diff --git a/sys/kern/subr_intr.c b/sys/kern/subr_intr.c
--- a/sys/kern/subr_intr.c
+++ b/sys/kern/subr_intr.c
@@ -2,6 +2,7 @@
  * Copyright (c) 2015-2016 Svatopluk Kraus
  * Copyright (c) 2015-2016 Michal Meloun
  * All rights reserved.
+ * Copyright © 2022 Elliott Mitchell
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -153,6 +154,7 @@
 size_t sintrcnt;
 size_t sintrnames;
 static u_int intrcnt_index;
+static u_int intrcnt_count;
 
 static struct intr_irqsrc *intr_map_get_isrc(u_int res_id);
 static void intr_map_set_isrc(u_int res_id, struct intr_irqsrc *isrc);
@@ -166,7 +168,6 @@
 static void
 intr_irq_init(void *dummy __unused)
 {
-	u_int intrcnt_count;
 
 	SLIST_INIT(&pic_list);
 	mtx_init(&pic_list_lock, "intr pic list", NULL, MTX_DEF);
@@ -273,6 +274,9 @@
 	 *        interrupt sources !!!
 	 */
 	index = atomic_fetchadd_int(&intrcnt_index, 2);
+	if (index + 2 > intrcnt_count)
+		panic("overflowed interrupt name/counter table (index=%u)",
+		    index);
 	isrc->isrc_index = index;
 	isrc->isrc_count = &intrcnt[index];
 	isrc_update_name(isrc, NULL);
@@ -299,6 +303,9 @@
 	char str[INTRNAME_LEN];
 
 	index = atomic_fetchadd_int(&intrcnt_index, MAXCPU);
+	if (index + MAXCPU > intrcnt_count)
+		panic("overflowed IPI interrupt name/counter table (index=%u)",
+		    index);
 	for (i = 0; i < MAXCPU; i++) {
 		snprintf(str, INTRNAME_LEN, "cpu%d:%s", i, name);
 		intrcnt_setname(str, index + i);