syzbot

 sign-in | mailing list | source | docs
🐞 Open [117]
🐞 Fixed [290]
🐞 Invalid [887]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (5)

Status: upstream: reported on 2025/05/20 01:41
Reported-by: syzbot+bcdac25d28da916ff365@syzkaller.appspotmail.com
First crash: 84d, last: 10d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (4) -1 C 9 1226d 1240d 3/3 fixed on 2022/04/05 02:42
openbsd assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c -1 C 2 2420d 2420d 3/3 fixed on 2019/01/11 00:09
openbsd assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (2) -1 syz 2 1337d 1337d 0/3 closed as invalid on 2022/02/22 18:45
openbsd assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (3) -1 syz 11 1249d 1265d 3/3 fixed on 2022/03/12 12:41

Sample crash report:
panic: kernel diagnostic assertion "next != NULL && next->start <= entry->end" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c", line 1806
Starting stack trace...
panic(ffffffff83371aaf) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833aba2c,ffffffff833081e6,70e,ffffffff83388de6) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_fault_unwire_locked(fffffd8065d5f218,200000000000,200000002000) at uvm_fault_unwire_locked+0x444 sys/uvm/uvm_fault.c:1803
uvm_fault_wire(fffffd8065d5f218,200000000000,200000010000,3) at uvm_fault_wire+0x12d uvm_fault_unwire sys/uvm/uvm_fault.c:1766 [inline]
uvm_fault_wire(fffffd8065d5f218,200000000000,200000010000,3) at uvm_fault_wire+0x12d sys/uvm/uvm_fault.c:1748
uvm_vslock_device(ffff80002a38fa40,200000000000,10000,3,ffff80003c459048) at uvm_vslock_device+0x112 sys/uvm/uvm_glue.c:169
physio(ffffffff82822000,d02,8000,ffffffff82822850,ffff80003c459328) at physio+0x257 sys/kern/kern_physio.c:139
spec_read(ffff80003c459180) at spec_read+0x14b sys/kern/spec_vnops.c:215
VOP_READ(fffffd8078b32648,ffff80003c459328,0,fffffd80097fb478) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806b8145e0,ffff80003c459328,1) at vn_read+0x17b sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a38fa40,3,ffff80003c459328,1,ffff80003c4593e0) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_pread(ffff80002a38fa40,ffff80003c459490,ffff80003c4593e0) at sys_pread+0xae sys/kern/vfs_syscalls.c:3303
syscall(ffff80003c459490) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c459490) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x36e9875f660, count: 244
End of stack trace.

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/02 01:14 openbsd 8693ef6a6ffe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c
2025/05/21 08:18 openbsd 1363fb036962 b47f9e02 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c
2025/05/20 01:40 openbsd 03d4002980cf b84f0537 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c
* Struck through repros no longer work on HEAD.