panic: malloc: out of space in kmem_map Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *134514 68205 0 0x2 0 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(200000,2a,9) at malloc+0xa79 sys/kern/kern_malloc.c:242 kcovioctl(1b1300,80084b01,ffff800014a2c8e0,3,ffff8000ffff99d0) at kcovioctl+0xe6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1b1300,80084b01,ffff800014a2c8e0,3,ffff8000ffff99d0) at kcovioctl+0xe6 sys/dev/kcov.c:298 VOP_IOCTL(fffffd802a08fb78,80084b01,ffff800014a2c8e0,3,fffffd803f7c6b40,ffff8000ffff99d0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f77b970,80084b01,ffff800014a2c8e0,ffff8000ffff99d0) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000ffff99d0,ffff800014a2ca20,ffff800014a2ca10) at sys_ioctl+0x638 syscall(ffff800014a2cac0) at syscall+0x541 Xsyscall(6,36,7f7fffff77f8,36,3,41abc2ff890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff7310, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic malloc: out of space in kmem_map ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 malloc(200000,2a,9) at malloc+0xa79 sys/kern/kern_malloc.c:242 kcovioctl(1b1300,80084b01,ffff800014a2c8e0,3,ffff8000ffff99d0) at kcovioctl+0xe6 kd_init sys/dev/kcov.c:405 [inline] kcovioctl(1b1300,80084b01,ffff800014a2c8e0,3,ffff8000ffff99d0) at kcovioctl+0xe6 sys/dev/kcov.c:298 VOP_IOCTL(fffffd802a08fb78,80084b01,ffff800014a2c8e0,3,fffffd803f7c6b40,ffff8000ffff99d0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f77b970,80084b01,ffff800014a2c8e0,ffff8000ffff99d0) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512 sys_ioctl(ffff8000ffff99d0,ffff800014a2ca20,ffff800014a2ca10) at sys_ioctl+0x638 syscall(ffff800014a2cac0) at syscall+0x541 Xsyscall(6,36,7f7fffff77f8,36,3,41abc2ff890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff7310, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014a2c510 rbx 0xffff800014a2c5c0 rdx 0x2 rcx 0 rax 0 r8 0xffff800014a2c4d0 r9 0x1 r10 0 r11 0x72d6143bba2a854c r12 0x3000000008 r13 0xffff800014a2c520 r14 0x100 r15 0x1 rip 0xffffffff810e7008 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a2c500 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=134514 stat=onproc flags process=2 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff9520,0xffffffff82254d50 process=0xffff8000ffff69e8 user=0xffff800014a27000, vmspace=0xfffffd803f013420 estcpu=0, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *68205 134514 71592 0 7 0x2 syz-executor.0 66912 347999 71592 0 2 0x2 syz-executor.1 78640 433742 0 0 3 0x14200 bored sosplice 71592 309524 69149 0 3 0x82 thrsleep syz-fuzzer 71592 470596 69149 0 2 0x4000482 syz-fuzzer 71592 249596 69149 0 3 0x4000082 thrsleep syz-fuzzer 71592 297688 69149 0 3 0x4000082 kqread syz-fuzzer 71592 358051 69149 0 3 0x4000082 thrsleep syz-fuzzer 71592 322159 69149 0 3 0x4000082 thrsleep syz-fuzzer 71592 155611 69149 0 3 0x4000082 thrsleep syz-fuzzer 71592 401340 69149 0 3 0x4000082 thrsleep syz-fuzzer 69149 402980 86603 0 3 0x10008a pause ksh 86603 69441 48462 0 3 0x92 select sshd 12040 397065 1 0 3 0x100083 ttyin getty 48462 147369 1 0 3 0x80 select sshd 94492 514680 5686 73 3 0x100090 kqread syslogd 5686 517606 1 0 3 0x100082 netio syslogd 54568 739 1 77 3 0x100090 poll dhclient 59585 423846 1 0 3 0x80 poll dhclient 66671 312832 0 0 3 0x14200 pgzero zerothread 59441 227489 0 0 3 0x14200 aiodoned aiodoned 36779 218205 0 0 3 0x14200 syncer update 43302 10821 0 0 3 0x14200 cleaner cleaner 22815 206614 0 0 3 0x14200 reaper reaper 89025 354420 0 0 3 0x14200 pgdaemon pagedaemon 33476 483808 0 0 3 0x14200 bored crynlk 86883 164105 0 0 3 0x14200 bored crypto 532 151350 0 0 3 0x40014200 acpi0 acpi0 56431 167464 0 0 3 0x14200 bored softnet 78103 507361 0 0 3 0x14200 bored systqmp 41826 295363 0 0 3 0x14200 bored systq 91765 51486 0 0 3 0x40014200 bored softclock 65498 259045 0 0 3 0x40014200 idle0 66000 156370 0 0 3 0x14200 bored smr 1 199750 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9485 71873K 71881K 78643K 10833 0 0 pcb 23 9K 10K 78643K 