panic: malloc: out of space in kmem_map Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *321947 97364 0 0x2 0 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 malloc(9068d9e82a3012f8,ffff800001947880,200000) at malloc+0xa86 sys/kern/kern_malloc.c:242 kcovioctl(1364c7a7e3998cdc,80084b01,fffffd8074b888f0,fffffd807f7c7b40,ffffffff81776346) at kcovioctl+0xd6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1364c7a7e3998cdc,80084b01,fffffd8074b888f0,fffffd807f7c7b40,ffffffff81776346) at kcovioctl+0xd6 sys/dev/kcov.c:298 VOP_IOCTL(6b37ea6b20126870,80084b01,fffffd806714f0b8,ffff800020b92270,fffffd8074b888f0,ffff800020b92270) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(c5cf8ffeacc6cdf0,fffffd806714f0b8,ffff800020b92270,8) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(7c9075d1435a4d5e,2,ffff800020b92270) at sys_ioctl+0x652 syscall(1364c7a7e3e35d68) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1364c7a7e3e35d68) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,36,7f7ffffd8d10,36,3,94dbea36890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd8cb0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic malloc: out of space in kmem_map ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 malloc(9068d9e82a3012f8,ffff800001947880,200000) at malloc+0xa86 sys/kern/kern_malloc.c:242 kcovioctl(1364c7a7e3998cdc,80084b01,fffffd8074b888f0,fffffd807f7c7b40,ffffffff81776346) at kcovioctl+0xd6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1364c7a7e3998cdc,80084b01,fffffd8074b888f0,fffffd807f7c7b40,ffffffff81776346) at kcovioctl+0xd6 sys/dev/kcov.c:298 VOP_IOCTL(6b37ea6b20126870,80084b01,fffffd806714f0b8,ffff800020b92270,fffffd8074b888f0,ffff800020b92270) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(c5cf8ffeacc6cdf0,fffffd806714f0b8,ffff800020b92270,8) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512sys_ioctl(7c9075d1435a4d5e,2,ffff800020b92270) at sys_ioctl+0x652 syscall(1364c7a7e3e35d68) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1364c7a7e3e35d68) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,36,7f7ffffd8d10,36,3,94dbea36890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd8cb0, count: -9 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c67060 rbx 0xffff800020c67100 rdx 0xffffffff81f35469 cy_pio_rec+0x2087 rcx 0 rax 0 r8 0xffffffff81d85b34 kprintf+0x174 r9 0x1 r10 0x972a7a33208f36b2 r11 0x29343af3981c622a r12 0x3000000008 r13 0xffff800020c67070 r14 0x100 r15 0x1 rip 0xffffffff81bb44e8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c67050 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=321947 stat=onproc flags process=2 proc=0 pri=57, usrpri=57, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92018,0xffffffff822f3540 process=0xffff800020b946a0 user=0xffff800020c62000, vmspace=0xfffffd807f00d168 estcpu=7, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *97364 321947 42954 0 7 0x2 syz-executor1 23202 441663 1 0 3 0x100083 ttyin getty 10366 63250 42954 0 3 0x82 piperd syz-executor0 83283 342644 0 0 3 0x14200 bored sosplice 42954 353744 57771 0 3 0x82 thrsleep syz-fuzzer 42954 97050 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 170559 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 413589 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 114329 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 57483 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 80640 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 99653 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 264640 57771 0 3 0x4000082 thrsleep syz-fuzzer 42954 455062 57771 0 3 0x4000082 kqread syz-fuzzer 57771 226982 20975 0 3 0x10008a pause ksh 20975 443308 5387 0 3 0x92 select sshd 5387 401088 1 0 3 0x80 select sshd 35826 79209 14177 73 3 0x100090 kqread syslogd 14177 188486 1 0 3 0x100082 netio syslogd 7048 233926 1 77 3 0x100090 poll dhclient 8285 232574 1 0 3 0x80 poll dhclient 96704 412584 0 0 3 0x14200 pgzero zerothread 57466 191377 0 0 3 0x14200 aiodoned aiodoned 21443 82608 0 0 3 0x14200 syncer update 91819 311291 0 0 3 0x14200 cleaner cleaner 60929 507556 0 0 3 0x14200 reaper reaper 12033 49419 0 0 3 0x14200 pgdaemon pagedaemon 17478 402169 0 0 3 0x14200 bored crynlk 28498 27771 0 0 3 0x14200 bored crypto 46431 426969 0 0 3 0x40014200 acpi0 acpi0 18023 213315 0 0 3 0x40014200 idle1 37609 49512 0 0 3 0x14200 bored softnet 59465 477278 0 0 3 0x14200 bored systqmp 45785 161452 0 0 3 0x14200 bored systq 98645 407201 0 0 3 0x40014200 bored softclock 9540 85747 0 0 7 0x40014200 