panic: malloc: out of space in kmem_map Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *111958 35168 0 0x2 0 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(200000,2a,9) at malloc+0xa79 sys/kern/kern_malloc.c:242 kcovioctl(1b1300,80084b01,ffff8000149d8150,3,ffff8000149e1788) at kcovioctl+0xe6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1b1300,80084b01,ffff8000149d8150,3,ffff8000149e1788) at kcovioctl+0xe6 sys/dev/kcov.c:298 VOP_IOCTL(fffffd80265066b8,80084b01,ffff8000149d8150,3,fffffd803f7c6ae0,ffff8000149e1788) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802e9f34c0,80084b01,ffff8000149d8150,ffff8000149e1788) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000149e1788,ffff8000149d8290,ffff8000149d8280) at sys_ioctl+0x638 syscall(ffff8000149d8330) at syscall+0x541 Xsyscall(6,36,7f7ffffda298,36,3,e92a7e4e890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd9db0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic malloc: out of space in kmem_map ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(200000,2a,9) at malloc+0xa79 sys/kern/kern_malloc.c:242 kcovioctl(1b1300,80084b01,ffff8000149d8150,3,ffff8000149e1788) at kcovioctl+0xe6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1b1300,80084b01,ffff8000149d8150,3,ffff8000149e1788) at kcovioctl+0xe6 sys/dev/kcov.c:298 VOP_IOCTL(fffffd80265066b8,80084b01,ffff8000149d8150,3,fffffd803f7c6ae0,ffff8000149e1788) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802e9f34c0,80084b01,ffff8000149d8150,ffff8000149e1788) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000149e1788,ffff8000149d8290,ffff8000149d8280) at sys_ioctl+0x638 syscall(ffff8000149d8330) at syscall+0x541 Xsyscall(6,36,7f7ffffda298,36,3,e92a7e4e890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd9db0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000149d7d80 rbx 0xffff8000149d7e30 rdx 0x2 rcx 0 rax 0 r8 0xffff8000149d7d40 r9 0x1 r10 0 r11 0xc28721205903dddb r12 0x3000000008 r13 0xffff8000149d7d90 r14 0x100 r15 0x1 rip 0xffffffff8138c548 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149d7d70 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=111958 stat=onproc flags process=2 proc=0 pri=57, usrpri=57, nice=20 forw=0xffffffffffffffff, list=0xffff8000149e19e0,0xffffffff82260db8 process=0xffff8000ffff7a50 user=0xffff8000149d3000, vmspace=0xfffffd803f014d68 estcpu=7, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *35168 111958 38200 0 7 0x2 syz-executor.0 78262 233997 38200 0 3 0x82 piperd syz-executor.1 39901 28891 1 0 3 0x100083 ttyin getty 38643 96594 0 0 3 0x14200 bored sosplice 38200 470726 99296 0 3 0x82 thrsleep syz-fuzzer 38200 478863 99296 0 3 0x4000082 thrsleep syz-fuzzer 38200 273760 99296 0 3 0x4000082 thrsleep syz-fuzzer 38200 184878 99296 0 3 0x4000082 thrsleep syz-fuzzer 38200 455727 99296 0 3 0x4000082 thrsleep syz-fuzzer 38200 240541 99296 0 3 0x4000082 kqread syz-fuzzer 38200 375841 99296 0 3 0x4000082 thrsleep syz-fuzzer 38200 267841 99296 0 3 0x4000082 thrsleep syz-fuzzer 99296 423872 26139 0 3 0x10008a pause ksh 26139 124938 71624 0 3 0x92 select sshd 71624 28238 1 0 3 0x80 select sshd 47800 144008 32019 73 3 0x100090 kqread syslogd 32019 10816 1 0 3 0x100082 netio syslogd 76635 310401 1 77 3 0x100090 poll dhclient 79416 224836 1 0 3 0x80 poll dhclient 46165 219699 0 0 3 0x14200 pgzero zerothread 67690 253148 0 0 3 0x14200 aiodoned aiodoned 35857 118291 0 0 3 0x14200 syncer update 50897 270723 0 0 3 0x14200 cleaner cleaner 62986 339162 0 0 3 0x14200 reaper reaper 4639 350848 0 0 3 0x14200 pgdaemon pagedaemon 13869 196501 0 0 3 0x14200 bored crynlk 27624 440866 0 0 3 0x14200 bored crypto 44415 190090 0 0 3 0x40014200 acpi0 acpi0 18452 181393 0 0 3 0x14200 bored softnet 71484 348592 0 0 3 0x14200 bored systqmp 63521 489407 0 0 3 0x14200 bored systq 90365 55075 0 0 3 0x40014200 bored softclock 71400 111685 0 0 3 0x40014200 idle0 34406 208838 0 0 3 0x14200 bored smr 1 305370 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9529 71896K 72923K 78643K 11335 0 0 pcb 23 9K 10K 78643K 1094 0 0 rtable 82 3K 4K 78643K 1110 0 0 ifaddr 61 14K 16K 78643K 