panic: mallocarray: overflow 18446744071562067968 * 8 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *282600 5739 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 drm_prime_remove_buf_handle_locked(ffffffff80000000,8) at drm_prime_remove_buf_handle_locked wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800001986100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd8030ca1bb8,80085761,ffff800014a31540,f,fffffd803f7c6a20,ffff800014a03080) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd803ddbdbd0,80085761,ffff800014a31540,ffff800014a03080) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800014a03080,ffff800014a31688,ffff800014a31670) at sys_ioctl+0x638 syscall(ffff800014a31720) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,3e7b175f010) at Xsyscall+0x128 end of kernel end trace frame: 0x3e9b6bb2310, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic mallocarray: overflow 18446744071562067968 * 8 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 drm_prime_remove_buf_handle_locked(ffffffff80000000,8) at drm_prime_remove_buf_handle_locked wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800001986100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd8030ca1bb8,80085761,ffff800014a31540,f,fffffd803f7c6a20,ffff800014a03080) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd803ddbdbd0,80085761,ffff800014a31540,ffff800014a03080) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800014a03080,ffff800014a31688,ffff800014a31670) at sys_ioctl+0x638 syscall(ffff800014a31720) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,3e7b175f010) at Xsyscall+0x128 end of kernel end trace frame: 0x3e9b6bb2310, count: -10 ddb> show registers rdi 0xffffffff819129c7 db_enter+0x17 rsi 0x19a1 __ALIGN_SIZE+0x9a1 rbp 0xffff800014a31180 rbx 0xffff800014a31230 rdx 0x19a2 __ALIGN_SIZE+0x9a2 rcx 0xffff80000093b000 rax 0xffff80000093b000 r8 0xffff800014a31140 r9 0x1 r10 0xffff800000936ec0 r11 0x829c649b68bd477b r12 0x3000000008 r13 0xffff800014a31190 r14 0x100 r15 0x1 rip 0xffffffff819129c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a31170 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=282600 stat=onproc flags process=0 proc=4000000 pri=78, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff800014a032d8,0xffffffff822dfc38 process=0xffff8000ffff66a0 user=0xffff800014a2c000, vmspace=0xfffffd803f013d68 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5739 4362 42961 0 2 0 syz-executor.0 * 5739 282600 42961 0 7 0x4000000 syz-executor.0 72250 225556 23398 0 2 0 syz-executor.1 72250 56683 23398 0 2 0x4000000 syz-executor.1 72250 88337 23398 0 3 0x4000000 inode syz-executor.1 96378 467031 0 0 3 0x14200 bored sosplice 23398 308706 72159 0 3 0x82 nanosleep syz-executor.1 42961 164291 72159 0 3 0x82 nanosleep syz-executor.0 72159 162908 50336 0 3 0x82 thrsleep syz-fuzzer 72159 462860 50336 0 3 0x4000082 thrsleep syz-fuzzer 72159 2872 50336 0 3 0x4000082 thrsleep syz-fuzzer 72159 483531 50336 0 3 0x4000082 thrsleep syz-fuzzer 72159 51470 50336 0 3 0x4000082 thrsleep syz-fuzzer 72159 465284 50336 0 3 0x4000082 kqread syz-fuzzer 72159 49110 50336 0 3 0x4000082 thrsleep syz-fuzzer 72159 56080 50336 0 3 0x4000082 thrsleep syz-fuzzer 50336 330199 75908 0 3 0x10008a pause ksh 75908 174484 66791 0 3 0x92 select sshd 89616 65310 1 0 3 0x100083 ttyopn getty 66791 474212 1 0 3 0x80 select sshd 20555 135579 79883 73 3 0x100090 kqread syslogd 79883 69424 1 0 3 0x100082 netio syslogd 82146 114787 1 77 3 0x100090 poll dhclient 22152 417841 1 0 3 0x80 poll dhclient 10369 350662 0 0 2 0x14200 zerothread 19291 344038 0 0 3 0x14200 aiodoned aiodoned 8578 274822 0 0 3 0x14200 syncer update 9610 512954 0 0 3 0x14200 cleaner cleaner 55286 441485 0 0 3 0x14200 reaper reaper 25701 522631 0 0 3 0x14200 pgdaemon pagedaemon 32652 350908 0 0 3 0x14200 bored crynlk 68894 73909 0 0 3 0x14200 bored crypto 36535 224101 0 0 3 0x40014200 acpi0 acpi0 78946 252576 0 0 3 0x14200 bored softnet 18376 331721 0 0 3 0x14200 bored systqmp 73862 159772 0 0 3 0x14200 bored systq 45376 485367 0 0 3 0x40014200 bored softclock 4839 247177 0 0 3 0x40014200 idle0 42410 358874 0 0 3 0x14200 