349 0 0 rtable 82 3K 3K 78643K 475 0 0 ifaddr 46 11K 13K 78643K 158 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 26 0 0 iov 0 0K 16K 78643K 71 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1199 75K 75K 78643K 1594 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 7 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 66 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 4 9K 25K 78643K 566 0 0 sigio 0 0K 0K 78643K 2 0 0 proc 41 30K 46K 78643K 379 0 0 subproc 53 55297K 67586K 78643K 261 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 70 0 0 in_multi 22 1K 2K 78643K 124 0 0 ether_multi 1 0K 0K 78643K 7 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 236 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 76 12K 20K 78643K 2126 0 0 UVM aobj 25 4K 4K 78643K 26 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 46 0 0 NDP 9 0K 0K 78643K 49 0 0 temp 118 2348K 2415K 78643K 4778 0 0 kqueue 0 0K 0K 78643K 2 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 6 1 0 1 1 0 8 0 inpcbpl 280 318 0 311 1 0 1 1 0 8 0 plimitpl 152 36 0 29 1 0 1 1 0 8 0 rtentry 112 86 0 55 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 14 0 14 1 1 0 1 0 8 0 tcpcb 544 120 0 116 1 0 1 1 0 8 0 nd6 48 14 0 12 1 0 1 1 0 8 0 ppxss 1128 13 0 13 4 3 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 392 0 246 12 0 12 12 0 8 0 art_table 32 393 0 246 2 0 2 2 0 8 0 art_node 16 85 0 57 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 64 0 54 1 0 1 1 0 8 0 shmpl 112 24 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2420 0 989 47 0 47 47 0 8 0 ffsino 240 2420 0 989 85 0 85 85 0 8 0 nchpl 144 3408 0 1765 61 0 61 61 0 8 0 uvmvnodes 72 2606 0 0 48 0 48 48 0 8 0 vnodes 200 2606 0 0 138 0 138 138 0 8 0 namei 1024 9990 0 9989 2 1 1 1 0 8 0 scxspl 192 11153 0 11153 9 8 1 6 0 8 1 sigapl 432 718 0 706 2 0 2 2 0 8 0 futexpl 56 8966 0 8966 1 0 1 1 0 8 1 knotepl 112 318 0 297 1 0 1 1 0 8 0 kqueuepl 104 160 0 158 1 0 1 1 0 8 0 pipepl 112 498 0 479 3 2 1 2 0 8 0 fdescpl 424 719 0 706 2 0 2 2 0 8 0 filepl 120 4598 0 4510 5 1 4 5 0 8 1 lockfpl 104 270 0 270 3 2 1 1 0 8 1 lockfspl 32 460 0 460 3 2 1 1 0 8 1 sessionpl 112 22 0 13 1 0 1 1 0 8 0 pgrppl 48 28 0 19 1 0 1 1 0 8 0 ucredpl 96 1085 0 1078 1 0 1 1 0 8 0 zombiepl 144 706 0 706 2 1 1 1 0 8 1 processpl 840 734 0 706 4 0 4 4 0 8 0 procpl 600 1431 0 1396 4 0 4 4 0 8 1 sosppl 128 6 0 6 3 3 0 1 0 8 0 sockpl 384 612 0 595 3 0 3 3 0 8 1 mcl64k 65536 523 0 523 66 23 43 64 0 8 43 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 14 0 14 4 3 1 1 0 8 1 mcl9k 9216 7 0 7 1 1 0 1 0 8 0 mcl8k 8192 8 0 8 2 2 0 1 0 8 0 mcl4k 4096 35 0 35 4 3 1 1 0 8 1 mcl2k2 2112 4 0 4 2 2 0 1 0 8 0 mcl2k 2048 48083 0 48044 15 9 6 11 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 82500 0 82440 43 36 7 37 0 8 0 bufpl 256 6982 0 2490 281 0 281 281 0 8 0 anonpl 16 91714 0 84718 67 16 51 51 0 62 13 amapchunkpl 152 3100 0 3023 8 4 4 5 0 158 0 amappl16 192 3918 0 3439 61 28 33 37 0 8 8 amappl15 184 178 0 173 1 0 1 1 0 8 0 amappl14 176 243 0 242 2 1 1 1 0 8 0 amappl13 168 81 0 77 1 0 1 1 0 8 0 amappl12 160 260 0 259 1 0 1 1 0 8 0 amappl11 152 214 0 202 1 0 1 1 0 8 0 amappl10 144 76 0 72 1 0 1 1 0 8 0 amappl9 136 561 0 557 1 0 1 1 0 8 0 amappl8 128 142 0 125 1 0 1 1 0 8 0 amappl7 120 38 0 33 1 0 1 1 0 8 0 amappl6 112 110 0 101 1 0 1 1 0 8 0 amappl5 104 300 0 289 1 0 1 1 0 8 0 amappl4 96 737 0 714 2 1 1 2 0 8 0 amappl3 88 458 0 452 1 0 1 1 0 8 0 amappl2 80 5362 0 5321 2 0 2 2 0 8 0 amappl1 72 21951 0 21560 25 16 9 19 0 8 0 amappl 72 1683 0 1654 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 25 0 1 1 0 1 1 0 8 0 uaddrrnd 24 719 0 706 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 719 0 706 1 0 1 1 0 8 0 vmmpekpl 168 8973 0 8950 2 0 2 2 0 8 0 vmmpepl 168 85604 0 84309 115 32 83 83 0 357 19 vmsppl 264 718 0 706 3 2 1 2 0 8 0 pdppl 4096 1444 0 1412 6 1 5 6 0 8 0 pvpl 32 284516 0 274519 160 25 135 137 0 265 36 pmappl 192 718 0 706 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 525 0 79 15 0 15 15 0 8 0