panic: malloc: allocation too large, type = 2, size = 4294967296 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *253427 70816 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(100000000,2,2) at malloc+0xa13 sys/kern/kern_malloc.c:339 wsmux_getmux(1fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(1fffffff,ffff80000316a300) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803b6a8de8,80085761,ffff8000149d04e0,f,fffffd803f7c6660,ffff800014a12720) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361b1da0,80085761,ffff8000149d04e0,ffff800014a12720) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800014a12720,ffff8000149d0628,ffff8000149d0610) at sys_ioctl+0x638 syscall(ffff8000149d06c0) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,aa55b6a0010) at Xsyscall+0x128 end of kernel end trace frame: 0xaa7d7316bf0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic malloc: allocation too large, type = 2, size = 4294967296 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(100000000,2,2) at malloc+0xa13 sys/kern/kern_malloc.c:339 wsmux_getmux(1fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(1fffffff,ffff80000316a300) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803b6a8de8,80085761,ffff8000149d04e0,f,fffffd803f7c6660,ffff800014a12720) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361b1da0,80085761,ffff8000149d04e0,ffff800014a12720) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800014a12720,ffff8000149d0628,ffff8000149d0610) at sys_ioctl+0x638 syscall(ffff8000149d06c0) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,aa55b6a0010) at Xsyscall+0x128 end of kernel end trace frame: 0xaa7d7316bf0, count: -10 ddb> show registers rdi 0xffffffff8161b027 db_enter+0x17 rsi 0x344a __ALIGN_SIZE+0x244a rbp 0xffff8000149d00b0 rbx 0xffff8000149d0160 rdx 0x344b __ALIGN_SIZE+0x244b rcx 0xffff800003b3d000 rax 0xffff800003b3d000 r8 0xffff8000149d0070 r9 0x1 r10 0xffff800002145680 r11 0x841acda274b648a3 r12 0x3000000008 r13 0xffff8000149d00c0 r14 0x100 r15 0x1 rip 0xffffffff8161b028 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149d00a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=253427 stat=onproc flags process=0 proc=4000000 pri=53, usrpri=53, nice=20 forw=0xffffffffffffffff, list=0xffff800014a124c8,0xffffffff82290d98 process=0xffff8000ffff66a0 user=0xffff8000149cb000, vmspace=0xfffffd803f014738 estcpu=3, cpticks=1, pctcpu=0.1 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 70816 91509 98005 0 2 0 syz-executor.0 *70816 253427 98005 0 7 0x4000000 syz-executor.0 98005 344977 77766 0 2 0x482 syz-executor.0 86725 450516 1 0 3 0x100083 ttyin getty 37992 339451 0 0 3 0x14200 bored sosplice 77766 11303 40833 0 3 0x82 kqread syz-fuzzer 77766 494506 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 440778 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 113756 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 324921 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 140091 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 519150 40833 0 3 0x4000082 thrsleep syz-fuzzer 77766 395615 40833 0 3 0x4000082 thrsleep syz-fuzzer 40833 144253 90830 0 3 0x10008a pause ksh 90830 447203 95776 0 3 0x92 select sshd 95776 134153 1 0 3 0x80 select sshd 41397 285685 52021 73 3 0x100090 kqread syslogd 52021 117948 1 0 3 0x100082 netio syslogd 45731 169226 1 77 3 0x100090 poll dhclient 82404 457560 1 0 3 0x80 poll dhclient 90968 381691 0 0 2 0x14200 zerothread 47585 430126 0 0 3 0x14200 aiodoned aiodoned 92767 180449 0 0 2 0x14200 update 35626 101174 0 0 3 0x14200 cleaner cleaner 94169 403087 0 0 3 0x14200 reaper reaper 38614 365160 0 0 3 0x14200 pgdaemon pagedaemon 56029 78198 0 0 3 0x14200 bored crynlk 72234 37061 0 0 3 0x14200 bored crypto 36275 266521 0 0 3 0x40014200 acpi0 acpi0 41267 223929 0 0 3 0x14200 bored softnet 10221 203529 0 0 3 0x14200 bored systqmp 40262 208901 0 0 3 0x14200 bored systq 4390 399054 0 0 2 0x40014200 softclock 49248 187473 0 0 3 0x40014200 