syzbot

 sign-in | mailing list | source | docs
🐞 Open [154]
🐞 Fixed [269]
🐞 Invalid [641]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

Instances [tested repos]:
Name Last active Uptime Corpus Coverage 🛈 Crashes Execs Kernel build syzkaller build Bugs
Commit Config Freshness Status Commit Freshness Status All Only
ci-openbsd-main now 8h04m 4258 40947 2415 broken 2175e0d6ddd5 .config 23h57m failing 46eb10b7 16h38m all only
ci-openbsd-multicore now 7h20m 5379 44829 1793 434132 35c0c3c8be82 .config 14h27m 46eb10b7 16h38m all only
ci-openbsd-setuid now 2h07m 3032 29288 341 474418 a984a0c3bbe9 .config 11h10m 46eb10b7 16h38m all only
upstream (154):
Title Repro Cause bisect Fix bisect Count Last Reported Last activity
panic: trap type NUM, code=NUM, pc=e88b9 1 11h50m 11h49m 11h49m
panic: curcpu->ci_proc_pmap didn't point to previous pmap 1 1d02h 1d02h 1d02h
uvm_fault: savectx (2) 2 1d01h 1d06h 1d06h
panic: vput: ref cnt (2) 1 2d05h 2d05h 2d05h
panic: trap type NUM, code=NUM, pc=e7069 2 3d04h 3d05h 3d05h
SYZFAIL: ShmemBuilder: too large output offset 1 3d07h 3d07h 3d07h
panic: assertwaitok: non-zero mutex count: NUM (2) 2 7h51m 4d21h 4d21h
panic: missing alias (5) 1 4d21h 4d21h 4d21h
assert "kq->kq_nknotes == NUM" failed in kern_event.c 1 4d22h 4d22h 4d22h
SYZFAIL: posix_spawn failed 1 5d00h 5d00h 5d00h
panic: pmap_unwire: wiring for pmap ADDR va ADDR didn't change! 1 6d17h 6d17h 6d17h
panic: uvm_faulWtARN_IuNGn:w irSeP_Ll oNckOT ed:L OaWdEREdreD OsNs SnYoSCt AiLnL map7 1 7d00h 7d00h 7d00h
panic: pool_do_get: rtentry: page empty 1 11d 11d 11d
SYZFAIL: failed to mkdtemp 172 2d04h 12d 12d
SYZFAIL: failed to mkdir 17 4d18h 12d 12d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3edff 1 12d 12d 12d
SYZFAIL: pipe failed 2 12d 12d 12d
assert "kn->kn_kq == kq" failed in kern_event.c 1 13d 13d 13d
uvm_fault: vm_terminate 3 10d 13d 13d
SYZFAIL: repeatedly failed to execute the program 1 14d 14d 14d
panic: vput: null vp 1 14d 14d 14d
assert "map->limit == rtmap_limit" failed in rtable.c 1 14d 14d 14d
assert "vp->v_usecount == NUM" failed in vfs_subr.c 23 13d 14d 14d
panic: vclean: deadlock 324 13d 14d 14d
SYZFAIL: coverage filter is full 158349 now 15d 14d
witness: denied attempt to set clock forward to ADDR 1 15d 15d 15d
SYZFAIL: SIGSEGV 4 1d07h 16d 16d
panic: trap type NUM, code=NUM, pc=e6d89 1 16d 16d 16d
SYZFAIL: tun: can't open device (4) 1 16d 16d 16d
witness: reversal: lock order data missing (4) 2969 4h40m 16d 16d
panic: trap type NUM, code=NUM, pc=e6d59 1 16d 16d 16d
SYZFAIL: ioctl remote attach failed (5) 3 7h55m 16d 16d
SYZFAIL: too many calls in output 25 17h29m 16d 16d
openbsd test error: SYZFAIL: failed to recv rpc 23 1d23h 16d 16d
SYZFAIL: failed to send rpc 897 12m 17d 17d
multicore test error: SYZFAIL: setsid failed 8 17d 18d 18d
openbsd test error: no output from test machine 48 1h34m 18d 18d
multicore test error: SYZFAIL: failed to recv rpc 2444 55m 18d 18d
multicore test error: no output from test machine (3) 21 7h46m 18d 18d
panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c" 2 22h59m 31d 31d
panic: trap type NUM, code=NUM, pc=3ca59 10 31d 59d 59d
panic: pool_do_get: pfstate: page empty 1 60d 60d 60d
panic: trap type NUM, code=NUM, pc=3ca09 6 59d 60d 60d
