panic: negative vmsize for uid NUM
4 views
Skip to first unread message
syzbot
Apr 29, 2025, 2:44:27 AM4/29/25
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=176c9368580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7bae98bfb34acce5f04a
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bae98...@syzkaller.appspotmail.com
panic: negative vmsize for uid 60929
cpuid = 1
time = 5
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe005752e1d0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe005752e330
vpanic() at vpanic+0x257/frame 0xfffffe005752e4f0
panic() at panic+0xb5/frame 0xfffffe005752e5b0
swap_release_by_cred() at swap_release_by_cred+0x14f/frame 0xfffffe005752e5f0
vm_map_entry_delete() at vm_map_entry_delete+0xca/frame 0xfffffe005752e670
vm_map_delete() at vm_map_delete+0x530/frame 0xfffffe005752e7b0
vm_map_fixed() at vm_map_fixed+0x181/frame 0xfffffe005752e890
vm_mmap_object() at vm_mmap_object+0x324/frame 0xfffffe005752e930
shm_mmap() at shm_mmap+0x539/frame 0xfffffe005752ea70
kern_mmap() at kern_mmap+0xedd/frame 0xfffffe005752ec10
sys_mmap() at sys_mmap+0x153/frame 0xfffffe005752ed10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe005752ef30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe005752ef30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x826ca0f08, rbp = 0x826ca0f80 ---
KDB: enter: panic
[ thread pid 913 tid 100235 ]
Stopped at kdb_enter+0x6e: movq $0,0x25be387(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=176c9368580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7bae98bfb34acce5f04a
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bae98...@syzkaller.appspotmail.com
panic: negative vmsize for uid 60929
cpuid = 1
time = 5
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe005752e1d0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe005752e330
vpanic() at vpanic+0x257/frame 0xfffffe005752e4f0
panic() at panic+0xb5/frame 0xfffffe005752e5b0
swap_release_by_cred() at swap_release_by_cred+0x14f/frame 0xfffffe005752e5f0
vm_map_entry_delete() at vm_map_entry_delete+0xca/frame 0xfffffe005752e670
vm_map_delete() at vm_map_delete+0x530/frame 0xfffffe005752e7b0
vm_map_fixed() at vm_map_fixed+0x181/frame 0xfffffe005752e890
vm_mmap_object() at vm_mmap_object+0x324/frame 0xfffffe005752e930
shm_mmap() at shm_mmap+0x539/frame 0xfffffe005752ea70
kern_mmap() at kern_mmap+0xedd/frame 0xfffffe005752ec10
sys_mmap() at sys_mmap+0x153/frame 0xfffffe005752ed10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe005752ef30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe005752ef30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x826ca0f08, rbp = 0x826ca0f80 ---
KDB: enter: panic
[ thread pid 913 tid 100235 ]
Stopped at kdb_enter+0x6e: movq $0,0x25be387(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 24, 2026, 2:41:19 PM (4 days ago) Jan 24
to syzkaller-f...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages