Handle OOM gracefully

Most operations that require allocation can return to userspace with ENOMEM instead of panicking.