panic: mallocarray: overflow 18446744071562067968 * 8 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *299534 73857 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 cd9660_init(ffffffff80000000) at cd9660_init wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800000669100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803c43b5d8,80085761,ffff800014a189b0,42,fffffd803f7c68a0,ffff8000ffff3530) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80375fcb40,80085761,ffff800014a189b0,ffff8000ffff3530) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000ffff3530,ffff800014a18af8,ffff800014a18ae0) at sys_ioctl+0x638 syscall(ffff800014a18b90) at syscall+0x541 Xsyscall(6,0,ffffffffffffff85,0,3,ec25c40f010) at Xsyscall+0x128 end of kernel end trace frame: 0xec4a69ce7d0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic mallocarray: overflow 18446744071562067968 * 8 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 cd9660_init(ffffffff80000000) at cd9660_init wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800000669100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803c43b5d8,80085761,ffff800014a189b0,42,fffffd803f7c68a0,ffff8000ffff3530) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80375fcb40,80085761,ffff800014a189b0,ffff8000ffff3530) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000ffff3530,ffff800014a18af8,ffff800014a18ae0) at sys_ioctl+0x638 syscall(ffff800014a18b90) at syscall+0x541 Xsyscall(6,0,ffffffffffffff85,0,3,ec25c40f010) at Xsyscall+0x128 end of kernel end trace frame: 0xec4a69ce7d0, count: -10 ddb> show registers rdi 0xffffffff81ac0e57 db_enter+0x17 rsi 0x193e __ALIGN_SIZE+0x93e rbp 0xffff800014a185f0 rbx 0xffff800014a186a0 rdx 0x193f __ALIGN_SIZE+0x93f rcx 0xffff80000113b000 rax 0xffff80000113b000 r8 0xffff800014a185b0 r9 0x1 r10 0xffff8000019446c0 r11 0x4e447b1182407e33 r12 0x3000000008 r13 0xffff800014a18600 r14 0x100 r15 0x1 rip 0xffffffff81ac0e58 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a185e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=299534 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffffffff82262138 process=0xffff8000ffff6d30 user=0xffff800014a13000, vmspace=0xfffffd803f013108 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 73857 43036 97171 0 2 0 syz-executor.0 *73857 299534 97171 0 7 0x4000000 syz-executor.0 18667 192905 90734 0 3 0x80 nanosleep syz-executor.1 18667 506819 90734 0 3 0x4000080 kqread syz-executor.1 90734 188655 25768 0 3 0x82 nanosleep syz-executor.1 41141 483717 1 0 3 0x100083 ttyopn getty 97171 153932 25768 0 3 0x82 nanosleep syz-executor.0 90979 283746 0 0 3 0x14200 bored sosplice 25768 180291 94957 0 3 0x82 thrsleep syz-fuzzer 25768 109016 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 40238 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 231835 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 394021 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 29208 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 157769 94957 0 3 0x4000082 thrsleep syz-fuzzer 25768 177595 94957 0 3 0x4000082 kqread syz-fuzzer 94957 393815 48170 0 3 0x10008a pause ksh 48170 143550 91029 0 3 0x92 select sshd 91029 423902 1 0 3 0x80 select sshd 9653 389753 58893 73 3 0x100090 kqread syslogd 58893 52988 1 0 3 0x100082 netio syslogd 4173 507316 1 77 3 0x100090 poll dhclient 43687 338288 1 0 3 0x80 poll dhclient 20978 147140 0 0 2 0x14200 zerothread 53738 398055 0 0 3 0x14200 aiodoned aiodoned 47235 386696 0 0 3 0x14200 syncer update 49395 456936 0 0 3 0x14200 cleaner cleaner 79038 394996 0 0 3 0x14200 reaper reaper 3308 130753 0 0 3 0x14200 pgdaemon pagedaemon 84963 290837 0 0 3 0x14200 bored crynlk 32013 304714 0 0 3 0x14200 bored crypto 62890 412276 0 0 3 0x40014200 acpi0 acpi0 7851 66605 0 0 3 0x14200 bored softnet 86154 269580 0 0 3 0x14200 bored systqmp 94383 494798 0 0 3 0x14200 bored systq 8520 333625 0 0 3 0x40014200 bored softclock 18931 25657 0 0 3 0x40014200 idle0 43504 337267 0 0 3 0x14200 bored smr 1 435133 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9541 6356K 6369K 78643K 12299 0 0 pcb 23 9K 11K 78643K 2169 0 