syzbot

 sign-in | mailing list | source | docs
🐞 Open [170]
🐞 Fixed [301]
🐞 Invalid [1034]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel:

Status: upstream: reported on 2026/04/30 02:10
Reported-by: syzbot+3373216e81ad55e497a5@syzkaller.appspotmail.com
First crash: 1d17h, last: 1d17h

Sample crash report:
EXIkernel:
 Stopped at      savectx+0xae:   movl    $0,%gs:0x688
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 349972  33723      0           0  0x4000000    0K syz-executor
*267002   3070      0         0x2          0    1  syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x701b13dbf560, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: uvm_fault(0xfffffd806c5b35d8, 0x98, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x701b13dbf560, count: -1
ddb{1}> show registers
rdi                                0
rsi                                0
rbp               0xffff80002a2a41e0
rbx                                0
rdx                                0
rcx               0xffff80002a232010
rax                             0x34
r8                0xffff80002a2a4110
r9                0xffff80002a2a3f7c
r10               0xa5c05b3c90aa857f
r11               0x288c7b22379a4e25
r12                                0
r13                                0
r14               0xffff80002a232010
r15                                0
rip               0xffffffff81d973ee    savectx+0xae
cs                               0x8
rflags                          0x46
rsp               0xffff80002a2a4160
ss                              0x10
savectx+0xae:   movl    $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=267002 pid=3070 tcnt=1 stat=onproc
    flags process=2<EXEC> proc=0
    runpri=16, usrpri=59, slppri=16, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff80002a233a00,0xffff8000ffffc7e0
    process=0xffff8000ffff1820 user=0xffff80002a29f000, vmspace=0xfffffd806e830b80
    estcpu=9, cpticks=60, pctcpu=0.40, user=1, sys=57, intr=2
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 33723  391237  15051      0  2           0                syz-executor
 33723  349972  15051      0  7   0x4000000                syz-executor
 95042  234563  94944      0  2           0                syz-executor
 95042  220997  94944      0  3   0x4000080  fsleep        syz-executor
 95042  211491  94944      0  3   0x4000080  kqread        syz-executor
 80823  137456  50142      0  3        0x80  nanoslp       syz-executor
 80823  513284  50142      0  3   0x4000080  ttyin         syz-executor
 80823  365922  50142      0  3   0x4000080  fsleep        syz-executor
 12456  142861  51050  60929  3        0x90  nanoslp       syz-executor
 12456  277033  51050  60929  3   0x4000090  lockf         syz-executor
 12456  229305  51050  60929  3   0x4000090  lockf         syz-executor
 12456  460703  51050  60929  3   0x4000090  fsleep        syz-executor
 92668  406096  72295      0  3        0x80  nanoslp       syz-executor
 92668  123114  72295      0  3   0x4000080  kqsel         syz-executor
 92668  502602  72295      0  3   0x4000080  fsleep        syz-executor
 58910   62083  93887      0  3        0x80  nanoslp       syz-executor
 58910  335303  93887      0  3   0x4000080  bell          syz-executor
 58910   54148  93887      0  3   0x4000080  fsleep        syz-executor
 58910  489727  93887      0  3   0x4000080  fsleep        syz-executor
 71343  421437  58880      0  2           0                syz-executor
 71343   74332  58880      0  3   0x4000080  pipewr        syz-executor
 71343   18923  58880      0  3   0x4000080  fsleep        syz-executor
 71343  301469  58880      0  3   0x4000080  fsleep        syz-executor
 65808  360408      1      0  3        0x82  nanoslp       getty
 66263  147875  69831      0  3    0x100082  sbwait        arp
 69831  314198  43059      0  3    0x10008a  sigsusp       sh
 50142  181945   3070      0  3        0x82  nanoslp       syz-executor
 15051   83015   3070      0  3        0x82  nanoslp       syz-executor
 43059  253419   3070      0  3        0x82  wait          syz-executor
 72295  345959   3070      0  3        0x82  nanoslp       syz-executor
 93887  184784   3070      0  3        0x82  nanoslp       syz-executor
 94944  431640   3070      0  3        0x82  nanoslp       syz-executor
 51050  422409   3070      0  3        0x82  nanoslp       syz-executor
 58880  443041   3070      0  3        0x82  nanoslp       syz-executor
* 3070  267002      1      0  7         0x2                syz-executor
  6778  125315      1      0  3  0x1000008a  kqread        sshd
  2085  495265  67116     74  3   0x1100092  bpf           pflogd
 67116  186629      1      0  3        0x80  sbwait        pflogd
 15968  236959   8025     73  3   0x1100090  kqread        syslogd
  8025  138837      1      0  3    0x100082  sbwait        syslogd
 90498  428246      1      0  3    0x100080  kqread        resolvd
 66617  168565  26619     77  3    0x100092  kqread        dhcpleased
 11379  324614  26619     77  3    0x100092  kqread        dhcpleased
 26619  417900      1      0  3        0x80  kqread        dhcpleased
 17750  176648      0      0  3     0x14200  bored         smr
 91522  131492      0      0  2     0x14200                zerothread
 95320  346990      0      0  3     0x14200  aiodoned      aiodoned
 34179  337416      0      0  3     0x14200  syncer        update
 29080  252692      0      0  3     0x14200  cleaner       cleaner
 79531    4673      0      0  3     0x14200  reaper        reaper
 78008   76137      0      0  3     0x14200  pgdaemon      pagedaemon
 61455  331517      0      0  3     0x14200  bored         viomb
 93368  379368      0      0  3  0x40014200  acpi0         acpi0
 70342  351364      0      0  3  0x40014200                idle1
 96980  465166      0      0  3     0x14200  bored         softnet1
 92576   81008      0      0  3     0x14200  bored         softnet0
 29673   89051      0      0  3     0x14200  bored         systqmp
 78044  251998      0      0  3     0x14200  bored         systq
 14272  199544      0      0  3     0x14200  tmoslp        softclockmp
 73560  122145      0      0  3  0x40014200  tmoslp        softclock
 19442  388892      0      0  3  0x40014200                idle0
     1  172997      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &kq->kq_lock r = 0 (0xfffffd8078342010)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2  kqueue_register+0x1000 sys/kern/kern_event.c:1545
#3  pselregister+0x135 sys/kern/sys_generic.c:764
#4  dopselect+0x456 sys/kern/sys_generic.c:657
#5  sys_pselect+0x25a sys/kern/sys_generic.c:593
#6  syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6  syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#7  Xsyscall+0x128
Process 33723 (syz-executor) thread 0xffff800035bb2020 (349972)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a6a700)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1  syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2  Xsyscall+0x128
ddb{1}>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/30 02:10 openbsd 04e2410ca848 340bcdf0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore kernel:
* Struck through repros no longer work on HEAD.