idle0 64292 462301 0 0 3 0x14200 bored smr 1 283222 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9486 6334K 6334K 78643K 10629 0 0 pcb 23 9K 10K 78643K 133 0 0 rtable 82 3K 3K 78643K 247 0 0 ifaddr 48 11K 11K 78643K 76 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 16 0 0 iov 0 0K 16K 78643K 24 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1200 75K 75K 78643K 1293 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 7 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 12 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 4 9K 17K 78643K 160 0 0 sigio 0 0K 0K 78643K 6 0 0 proc 41 30K 46K 78643K 301 0 0 subproc 32 32769K 67586K 78643K 104 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 28 0 0 in_multi 22 1K 2K 78643K 49 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 42 185K 185K 78643K 42 0 0 exec 0 0K 1K 78643K 187 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 69 12K 20K 78643K 1147 0 0 UVM aobj 4 2K 2K 78643K 6 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 6 0 0 NDP 10 0K 0K 78643K 22 0 0 temp 111 2347K 2412K 78643K 3384 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 5 0 2 1 0 1 1 0 8 0 inpcbpl 280 123 0 116 1 0 1 1 0 8 0 plimitpl 152 20 0 14 1 0 1 1 0 8 0 rtentry 112 50 0 19 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 34 0 30 1 0 1 1 0 8 0 nd6 48 6 0 4 1 0 1 1 0 8 0 ppxss 1128 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 226 0 82 12 0 12 12 0 8 2 art_table 32 227 0 82 2 0 2 2 0 8 0 art_node 16 49 0 21 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 2 1 0 1 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 4 0 2 2 1 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1683 0 271 46 0 46 46 0 8 0 ffsino 240 1683 0 271 84 0 84 84 0 8 0 nchpl 144 2097 0 469 61 0 61 61 0 8 0 uvmvnodes 72 1749 0 0 32 0 32 32 0 8 0 vnodes 200 1749 0 0 93 0 93 93 0 8 0 namei 1024 5478 0 5478 2 1 1 1 0 8 1 scsiplug 64 1 0 1 1 0 1 1 0 8 1 scxspl 192 5527 0 5527 8 7 1 6 0 8 1 sigapl 432 328 0 316 2 0 2 2 0 8 0 futexpl 56 2355 0 2355 1 0 1 1 0 8 1 knotepl 112 107 0 94 1 0 1 1 0 8 0 kqueuepl 104 35 0 33 1 0 1 1 0 8 0 pipepl 112 194 0 181 2 1 1 1 0 8 0 fdescpl 424 329 0 316 2 0 2 2 0 8 0 filepl 120 1766 0 1694 4 0 4 4 0 8 1 lockfpl 104 46 0 46 3 2 1 1 0 8 1 lockfspl 32 82 0 82 3 2 1 1 0 8 1 sessionpl 112 19 0 10 1 0 1 1 0 8 0 pgrppl 48 21 0 12 1 0 1 1 0 8 0 ucredpl 96 264 0 257 1 0 1 1 0 8 0 zombiepl 144 316 0 316 2 1 1 1 0 8 1 processpl 840 344 0 316 4 0 4 4 0 8 0 procpl 600 548 0 512 4 0 4 4 0 8 0 sosppl 128 4 0 4 2 1 1 1 0 8 1 sockpl 384 221 0 204 3 0 3 3 0 8 1 mcl64k 65536 5 0 5 1 0 1 1 0 8 1 mcl12k 12288 5 0 5 2 1 1 1 0 8 1 mcl4k 4096 12 0 12 3 2 1 1 0 8 1 mcl2k 2048 47458 0 47415 13 7 6 12 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 78404 0 78337 8 1 7 7 0 8 0 bufpl 256 5953 0 1483 280 0 280 280 0 8 0 anonpl 16 38297 0 31209 37 2 35 35 0 62 0 amapchunkpl 152 1253 0 1174 6 2 4 5 0 158 0 amappl16 192 1163 0 724 24 0 24 24 0 8 1 amappl15 184 66 0 62 1 0 1 1 0 8 0 amappl14 176 22 0 21 2 1 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 10 0 9 1 0 1 1 0 8 0 amappl11 152 36 0 24 1 0 1 1 0 8 0 amappl10 144 126 0 125 2 1 1 1 0 8 0 amappl9 136 535 0 533 1 0 1 1 0 8 0 amappl8 128 117 0 103 1 0 1 1 0 8 0 amappl7 120 31 0 25 1 0 1 1 0 8 0 amappl6 112 72 0 63 1 0 1 1 0 8 0 amappl5 104 135 0 125 1 0 1 1 0 8 0 amappl4 96 516 0 490 2 1 1 2 0 8 0 amappl3 88 122 0 114 1 0 1 1 0 8 0 amappl2 80 1828 0 1777 2 0 2 2 0 8 0 amappl1 72 15362 0 14959 25 15 10 19 0 8 0 amappl 72 763 0 733 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 5 0 2 1 0 1 1 0 8 0 uaddrrnd 24 329 0 316 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 329 0 316 1 0 1 1 0 8 0 vmmpekpl 168 6360 0 6338 2 0 2 2 0 8 0 vmmpepl 168 41419 0 40105 93 23 70 74 0 357 9 vmsppl 264 328 0 316 1 0 1 1 0 8 0 pdppl 4096 664 0 632 5 0 5 5 0 8 0 pvpl 32 138186 0 128114 109 14 95 101 0 265 3 pmappl 192 328 0 316 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 415 0 13 12 0 12 12 0 8 0