syzbot

 sign-in | mailing list | source | docs
🐞 Open [152]
🐞 Fixed [292]
🐞 Invalid [921]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Instances [tested repos]:
Name Last active Uptime Corpus Coverage 🛈 Crashes Execs Kernel build syzkaller build Bugs
Commit Config Freshness Status Commit Freshness Status All Only
ci-openbsd-main now 12h25m 8225 45421 2124 4567269 2f3d0dde3672 .config 17h42m cee4cb10 1d14h all only
ci-openbsd-multicore now 12h34m 8128 47836 2425 7099114 2f3d0dde3672 .config 17h42m cee4cb10 1d14h all only
ci-openbsd-setuid now 12h17m 4655 30177 7517 2293576 2f3d0dde3672 .config 17h42m cee4cb10 1d14h all only
upstream (152):
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Last activity
panic: pmap_remove_pte: unmanaged page marked PG_PVLIST: va ADDR, opte ADDR (2) 2 1 2h05m 2h05m 2h05m
assert "pg->wire_count == NUM" failed in vfs_biomem.c (6) -1 1 2d12h 2d12h 2d12h
uvm_fault: VOP_ISLOCKED (3) -1 1 2d15h 2d15h 2d15h
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (26) -1 3 3d13h 3d13h 3d13h
protection_fault: pool_p_free -1 1 4d12h 4d12h 4d12h
pool: free list modified: mbufpl (5) -1 1 5d20h 5d20h 5d20h
panic: pmap_do_remove: unmanaged PTP detected 2 1 6d08h 6d08h 6d08h
SYZFAIL: no call -1 1 6d16h 6d16h 6d16h
kernel: protection fault trap, code=NUM (9) -1 1 6d23h 6d23h 6d23h
assert "!pmap_is_ept(pmap)" failed in pmap.c -1 1 7d04h 7d04h 7d04h
uvm_fault: VOP_LOCK (3) -1 1 8d04h 8d04h 8d04h
uvm_fault: rn_add_radix_mask -1 1 8d19h 8d19h 8d19h
panic: pool_do_get: sosppl: page empty 2 1 9d20h 9d20h 9d20h
assert "ISSET(bp->b_flags, B_BC)" failed in vfs_bio.c (2) -1 1 10d 10d 10d
panic: curcpu->ci_proc_pmap didn't point to previous pmap (2) 2 1 10d 10d 10d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3efff (2) 2 1 10d 10d 10d
pool: free list modified: pdppl (5) -1 1 11d 11d 11d
panic: pmap_enter: PG_PVLIST mapping with unmanaged page: va ADDR, opte ADDR, pa ADDR (3) 2 1 11d 11d 11d
uvm_fault: vm_terminate (2) -1 1 12d 12d 12d
SYZFAIL: SIGSEGV (2) -1 6 2d20h 14d 14d
panic: kernel diagnostic assertio 2 1 14d 14d 14d
panic: pool_do_get: sockpl: page empty 2 1 15d 15d 15d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte ADDR (5) 2 9 14h39m 16d 16d
protection_fault: pmap_clear_attrs -1 2 15d 16d 16d
protection_fault: done_flush (4) -1 13 11h57m 18d 18d
uvm_fault: ffs_write -1 1 19d 19d 19d
openbsd build error (24) -1 1 19d 19d 19d
multicore build error (20) -1 2 19d 19d 19d
panic: pmap_remove_ptes: managed page without PG_PVLIST: va ADDR, opte ADDR (3) 2 1 20d 20d 20d
uvm_fault: pmap_page_remove (7) -1 3 10d 23d 23d
pool: free list modified: namei -1 1 23d 23d 23d
panic: vrele: v_writecount != NUM (2) 2 1 23d 23d 23d
assert "amap->am_buckets[bucket] == NULL" failed in uvm_amap.c -1 2 8d04h 24d 24d
panic: uao_find_swhash_elt: can't allocate entry 2 21 2d01h 26d 26d
assert "dupe == NULL" failed in uvm_page.c (5) -1 28 3h43m 26d 26d