pool: free list modified: pmappl 2 31d 60d 60d
witness: reversal: amaplk vmmaplk 1 61d 61d 61d
uvm_fault: vio_rxeof (2) 1 63d 63d 63d
openbsd build error (21) 111 12d 65d 65d
panic: kernel diagnosticpm aap_susnewirrtei:o nw "irindugp ef o==r N pUmaLp L0xf" ffafiflfedd:NUM 0fil7e9 d"/s6yez4eka8l 1 66d 66d 66d
can't ssh into the instance 363 1d13h 66d 38d
protection_fault: nd6_timer 5 7d05h 66d 66d
uvm_fault: ufs_symlink 1 66d 66d 66d
panic: runtime error: slice bounds out of range [:NUM] with capacity NUM 1 67d 67d 67d
panic:p a nic : kernel diagnostic assertion "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & 1 67d 67d 67d
panic: wd changed: "\x00\x00\x00\x00\x00" -> "/root" 1 67d 67d 67d
panic: pool_do_get: vnodes: page empty 1 68d 68d 68d
panic: vwakeup: neg numoutput 1 69d 69d 69d
panic: runtime error: invalid memory address or nil pointer dereference [recovered] 2 69d 71d 71d
panic: inconsistent bufpage counts 2 59d 71d 71d
protection_fault: sosend 1 72d 72d 72d
panic: m_copydata: short mbuf chain 1 73d 73d 73d
uvm_fault: rw_enter (3) 1 73d 73d 73d
assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c 2 14d 73d 73d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x2401 1 76d 76d 76d
panic: runtime error: index out of range [NUM] with length NUM 1 77d 77d 77d
uvm_fault: ufs_rmdir 1 78d 78d 78d
panic: ffs_blkfree: bad size (4) 1 78d 78d 78d
assert "obj == NULL || UVM_OBJ_IS_DUMMY(obj) || rw_write_held(obj->vmobjlock)" failed in uvm_page.c 1 78d 78d 78d
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock (8) C 175 71d 84d 84d
pool: free list modified: mbufpl (4) 1 85d 85d 85d
panic: reflect: call of reflect.Value.Uint on string Value [recovered] 1 85d 85d 85d
panic: inconsistent poll.fdMutex 4 58d 85d 85d
panic: reflect: call of reflect.Value.Int on string Value [recovered] 1 88d 88d 88d
pool: free list modified: pdppl (4) 6 71d 89d 89d
panic: vrele: ref cnt 2 73d 96d 96d
assert "pmap->pm_type != PMAP_TYPE_EPT" failed in pmap.c (3) 7 4d23h 97d 97d
assert "!ISSET(rt->rt_flags, RTF_LOCAL)" failed in nd6.c (3) 3 58d 99d 99d
uvm_fault: VOP_LOCK (2) 5 13d 101d 101d
uvm_fault: arp_rtrequest (2) 5 77d 102d 102d
pool: cpu free list modified: mbufpl (4) 3 9h18m 102d 102d
uvm_fault: pool_do_get (3) 2 14d 102d 102d
panic: ifa_update_broadaddr does not support dynamic length (3) 20 31d 102d 102d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3efff 9 10d 102d 102d
assert "__mp_lock_held(&sched_lock, curcpu()) == NUM" failed in kern_lock.c (5) 32 31d 106d 106d
panic: vref used where vget required (4) 7 2d03h 107d 107d
uvm_fault: checkalias 4 68d 108d 108d
assert "bp->b_data != NULL" failed in vfs_biomem.c (5) 6 61d 109d 109d
panic: pool_do_get: rwobjpl: page empty 2 89d 109d 109d
uvm_fault: proc_trampoline 3 65d 110d 110d
uvm_fault: witness_checkorder (5) 4 15d 124d 124d
pool: free list modified: rttmr 6 1d02h 127d 127d
panic: runtime error: invalid memory address or nil pointer dereference (9) 6 66d 128d 128d
protection_fault: lf_advlock (4) C 2 76d 129d 129d
assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4) 7 15d 135d 135d
protection_fault: __x86_indirect_thunk_r11 (2) 15 60d 142d 142d
assert "nlevel >= IPL_NONE" failed in intr.c (2) 9 1d03h 143d 143d
panic: softclock: invalid to_clock: NUM 11 2d04h 145d 145d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte ADDR (4) 37 17h06m 146d 146d
panic: softclock: invalid to_clock: -ADDR 15 31d 148d 148d
protection_fault: sys_semop C 2 65d 149d 149d
assert "ps->ps_uvncount == NUM" failed in kern_unveil.c (4) C 64 20h05m 154d 119d
assert "sc->sc_dev == NUM" failed in if_tun.c (5) 242 6h45m 155d 155d
panic: runtime error: index out of range [ADDR] with length NUM 16 67d 155d 155d
uvm_fault: db_read_bytes 38 5d02h 157d 157d
uvm_fault: unveil_add_vnode 3 60d 159d 159d
assert "cifp != NULL" failed in route.c (3) 58 14d 162d 162d
uvm_fault: pool_gc_pages (2) 6 58d 162d 162d
assert "ISSET(bp->b_flags, B_BC)" failed in vfs_bio.c 8 15d 179d 179d
uvm_fault: ffs2_balloc (3) 5 85d 189d 189d
go runtime error 78 31d 210d 210d
assert "pg->wire_count == NUM" failed in vfs_biomem.c (3) 209 11h08m 210d 210d
uvm_fault: pmap_page_remove (5) 10 13d 230d 230d
uvm_fault: km_free (2) 9 59d 232d 232d
assert "dupe == NULL" failed in uvm_page.c (4) 140 12h34m 260d 260d
panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk (3) 30 6h04m 277d 277d
uvm_fault: ktrops (2) C 7 141d 302d 302d
panic: ffs_update: bad link cnt (2) 26 61d 312d 312d
uvm_fault: db_enter (5) 73 14h01m 319d 319d
pool: free list modified: fdescpl (4) 14 66d 326d 326d
uvm_fault: schedclock syz 10 117d 328d 151d
kernel: page fault trap, code=NUM (3) C 63 5d07h 358d 115d
malloc: free list modified: free (4) C 14 60d 379d 379d
panic: trap type NUM, code=NUM, pc=NUM (3) 126 5h16m 409d 409d
witness: lock_object uninitialized: ADDR (3) C 331 13d 482d 341d
uvm_fault: hardclock (5) syz 4 359d 511d 511d
panic: ufsdirhash_lookup: bad offset in hash array (3) C 79 1d08h 522d 228d
kernel: protection fault trap, code=NUM (6) 42 78d 624d 624d
protection_fault: sys_msgrcv (2) C 31 82d 653d 409d
uvm_fault: memcpy (5) C 6 131d 657d 657d
assert "uvn->u_obj.uo_refs == NUM" failed in uvm_vnode.c (2) syz 2 661d 661d 661d
pool: free list modified: sockpl (3) 41 75d 677d 677d
protection_fault: pool_do_put (2) syz 35 16d 681d 358d
panic: vop_generic_badop (2) 84 61d 692d 692d
panic: pmap_unwire: invalid PDE syz 6 72d 715d 657d
no output from test machine (8) C 395054 7m 724d 720d
uvm_fault: ffs_indirtrunc C 4 480d 768d 768d
witness: reversal: vmmaplk inode (3) C 564 6h12m 800d 751d
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM syz 175427 30d 823d 823d
panic: bad dir (3) C 32 14d 829d 657d
panic: uvm_fault_unwire_locked: address not in map (4) C 209 1d19h 845d 826d
uvm_fault: x86_ipi_db (8) 235 17h18m 889d 889d
uvm_fault: ufs_lookup C 45 78d 924d 277d
kernel: double fault trap, code=NUM (2) C 32 3d05h 924d 876d
panic: trap type NUM, code=NUM, pc=ADDR (2) 367 16h26m 931d 931d
protection_fault: ktrops C 256 11d 934d 914d
protection_fault: sblock syz 38 758d 938d 937d
assert "uvm_page_owner_locked_p(pg)" failed in uvm_page.c 1217 5h27m 942d 942d
uvm_fault: fifo_write (2) C 3264 7m 946d 630d
SYZFAIL: tun: read failed syz 44231 4h38m 963d 931d
corrupted report (6) 1430 3h25m 1042d 1042d
uvm_fault: memset C 41 12d 1084d 1084d
SYZFAIL: command failed syz 2546 14h58m 1251d 933d
suppressed report 312899 8m 1251d 1240d
panic: ufs_rename: lost dir entry C 70 8d04h 1625d 863d
lost connection to test machine (2) 840985 1h11m 2041d never