panic: mallocarray: overflow 18446744071562067968 * 8 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *480976 16564 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 evergreen_dma_fence_ring_emit(ffffffff80000000,8) at evergreen_dma_fence_ring_emit wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800000669100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803e5760d0,80085761,ffff800014a02e30,42,fffffd803f7c6960,ffff8000149fc4c8) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361b1e18,80085761,ffff800014a02e30,ffff8000149fc4c8) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000149fc4c8,ffff800014a02f78,ffff800014a02f60) at sys_ioctl+0x638 syscall(ffff800014a03010) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,2e50029d010) at Xsyscall+0x128 end of kernel end trace frame: 0x2e7679a86e0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic mallocarray: overflow 18446744071562067968 * 8 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 evergreen_dma_fence_ring_emit(ffffffff80000000,8) at evergreen_dma_fence_ring_emit wsmux_getmux(7fffffff) at wsmux_getmux+0x71 sys/dev/wscons/wsmux.c:152 wsmux_add_mux(7fffffff,ffff800000669100) at wsmux_add_mux+0x2f sys/dev/wscons/wsmux.c:594 VOP_IOCTL(fffffd803e5760d0,80085761,ffff800014a02e30,42,fffffd803f7c6960,ffff8000149fc4c8) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361b1e18,80085761,ffff800014a02e30,ffff8000149fc4c8) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000149fc4c8,ffff800014a02f78,ffff800014a02f60) at sys_ioctl+0x638 syscall(ffff800014a03010) at syscall+0x541 Xsyscall(6,0,ffffffffffffff86,0,3,2e50029d010) at Xsyscall+0x128 end of kernel end trace frame: 0x2e7679a86e0, count: -10 ddb> show registers rdi 0xffffffff81d46eb7 db_enter+0x17 rsi 0x1959 __ALIGN_SIZE+0x959 rbp 0xffff800014a02a70 rbx 0xffff800014a02b20 rdx 0x195a __ALIGN_SIZE+0x95a rcx 0xffff800002b3d000 rax 0xffff800002b3d000 r8 0xffff800014a02a30 r9 0x1 r10 0xffff800001b3cac0 r11 0xb915ef03d0f895ee r12 0x3000000008 r13 0xffff800014a02a80 r14 0x100 r15 0x1 rip 0xffffffff81d46eb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a02a60 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=480976 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000149fc018,0xffffffff822b8800 process=0xffff8000ffff6010 user=0xffff8000149fe000, vmspace=0xfffffd803f014000 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 16564 71458 97229 0 2 0 syz-executor.0 *16564 480976 97229 0 7 0x4000000 syz-executor.0 37762 429982 0 0 3 0x14200 bored sosplice 97229 438354 38943 0 2 0x482 syz-executor.0 3066 123894 38943 0 2 0x2 syz-executor.1 38943 164083 45415 0 3 0x82 thrsleep syz-fuzzer 38943 125536 45415 0 2 0x4000482 syz-fuzzer 38943 290894 45415 0 3 0x4000082 thrsleep syz-fuzzer 38943 295722 45415 0 3 0x4000082 kqread syz-fuzzer 38943 249339 45415 0 3 0x4000082 thrsleep syz-fuzzer 38943 341369 45415 0 3 0x4000082 thrsleep syz-fuzzer 38943 294521 45415 0 3 0x4000082 thrsleep syz-fuzzer 45415 119089 84337 0 3 0x10008a pause ksh 84337 519194 53227 0 3 0x92 select sshd 10667 337938 1 0 3 0x100083 ttyin getty 53227 183810 1 0 3 0x80 select sshd 83955 47950 69389 73 3 0x100090 kqread syslogd 69389 406392 1 0 3 0x100082 netio syslogd 62439 276211 1 77 3 0x100090 poll dhclient 42762 428683 1 0 3 0x80 poll dhclient 4671 190620 0 0 2 0x14200 zerothread 36597 264702 0 0 3 0x14200 aiodoned aiodoned 92889 345455 0 0 3 0x14200 syncer update 27062 211529 0 0 3 0x14200 cleaner cleaner 96565 54260 0 0 3 0x14200 reaper reaper 67852 357083 0 0 3 0x14200 pgdaemon pagedaemon 94054 456706 0 0 3 0x14200 bored crynlk 80218 508827 0 0 3 0x14200 bored crypto 19242 523314 0 0 3 0x40014200 acpi0 acpi0 48740 445735 0 0 3 0x14200 bored softnet 89995 274418 0 0 3 0x14200 bored systqmp 81925 285388 0 0 3 0x14200 bored systq 89452 170672 0 0 3 0x40014200 bored softclock 