idle0 1 131422 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 97364 (syz-executor1) thread 0xffff800020b92270 (321947) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff822d6828) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9500 71876K 71908K 78643K 11041 0 0 pcb 23 9K 10K 78643K 577 0 0 rtable 82 3K 4K 78643K 436 0 0 ifaddr 43 11K 13K 78643K 166 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 19 0 0 iov 0 0K 32K 78643K 147 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1211 76K 76K 78643K 2295 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 24 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 101 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 4 9K 25K 78643K 1469 0 0 sigio 0 0K 0K 78643K 14 0 0 proc 42 38K 70K 78643K 472 0 0 subproc 53 55297K 67586K 78643K 205 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 112 0 0 in_multi 22 1K 2K 78643K 92 0 0 ether_multi 1 0K 0K 78643K 2 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 108 477K 477K 78643K 108 0 0 exec 0 0K 1K 78643K 262 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 81 12K 30K 78643K 5233 0 0 UVM aobj 64 3K 3K 78643K 73 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 38 0 0 NDP 8 0K 0K 78643K 48 0 0 temp 134 2362K 2433K 78643K 6661 0 0 kqueue 0 0K 0K 78643K 10 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 4 1 0 1 1 0 8 0 inpcbpl 280 515 0 508 1 0 1 1 0 8 0 plimitpl 152 38 0 31 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 68 0 37 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 7 0 7 1 1 0 1 0 8 0 tcpcb 544 214 0 210 1 0 1 1 0 8 0 nd6 48 10 0 8 1 0 1 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1128 23 0 23 10 10 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 307 0 164 12 0 12 12 0 8 0 art_table 32 308 0 164 2 0 2 2 0 8 0 art_node 16 67 0 39 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 97 0 87 1 0 1 1 0 8 0 shmpl 112 71 0 9 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4544 0 3163 45 0 45 45 0 8 0 ffsino 272 4544 0 3163 93 0 93 93 0 8 0 nchpl 144 6698 0 5127 59 0 59 59 0 8 0 uvmvnodes 72 4786 0 0 88 0 88 88 0 8 0 vnodes 200 4786 0 0 252 0 252 252 0 8 0 namei 1024 18837 0 18837 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 3 0 3 2 2 0 1 0 8 0 scxspl 192 18138 0 18138 14 13 1 6 0 8 1 sigapl 432 1627 0 1615 2 0 2 2 0 8 0 futexpl 56 17545 0 17545 2 1 1 1 0 8 1 knotepl 112 374 0 345 3 2 1 2 0 8 0 kqueuepl 104 343 0 341 1 0 1 1 0 8 0 pipepl 112 906 0 887 3 1 2 2 0 8 1 fdescpl 488 1628 0 1615 3 1 2 3 0 8 0 filepl 152 8968 0 8880 15 10 5 5 0 8 1 lockfpl 104 538 0 538 8 7 1 1 0 8 1 lockfspl 32 795 0 795 9 8 1 1 0 8 1 sessionpl 112 23 0 14 1 0 1 1 0 8 0 pgrppl 48 39 0 30 1 0 1 1 0 8 0 ucredpl 96 2136 0 2129 1 0 1 1 0 8 0 zombiepl 144 1615 0 1615 2 1 1 1 0 8 1 processpl 840 1643 0 1615 4 0 4 4 0 8 0 procpl 600 4504 0 4467 4 0 4 4 0 8 0 srpgc 64 24 0 24 2 1 1 1 0 8 1 sosppl 128 28 0 28 8 8 0 1 0 8 0 sockpl 384 1051 0 1034 13 10 3 3 0 8 1 mcl64k 65536 369 0 0 47 31 16 47 0 8 1 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 7 0 0 1 0 1 1 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 13 0 0 2 0 2 2 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 111 0 0 12 0 12 12 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 523 0 0 29 0 29 29 0 8 0 bufpl 256 7436 0 973 404 0 404 404 0 8 0 anonpl 16 176413 0 170364 124 76 48 48 0 125 16 amapchunkpl 152 9158 0 9067 31 22 9 9 0 158 4 amappl16 192 9031 0 8646 94 66 28 32 0 8 8 amappl15 184 4 0 3 1 0 1 1 0 8 0 amappl14 176 595 0 592 2 1 1 1 0 8 0 amappl13 168 28 0 24 1 0 1 1 0 8 0 amappl12 160 181 0 179 1 0 1 1 0 8 0 amappl11 152 876 0 867 1 0 1 1 0 8 0 amappl10 144 64 0 62 2 1 1 1 0 8 0 amappl9 136 1015 0 1014 1 0 1 1 0 8 0 amappl8 128 338 0 312 1 0 1 1 0 8 0 amappl7 120 43 0 37 1 0 1 1 0 8 0 amappl6 112 641 0 632 1 0 1 1 0 8 0 amappl5 104 140 0 128 1 0 1 1 0 8 0 amappl4 96 310 0 284 2 1 1 2 0 8 0 amappl3 88 175 0 169 1 0 1 1 0 8 0 amappl2 80 14426 0 14384 2 0 2 2 0 8 0 amappl1 72 42400 0 42005 23 13 10 18 0 8 0 amappl 72 4776 0 4744 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 72 0 9 2 0 2 2 0 8 0 uaddrrnd 24 1628 0 1615 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1628 0 1615 1 0 1 1 0 8 0 vmmpekpl 168 15704 0 15681 2 0 2 2 0 8 0 vmmpepl 168 177642 0 176417 129 56 73 75 0 357 8 vmsppl 360 1627 0 1615 2 0 2 2 0 8 0 pdppl 4096 3263 0 3230 6 1 5 6 0 8 0 pvpl 32 483163 0 474211 274 149 125 126 0 265 37 pmappl 224 1627 0 1615 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 617 0 36 17 0 17 17 0 8 0