panic: malloc: allocation too large, type = 2, size = 8589935960 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *367776 83168 0 0 0x4000000 0K syz-executor.0 471075 55846 0 0 0 1 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x174 sys/kern/subr_prf.c:208 malloc(200000558,2,2) at malloc+0xa6f sys/kern/kern_malloc.c:339 wsmux_getmux(400000aa) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(400000aa,ffff800000026d00) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd8068b52690,80085761,ffff800020c53810,42,fffffd807f7c68a0,ffff800020b299e0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8066d28440,80085761,ffff800020c53810,ffff800020b299e0) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800020b299e0,ffff800020c53958,ffff800020c53940) at sys_ioctl+0x651 syscall(ffff800020c539f0) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ffff800020c539f0) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,ffffffffffffff86,0,3,4b445c1d010) at Xsyscall+0x128 end of kernel end trace frame: 0x4b71a88b280, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic malloc: allocation too large, type = 2, size = 8589935960 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x174 sys/kern/subr_prf.c:208 malloc(200000558,2,2) at malloc+0xa6f sys/kern/kern_malloc.c:339 wsmux_getmux(400000aa) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(400000aa,ffff800000026d00) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd8068b52690,80085761,ffff800020c53810,42,fffffd807f7c68a0,ffff800020b299e0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8066d28440,80085761,ffff800020c53810,ffff800020b299e0) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff800020b299e0,ffff800020c53958,ffff800020c53940) at sys_ioctl+0x651 syscall(ffff800020c539f0) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ffff800020c539f0) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,ffffffffffffff86,0,3,4b445c1d010) at Xsyscall+0x128 end of kernel end trace frame: 0x4b71a88b280, count: -10 ddb{0}> show registers rdi 0xffffffff81a91937 db_enter+0x17 rsi 0x18fb __ALIGN_SIZE+0x8fb rbp 0xffff800020c533e0 rbx 0xffff800020c53490 rdx 0x18fc __ALIGN_SIZE+0x8fc rcx 0xffff800001566000 rax 0xffff800001566000 r8 0xffffffff81ad1df3 kprintf+0x183 r9 0x1 r10 0x25 r11 0x20487b8634ae4c69 r12 0x3000000008 r13 0xffff800020c533f0 r14 0x100 r15 0x1 rip 0xffffffff81a91938 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c533d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=367776 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b29080,0xffffffff823c8d80 process=0xffff800020b7d710 user=0xffff800020c4e000, vmspace=0xfffffd807effd708 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83168 286692 35531 0 2 0 syz-executor.0 *83168 367776 35531 0 7 0x4000000 syz-executor.0 55846 471075 99581 0 7 0 syz-executor.1 55846 133839 99581 0 3 0x4000080 switchread syz-executor.1 35531 185111 55409 0 2 0x482 syz-executor.0 99581 194021 55409 0 2 0x482 syz-executor.1 73296 255525 1 0 3 0x100083 ttyin getty 72804 465569 0 0 3 0x14200 bored sosplice 55409 298541 20037 0 3 0x82 kqread syz-fuzzer 55409 53676 20037 0 3 0x4000082 nanosleep syz-fuzzer 55409 162036 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 179575 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 23012 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 30502 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 236367 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 394421 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 380767 20037 0 3 0x4000082 thrsleep syz-fuzzer 55409 483126 20037 0 3 0x4000082 thrsleep syz-fuzzer 20037 369328 89475 0 3 0x10008a pause ksh 89475 204892 70017 0 3 0x92 select sshd 70017 159082 1 0 3 0x80 select sshd 93437 324114 19922 74 3 0x100092 bpf pflogd 19922 488044 1 0 3 0x80 netio pflogd 55909 145310 63412 73 3 0x100090 kqread syslogd 63412 13456 1 0 3 0x100082 netio syslogd 39362 182025 1 77 3 0x100090 poll dhclient 84853 246720 1 0 3 0x80 poll dhclient 77819 430874 0 0 2 0x14200 zerothread 1047 106453 0 0 3 0x14200 aiodoned aiodoned 83538 401742 0 0 3 0x14200 syncer update 66724 443151 0 0 3 0x14200 cleaner cleaner 9894 58556 0 0 3 0x14200 reaper reaper 20493 104158 0 0 3 0x14200 pgdaemon pagedaemon 287 203681 0 0 3 0x14200 bored crynlk 40573 55911 0 0 3 0x14200 bored crypto 39688 237169 0 0 3 0x40014200 acpi0 acpi0 64577 215908 0 0 3 0x40014200 idle1 76432 39923 0 0 3 0x14200 bored softnet 21848 250219 0 0 3 0x14200 bored systqmp 79280 10155 0 0 3 0x14200 bored systq 5447 367632 0 0 3 0x40014200 bored softclock 20865 422126 0 0 3 0x40014200 idle0 28268 172467 0 0 3 0x14200 bored smr 1 347705 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 83168 (syz-executor.0) thread 0xffff800020b299e0 (367776) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82360b08) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90 #0 witness_lock+0x594 sys/kern/subr_witness.c:1201 #1 syscall+0x48b mi_syscall sys/sys/syscall_mi.h:91 [inline] #1 syscall+0x48b sys/arch/amd64/amd64/trap.c:574 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9553 6436K 6448K 78643K 11373 0 0 pcb 26 9K 11K 78643K 1043 0 0 rtable 100 3K 4K 78643K 994 0 0 ifaddr 68 15K 16K 78643K 373 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1490 0 0 iov 0 0K 16K 78643K 227 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1196 75K 75K 78643K 2216 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 38 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 247 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12628 0 0 file desc 6 17K 25K 78643K 2026 0 0 sigio 0 0K 0K 78643K 25 0 0 proc 54 51K 83K 78643K 836 0 0 subproc 64 65538K 67586K 78643K 516 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 223 0 0 in_multi 33 2K 2K 78643K 235 0 0 ether_multi 1 0K 0K 78643K 8 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 90 397K 397K 78643K 90 0 0 exec 0 0K 1K 78643K 436 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 94 21K 25K 78643K 7386 0 0 UVM aobj 120 9K 9K 78643K 128 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 75 0 0 NDP 15 0K 0K 78643K 117 0 0 temp 193 2380K 2508K 78643K 9380 0 0 kqueue 0 0K 0K 78643K 17 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 17 0 13 1 0 1 1 0 8 0 inpcbpl 280 1322 0 1315 1 0 1 1 0 8 0 plimitpl 152 99 0 91 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 159 0 119 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 19 0 19 2 2 0 1 0 8 0 tcpcb 544 352 0 348 1 0 1 1 0 8 0 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 30 0 26 1 0 1 1 0 8 0 ppxss 1128 50 0 50 6 5 1 1 0 8 1 pffrent 40 2 0 2 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 43 0 32 1 0 1 1 0 8 0 pfstkey 112 43 0 32 1 0 1 1 0 8 0 pfstate 328 43 0 32 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 744 0 556 12 0 12 12 0 8 0 art_table 32 745 0 556 2 0 2 2 0 8 0 art_node 16 158 0 124 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 6 3 2 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 245 0 235 1 0 1 1 0 8 0 shmpl 112 126 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4770 0 3292 48 0 48 48 0 8 0 ffsino 272 4770 0 3292 99 0 99 99 0 8 0 nchpl 144 7739 0 6071 63 1 62 62 0 8 0 uvmvnodes 72 5212 0 0 95 0 95 95 0 8 0 vnodes 200 5212 0 0 275 0 275 275 0 8 0 namei 1024 24157 0 24157 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 5 0 5 4 3 1 1 0 8 1 scxspl 192 25200 0 25200 15 12 3 6 0 8 3 sigapl 432 2189 0 2173 3 1 2 3 0 8 0 futexpl 56 22506 0 22506 1 0 1 1 0 8 1 knotepl 112 681 0 662 1 0 1 1 0 8 0 kqueuepl 104 516 0 514 1 0 1 1 0 8 0 pipepl 112 1338 0 1319 6 5 1 2 0 8 0 fdescpl 488 2190 0 2173 4 1 3 3 0 8 0 filepl 152 13304 0 13202 7 2 5 6 0 8 1 lockfpl 104 506 0 505 3 2 1 1 0 8 0 lockfspl 32 255 0 254 3 2 1 1 0 8 0 sessionpl 112 34 0 23 1 0 1 1 0 8 0 pgrppl 48 66 0 55 1 0 1 1 0 8 0 ucredpl 96 2544 0 2535 1 0 1 1 0 8 0 zombiepl 144 2173 0 2173 1 0 1 1 0 8 1 processpl 840 2206 0 2173 4 0 4 4 0 8 0 procpl 600 6370 0 6326 4 0 4 4 0 8 0 srpgc 64 79 0 79 7 7 0 1 0 8 0 sosppl 128 27 0 27 7 6 1 1 0 8 1 sockpl 384 2218 0 2198 6 3 3 4 0 8 1 mcl64k 65536 352 0 0 42 9 33 34 0 8 1 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 130 0 0 15 1 14 15 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 402 0 0 21 1 20 20 0 8 0 bufpl 256 10048 0 3025 440 0 440 440 0 8 0 anonpl 16 228073 0 219399 85 38 47 53 0 125 6 amapchunkpl 152 12983 0 12887 25 20 5 9 0 158 0 amappl16 192 9489 0 9024 92 60 32 36 0 8 8 amappl15 184 420 0 416 1 0 1 1 0 8 0 amappl14 176 1133 0 1128 1 0 1 1 0 8 0 amappl13 168 882 0 879 1 0 1 1 0 8 0 amappl12 160 1132 0 1127 1 0 1 1 0 8 0 amappl11 152 156 0 141 1 0 1 1 0 8 0 amappl10 144 197 0 192 1 0 1 1 0 8 0 amappl9 136 655 0 652 1 0 1 1 0 8 0 amappl8 128 259 0 236 1 0 1 1 0 8 0 amappl7 120 75 0 68 1 0 1 1 0 8 0 amappl6 112 205 0 196 1 0 1 1 0 8 0 amappl5 104 688 0 672 1 0 1 1 0 8 0 amappl4 96 1609 0 1575 2 1 1 2 0 8 0 amappl3 88 1856 0 1847 1 0 1 1 0 8 0 amappl2 80 18245 0 18182 2 0 2 2 0 8 0 amappl1 72 56863 0 56419 25 15 10 20 0 8 0 amappl 72 6730 0 6692 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 127 0 8 2 0 2 2 0 8 0 uaddrrnd 24 2190 0 2173 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2190 0 2173 1 0 1 1 0 8 0 vmmpekpl 168 20793 0 20768 2 0 2 2 0 8 0 vmmpepl 168 243064 0 241510 132 52 80 81 0 357 10 vmsppl 360 2189 0 2173 2 0 2 2 0 8 0 pdppl 4096 4388 0 4346 7 1 6 6 0 8 0 pvpl 32 654485 0 642450 195 70 125 138 0 265 20 pmappl 224 2189 0 2173 2 1 1 2 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 652 0 15 19 0 19 19 0 8 0