62266 446908 0 0 3 0x40014200 idle0 21179 68988 0 0 3 0x14200 bored smr 1 204832 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9445 6320K 6335K 78643K 10602 0 0 pcb 23 9K 10K 78643K 124 0 0 rtable 100 3K 3K 78643K 194 0 0 ifaddr 36 10K 10K 78643K 49 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 23 0 0 iov 0 0K 24K 78643K 20 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1198 75K 75K 78643K 1499 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 4 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 14 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 5 13K 21K 78643K 329 0 0 proc 41 30K 46K 78643K 261 0 0 subproc 64 65538K 67586K 78643K 68 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 8 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 54 238K 238K 78643K 54 0 0 exec 0 0K 1K 78643K 171 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 71 20K 21K 78643K 1544 0 0 UVM aobj 6 2K 2K 78643K 8 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 14 0 0 NDP 5 0K 0K 78643K 12 0 0 temp 83 2345K 2410K 78643K 3568 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 80 0 73 1 0 1 1 0 8 0 plimitpl 152 18 0 11 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 26 0 22 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 3 0 3 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 186 0 0 12 0 12 12 0 8 0 art_table 32 187 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 6 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2243 0 836 46 0 46 46 0 8 0 ffsino 240 2243 0 836 84 0 84 84 0 8 0 nchpl 144 2894 0 1271 61 0 61 61 0 8 0 uvmvnodes 72 2305 0 0 42 0 42 42 0 8 0 vnodes 200 2305 0 0 122 0 122 122 0 8 0 namei 1024 6866 0 6865 2 1 1 1 0 8 0 scsiplug 64 1 0 1 1 0 1 1 0 8 1 scxspl 192 7126 0 7126 7 6 1 6 0 8 1 sigapl 432 499 0 486 2 0 2 2 0 8 0 futexpl 56 2923 0 2923 1 0 1 1 0 8 1 knotepl 112 51 0 32 1 0 1 1 0 8 0 kqueuepl 104 8 0 6 1 0 1 1 0 8 0 pipepl 112 194 0 175 2 1 1 1 0 8 0 fdescpl 424 500 0 486 2 0 2 2 0 8 0 filepl 120 2055 0 1960 5 1 4 4 0 8 1 lockfpl 104 435 0 434 2 1 1 1 0 8 0 lockfspl 32 171 0 170 2 1 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 200 0 193 1 0 1 1 0 8 0 zombiepl 144 486 0 486 2 1 1 1 0 8 1 processpl 840 515 0 486 4 0 4 4 0 8 0 procpl 600 973 0 937 4 0 4 4 0 8 0 sosppl 128 4 0 4 2 2 0 1 0 8 0 sockpl 384 173 0 156 4 1 3 3 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 2 2 0 1 0 8 0 mcl9k 9216 4 0 4 2 1 1 1 0 8 1 mcl8k 8192 2 0 2 1 0 1 1 0 8 1 mcl4k 4096 26 0 26 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 46022 0 45992 11 6 5 9 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 76256 0 76188 9 3 6 7 0 8 0 bufpl 256 6133 0 1670 280 0 280 280 0 8 0 anonpl 16 47003 0 38573 38 3 35 35 0 62 0 amapchunkpl 152 1995 0 1915 5 1 4 5 0 158 0 amappl16 192 1662 0 1216 23 0 23 23 0 8 0 amappl15 184 48 0 44 1 0 1 1 0 8 0 amappl14 176 182 0 179 2 1 1 1 0 8 0 amappl13 168 26 0 23 1 0 1 1 0 8 0 amappl12 160 175 0 171 1 0 1 1 0 8 0 amappl11 152 15 0 4 1 0 1 1 0 8 0 amappl10 144 209 0 205 2 1 1 1 0 8 0 amappl9 136 509 0 506 1 0 1 1 0 8 0 amappl8 128 114 0 100 1 0 1 1 0 8 0 amappl7 120 179 0 176 1 0 1 1 0 8 0 amappl6 112 52 0 45 1 0 1 1 0 8 0 amappl5 104 172 0 163 1 0 1 1 0 8 0 amappl4 96 509 0 487 2 1 1 2 0 8 0 amappl3 88 453 0 442 1 0 1 1 0 8 0 amappl2 80 3444 0 3393 2 0 2 2 0 8 0 amappl1 72 17361 0 16951 26 17 9 19 0 8 0 amappl 72 1179 0 1147 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 7 0 2 1 0 1 1 0 8 0 uaddrrnd 24 500 0 486 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 500 0 486 1 0 1 1 0 8 0 vmmpekpl 168 7028 0 7010 1 0 1 1 0 8 0 vmmpepl 168 57432 0 56065 88 23 65 72 0 357 5 vmsppl 264 499 0 486 2 1 1 2 0 8 0 pdppl 4096 1006 0 972 5 0 5 5 0 8 0 pvpl 32 172896 0 161431 110 14 96 101 0 265 2 pmappl 192 499 0 486 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 414 0 14 12 0 12 12 0 8 0