371 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 62 0 0 iov 0 0K 24K 78643K 335 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1205 75K 76K 78643K 2267 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 28 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 281 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 4 9K 21K 78643K 2023 0 0 sigio 0 0K 0K 78643K 24 0 0 proc 42 30K 46K 78643K 802 0 0 subproc 53 55297K 67586K 78643K 695 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 246 0 0 in_multi 22 1K 2K 78643K 305 0 0 ether_multi 1 0K 0K 78643K 17 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 447 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 74 12K 22K 78643K 5633 0 0 UVM aobj 114 3K 3K 78643K 137 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 117 0 0 NDP 14 0K 0K 78643K 123 0 0 temp 177 2359K 2428K 78643K 9504 0 0 kqueue 0 0K 0K 78643K 25 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 21 0 18 1 0 1 1 0 8 0 inpcbpl 280 1040 0 1033 2 1 1 2 0 8 0 plimitpl 152 106 0 99 1 0 1 1 0 8 0 rtentry 112 196 0 165 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 35 0 35 1 1 0 1 0 8 0 tcpcb 544 386 0 382 1 0 1 1 0 8 0 nd6 48 38 0 36 1 0 1 1 0 8 0 ppxss 1128 44 0 44 10 9 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 902 0 756 12 0 12 12 0 8 0 art_table 32 903 0 756 2 0 2 2 0 8 0 art_node 16 193 0 165 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 11 1 0 1 1 0 8 0 semapl 112 279 0 269 1 0 1 1 0 8 0 shmpl 112 135 0 23 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4758 0 3258 49 0 49 49 0 8 0 ffsino 240 4758 0 3258 89 0 89 89 0 8 0 nchpl 144 7847 0 6157 63 0 63 63 0 8 0 uvmvnodes 72 5307 0 0 97 0 97 97 0 8 0 vnodes 200 5307 0 0 280 0 280 280 0 8 0 namei 1024 25261 0 25261 2 1 1 1 0 8 1 scsiplug 64 9 0 9 6 5 1 1 0 8 1 scxspl 192 28321 0 28321 14 13 1 6 0 8 1 sigapl 432 2140 0 2128 2 0 2 2 0 8 0 futexpl 56 33619 0 33619 1 0 1 1 0 8 1 knotepl 112 867 0 846 1 0 1 1 0 8 0 kqueuepl 104 644 0 642 1 0 1 1 0 8 0 pipepl 112 1408 0 1389 4 2 2 2 0 8 1 fdescpl 424 2141 0 2128 2 0 2 2 0 8 0 filepl 120 14565 0 14477 4 0 4 4 0 8 0 lockfpl 104 583 0 583 4 3 1 1 0 8 1 lockfspl 32 309 0 309 4 3 1 1 0 8 1 sessionpl 112 35 0 26 1 0 1 1 0 8 0 pgrppl 48 67 0 58 1 0 1 1 0 8 0 ucredpl 96 2885 0 2878 1 0 1 1 0 8 0 zombiepl 144 2128 0 2128 2 1 1 1 0 8 1 processpl 840 2156 0 2128 4 0 4 4 0 8 0 procpl 600 4619 0 4584 4 0 4 4 0 8 0 sosppl 128 19 0 19 6 5 1 1 0 8 1 sockpl 384 2008 0 1991 4 1 3 3 0 8 1 mcl64k 65536 1825 0 1825 143 142 1 64 0 8 1 mcl16k 16384 8 0 8 7 6 1 1 0 8 1 mcl12k 12288 38 0 38 13 12 1 1 0 8 1 mcl9k 9216 46 0 46 11 10 1 1 0 8 1 mcl8k 8192 38 0 38 11 10 1 1 0 8 1 mcl4k 4096 128 0 128 4 3 1 1 0 8 1 mcl2k2 2112 21 0 21 11 10 1 1 0 8 1 mcl2k 2048 50274 0 50231 17 11 6 13 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 95616 0 95537 86 77 9 38 0 8 0 bufpl 256 13054 0 6226 427 0 427 427 0 8 0 anonpl 16 286441 0 279270 94 48 46 53 0 62 7 amapchunkpl 152 9866 0 9789 32 28 4 14 0 158 0 amappl16 192 14925 0 14450 123 88 35 38 0 8 8 amappl15 184 364 0 358 1 0 1 1 0 8 0 amappl14 176 866 0 864 2 1 1 1 0 8 0 amappl13 168 43 0 40 1 0 1 1 0 8 0 amappl12 160 267 0 264 1 0 1 1 0 8 0 amappl11 152 259 0 246 1 0 1 1 0 8 0 amappl10 144 216 0 216 5 4 1 1 0 8 1 amappl9 136 785 0 782 1 0 1 1 0 8 0 amappl8 128 367 0 347 1 0 1 1 0 8 0 amappl7 120 216 0 210 1 0 1 1 0 8 0 amappl6 112 124 0 115 1 0 1 1 0 8 0 amappl5 104 437 0 427 1 0 1 1 0 8 0 amappl4 96 2073 0 2046 2 1 1 2 0 8 0 amappl3 88 1014 0 1008 1 0 1 1 0 8 0 amappl2 80 17819 0 17777 2 0 2 2 0 8 0 amappl1 72 47873 0 47484 26 17 9 19 0 8 0 amappl 72 4971 0 4942 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 136 0 23 2 0 2 2 0 8 0 uaddrrnd 24 2141 0 2128 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2141 0 2128 1 0 1 1 0 8 0 vmmpekpl 168 17685 0 17664 2 0 2 2 0 8 0 vmmpepl 168 236605 0 235311 165 72 93 94 0 357 24 vmsppl 264 2140 0 2128 3 2 1 2 0 8 0 pdppl 4096 4288 0 4256 5 0 5 5 0 8 0 pvpl 32 802908 0 792720 253 125 128 206 0 265 23 pmappl 192 2140 0 2128 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 810 0 252 20 1 19 19 0 8 1