0 rtable 103 4K 4K 78643K 1666 0 0 ifaddr 67 17K 19K 78643K 614 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 93 0 0 iov 0 0K 24K 78643K 565 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1183 74K 76K 78643K 3744 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 54 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 553 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 6 17K 21K 78643K 3568 0 0 sigio 0 0K 0K 78643K 56 0 0 proc 42 30K 46K 78643K 1131 0 0 subproc 64 65538K 67586K 78643K 823 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 476 0 0 in_multi 33 2K 2K 78643K 360 0 0 ether_multi 1 0K 0K 78643K 14 0 0 mrt 0 0K 0K 78643K 10 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 662 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 98 21K 30K 78643K 9707 0 0 UVM aobj 130 9K 9K 78643K 142 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 184 0 0 NDP 15 0K 0K 78643K 196 0 0 temp 194 2362K 2487K 78643K 14229 0 0 kqueue 0 0K 0K 78643K 51 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 26 0 22 1 0 1 1 0 8 0 inpcbpl 280 1904 0 1897 1 0 1 1 0 8 0 plimitpl 152 129 0 121 1 0 1 1 0 8 0 rtentry 112 243 0 203 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 635 0 631 1 0 1 1 0 8 0 nd6 48 48 0 44 1 0 1 1 0 8 0 ppxss 1128 85 0 85 20 19 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1115 0 926 12 0 12 12 0 8 0 art_table 32 1116 0 926 2 0 2 2 0 8 0 art_node 16 238 0 204 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 3 1 0 1 1 0 8 0 semapl 112 551 0 541 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 8107 0 6570 50 0 50 50 0 8 0 ffsino 240 8107 0 6570 91 0 91 91 0 8 0 nchpl 144 13328 0 11616 65 1 64 64 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 43879 0 43879 1 0 1 1 0 8 1 scsiplug 64 7 0 7 5 5 0 1 0 8 0 scxspl 192 45080 0 45080 28 24 4 7 0 8 4 sigapl 432 3675 0 3661 2 0 2 2 0 8 0 futexpl 56 61273 0 61273 1 0 1 1 0 8 1 knotepl 112 1380 0 1360 1 0 1 1 0 8 0 kqueuepl 104 1045 0 1042 1 0 1 1 0 8 0 pipepl 112 2614 0 2595 10 9 1 2 0 8 0 fdescpl 424 3676 0 3661 2 0 2 2 0 8 0 filepl 120 24967 0 24868 9 5 4 5 0 8 1 lockfpl 104 1318 0 1317 4 3 1 1 0 8 0 lockfspl 32 1665 0 1664 4 3 1 1 0 8 0 sessionpl 112 42 0 32 1 0 1 1 0 8 0 pgrppl 48 82 0 72 1 0 1 1 0 8 0 ucredpl 96 6657 0 6650 1 0 1 1 0 8 0 zombiepl 144 3661 0 3661 1 0 1 1 0 8 1 processpl 840 3691 0 3661 4 0 4 4 0 8 0 procpl 600 8481 0 8442 4 0 4 4 0 8 0 sosppl 128 64 0 64 16 16 0 1 0 8 0 sockpl 384 3825 0 3808 8 5 3 4 0 8 1 mcl64k 65536 1860 0 1860 166 156 10 65 0 8 10 mcl16k 16384 13 0 13 11 11 0 1 0 8 0 mcl12k 12288 73 0 73 20 19 1 1 0 8 1 mcl9k 9216 70 0 70 21 20 1 1 0 8 1 mcl8k 8192 51 0 51 20 20 0 1 0 8 0 mcl4k 4096 230 0 230 10 9 1 1 0 8 1 mcl2k2 2112 26 0 26 12 12 0 1 0 8 0 mcl2k 2048 53955 0 53922 13 8 5 11 0 8 0 mtagpl 80 4 0 4 2 2 0 1 0 8 0 mbufpl 256 119680 0 119617 140 133 7 45 0 8 2 bufpl 256 16148 0 10391 360 0 360 360 0 8 0 anonpl 16 428549 0 416846 179 130 49 55 0 62 2 amapchunkpl 152 18166 0 18064 75 69 6 14 0 158 1 amappl16 192 21363 0 20610 192 154 38 39 0 8 0 amappl15 184 98 0 92 1 0 1 1 0 8 0 amappl14 176 1144 0 1143 2 1 1 1 0 8 0 amappl13 168 212 0 209 1 0 1 1 0 8 0 amappl12 160 1166 0 1165 1 0 1 1 0 8 0 amappl11 152 719 0 706 1 0 1 1 0 8 0 amappl10 144 1298 0 1295 1 0 1 1 0 8 0 amappl9 136 648 0 645 1 0 1 1 0 8 0 amappl8 128 214 0 186 1 0 1 1 0 8 0 amappl7 120 318 0 313 1 0 1 1 0 8 0 amappl6 112 721 0 707 1 0 1 1 0 8 0 amappl5 104 985 0 973 1 0 1 1 0 8 0 amappl4 96 2985 0 2958 2 1 1 2 0 8 0 amappl3 88 1737 0 1731 1 0 1 1 0 8 0 amappl2 80 31267 0 31207 2 0 2 2 0 8 0 amappl1 72 76420 0 75990 26 17 9 19 0 8 0 amappl 72 8894 0 8858 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 141 0 12 3 0 3 3 0 8 0 uaddrrnd 24 3676 0 3661 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3676 0 3661 1 0 1 1 0 8 0 vmmpekpl 168 29024 0 29004 2 0 2 2 0 8 0 vmmpepl 168 387532 0 385745 238 155 83 85 0 357 5 vmsppl 264 3675 0 3661 4 3 1 2 0 8 0 pdppl 4096 7358 0 7322 5 0 5 5 0 8 0 pvpl 32 1214972 0 1199487 425 285 140 233 0 265 15 pmappl 192 3675 0 3661 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 836 0 339 20 3 17 17 0 8 1