 100020 D - 0xfffffe000776a100 [in6m_free taskq] 100021 D - 0xfffffe000776a000 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007769e00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007769e00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007769e00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007769e00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007769d00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007769d00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007769d00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007769d00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007769a00 [firmware taskq] 100041 D - 0xfffffe0007769700 [crypto_0] 100042 D - 0xfffffe0007769700 [crypto_1] 100057 D - 0xfffffe0007769300 [vtnet0 rxq 0] 100058 D - 0xfffffe0007769200 [vtnet0 txq 0] 100059 D - 0xfffffe0007769100 [vtnet0 rxq 1] 100060 D - 0xfffffe0007769000 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0057d7eb80 [virtio_balloon] 100066 D - 0xffffffff827c1d41 [deadlkres] 100070 D - 0xfffffe00593dc300 [acpi_task_0] 100071 D - 0xfffffe00593dc300 [acpi_task_1] 100072 D - 0xfffffe00593dc300 [acpi_task_2] 100074 D - 0xfffffe000776ac00 [mca taskq] 100075 D - 0xfffffe0007769600 [CAM taskq] 100077 D - 0xfffffe0007768d00 [ipsec_offload] 1148 767 767 -1 Z syz-executor db> show all locks Process 1158 (syz-executor) thread 0xfffffe0054145780 (100667) exclusive rw kernel vm object (kernel vm object) r = 0 (0xffffffff83ce9d40) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_kern.c:551 exclusive sleep mutex sctp-inp (inp) r = 0 (0xfffffe006e5a5a68) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:4304 exclusive rw sctp-info (sctp-info) r = 0 (0xfffffe00077d5530) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:4303 exclusive sleep mutex sctp-create (inp_create) r = 0 (0xfffffe006e5a5a88) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_usrreq.c:6999 Process 1146 (syz-executor) thread 0xfffffe0054119000 (100639) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007cf81e0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:1752 exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007cf6968) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006dec7228) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1235 Process 1146 (syz-executor) thread 0xfffffe0054161000 (100644) exclusive sx vm map (user) (vm map (user)) r = 0 (0xfffffe0007810e10) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4373 shared sx killpg racer (killpg racer) r = 0 (0xfffffe00540dc508) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_fork.c:959 Process 1146 (syz-executor) thread 0xfffffe0054144780 (100645) exclusive sx vm map (user) (vm map (user)) r = 0 (0xfffffe0007810738) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:1975 Process 954 (getty) thread 0xfffffe00540f4000 (100115) exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006e53d598) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:698 db>