bored smr 1 51331 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9514 6351K 6351K 78643K 10752 0 0 pcb 23 9K 10K 78643K 263 0 0 rtable 103 4K 4K 78643K 414 0 0 ifaddr 61 13K 13K 78643K 131 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 23 0 0 iov 1 2K 16K 78643K 69 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1200 75K 75K 78643K 1489 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 5 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 68 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 6 17K 25K 78643K 413 0 0 sigio 0 0K 0K 78643K 6 0 0 proc 41 30K 54K 78643K 380 0 0 subproc 64 65538K 67586K 78643K 204 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 54 0 0 in_multi 33 2K 2K 78643K 98 0 0 ether_multi 1 0K 0K 78643K 6 0 0 mrt 0 0K 0K 78643K 2 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 221 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 81 20K 25K 78643K 1766 0 0 UVM aobj 26 4K 4K 78643K 30 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 13 0 0 NDP 13 0K 0K 78643K 41 0 0 temp 177 2355K 2420K 78643K 4301 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 inpcbpl 280 228 0 221 1 0 1 1 0 8 0 plimitpl 152 28 0 21 1 0 1 1 0 8 0 rtentry 112 79 0 39 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 23 0 23 1 1 0 1 0 8 0 tcpcb 544 88 0 84 1 0 1 1 0 8 0 nd6 48 12 0 8 1 0 1 1 0 8 0 ppxss 1128 12 0 12 3 2 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 355 0 170 12 0 12 12 0 8 0 art_table 32 356 0 170 2 0 2 2 0 8 0 art_node 16 76 0 42 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 4 1 0 1 1 0 8 0 semapl 112 64 0 54 1 0 1 1 0 8 0 shmpl 112 28 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2162 0 732 47 0 47 47 0 8 0 ffsino 240 2162 0 732 85 0 85 85 0 8 0 nchpl 144 2942 0 1301 61 0 61 61 0 8 0 uvmvnodes 72 2297 0 0 42 0 42 42 0 8 0 vnodes 200 2297 0 0 121 0 121 121 0 8 0 namei 1024 8434 0 8434 1 0 1 1 0 8 1 scsiplug 64 2 0 2 1 0 1 1 0 8 1 scxspl 192 8247 0 8247 8 7 1 5 0 8 1 sigapl 432 571 0 557 2 0 2 2 0 8 0 futexpl 56 6916 0 6916 1 0 1 1 0 8 1 knotepl 112 226 0 207 1 0 1 1 0 8 0 kqueuepl 104 124 0 122 1 0 1 1 0 8 0 pipepl 112 392 0 371 2 1 1 1 0 8 0 fdescpl 424 572 0 557 2 0 2 2 0 8 0 filepl 120 3687 0 3587 4 0 4 4 0 8 0 lockfpl 104 192 0 191 2 1 1 1 0 8 0 lockfspl 32 243 0 242 2 1 1 1 0 8 0 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 924 0 917 1 0 1 1 0 8 0 zombiepl 144 557 0 557 2 1 1 1 0 8 1 processpl 840 587 0 557 4 0 4 4 0 8 0 procpl 600 1099 0 1059 4 0 4 4 0 8 0 sosppl 128 2 0 2 1 0 1 1 0 8 1 sockpl 384 446 0 429 3 0 3 3 0 8 1 mcl64k 65536 250 0 250 29 25 4 29 0 8 4 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 7 0 7 2 1 1 1 0 8 1 mcl9k 9216 13 0 13 4 3 1 1 0 8 1 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 37 0 37 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 47840 0 47802 15 9 6 12 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 80924 0 80849 23 15 8 20 0 8 0 bufpl 256 6706 0 2226 281 0 281 281 0 8 0 anonpl 16 72210 0 64471 59 12 47 49 0 62 11 amapchunkpl 152 2660 0 2575 10 5 5 9 0 158 0 amappl16 192 3017 0 2544 51 19 32 36 0 8 8 amappl15 184 82 0 78 1 0 1 1 0 8 0 amappl14 176 30 0 28 2 1 1 1 0 8 0 amappl13 168 96 0 92 1 0 1 1 0 8 0 amappl12 160 12 0 9 1 0 1 1 0 8 0 amappl11 152 76 0 65 1 0 1 1 0 8 0 amappl10 144 277 0 273 2 1 1 1 0 8 0 amappl9 136 571 0 566 1 0 1 1 0 8 0 amappl8 128 154 0 139 1 0 1 1 0 8 0 amappl7 120 70 0 65 1 0 1 1 0 8 0 amappl6 112 73 0 65 1 0 1 1 0 8 0 amappl5 104 167 0 156 1 0 1 1 0 8 0 amappl4 96 811 0 785 2 1 1 2 0 8 0 amappl3 88 155 0 148 1 0 1 1 0 8 0 amappl2 80 3984 0 3925 2 0 2 2 0 8 0 amappl1 72 19474 0 19045 23 13 10 19 0 8 0 amappl 72 1338 0 1303 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 29 0 4 1 0 1 1 0 8 0 uaddrrnd 24 572 0 557 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 572 0 557 1 0 1 1 0 8 0 vmmpekpl 168 7927 0 7908 2 0 2 2 0 8 0 vmmpepl 168 66586 0 65098 98 17 81 81 0 357 16 vmsppl 264 571 0 557 4 2 2 2 0 8 1 pdppl 4096 1150 0 1114 6 1 5 6 0 8 0 pvpl 32 212231 0 201354 142 18 124 126 0 265 28 pmappl 192 571 0 557 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 464 0 55 13 0 13 13 0 8 0