openbsd test error: can't ssh into the instance -1 2 29d 29d 29d
multicore test error: can't ssh into the instance -1 4 29d 29d 29d
panic: mtx ADDR: locking against myself (3) 2 1 29d 29d 29d
assert "pr->ps_threadcnt == NUM" failed in kern_exit.c (2) -1 8 8d03h 33d 33d
panic: trap type NUM, code=NUM, pc=bd929 2 1 38d 38d 38d
protection_fault: leavepgrp -1 1 41d 41d 41d
protection_fault: mtx_enter (3) -1 42 3d23h 41d 41d
witness: reversal: fdlock inode (2) -1 1 41d 41d 41d
pool: free list modified: pvpl (2) -1 1 43d 43d 43d
uvm_fault: nd6_rtrequest -1 1 47d 47d 47d
uvm_fault: spec_getattr (2) -1 2 38d 54d 54d
multicore test error: lost connection to test machine (3) -1 1 56d 56d 56d
assert "info->rti_ifa->ifa_ifp != NULL" failed in route.c (2) -1 4 12d 57d 57d
SYZFAIL: tun: can't open device (7) -1 93 23h38m 58d 58d
uvm_fault: uao_detach (2) -1 2 2d19h 58d 58d
SYZFAIL: dup2(NUM, kInPipeFd) failed (3) -1 141 14d 58d 58d
panic: ffs_valloc: dup alloc (4) 2 6 48d 60d 60d
panic: ffs2_balloc: unwind failed (3) 2 1 62d 62d 62d
uvm_fault: sys_shmat (2) -1 3 3d01h 64d 64d
witness: denied attempt to set clock forward to ADDR (3) -1 1 66d 66d 66d
assert "kd_lookup(kd->kd_unit) == NULL" failed in kcov.c (4) -1 2 21d 66d 66d
witness: lock_object uninitialized: ADDR (4) -1 1 69d 69d 69d
uvm_fault: ffs_nodealloccg (3) -1 1 69d 69d 69d
panic: uvmW_AfaRuNlItNG_:unwi rSPeL_ loNOckTe Ld:OW EaRdEdDr eOsNs SnYoStC AiLn mLa p7 2 1 77d 77d 77d
protection_fault: malloc (2) -1 1 79d 79d 79d
uvm_fault: ffs_fragextend (2) -1 1 82d 82d 82d
uvm_fault: ffs_alloccg (2) -1 2 82d 82d 82d
uvm_fault: ufs_direnter (5) -1 1 82d 82d 82d
uvm_fault: ffs_freefile (2) -1 1 82d 82d 82d
uvm_fault: ffs2_balloc (6) -1 6 51d 82d 82d
SYZFAIL: mmap of input file failed -1 1 83d 83d 83d
protection_fault: memcmp -1 1 85d 85d 85d
assert "refs > NUM" failed in kern_synch.c -1 3 4d11h 86d 86d
uvm_fault: bpfioctl (5) -1 2 38d 110d 110d
uvm_fault: alltraps_kern_meltdown -1 2 56d 116d 116d
panic: softclock: invalid to_clock: -ADDR (3) 2 4 7d20h 123d 123d
uvm_fault: dt_ioctl_record_stop (2) -1 2373 47m 125d 125d
panic: unhandled af (5) 2 5 45d 138d 138d
assert "cifp != NULL" failed in route.c (5) -1 6 2d19h 139d 139d
protection_fault: icmp_mtudisc_timeout (4) -1 7 22d 141d 141d
panic: softclock: invalid to_clock: ADDR (4) 2 3 74d 146d 146d
SYZFAIL: open of /dev/kcov failed (2) -1 74 10d 148d 148d
protection_fault: pf_anchor_global_RB_REMOVE (2) -1 5 8d23h 155d 155d
witness: reversal: sbufsnd inode (3) -1 10 26d 176d 176d
assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (5) -1 7 23d 198d 198d
uvm_fault: witness_checkorder (6) -1 57 3d12h 202d 202d
witness: reversal: &sched_lock &cq->cq_mtx -1 5 40d 203d 203d
assert "uvm_page_owner_locked_p(pg, TRUE)" failed in uvm_page.c (2) -1 7 12d 204d 204d
assert "rn != NULL" failed in pipex.c -1 43 7h51m 208d 208d
uvm_fault: mtx_enter_try -1 15 4d14h 212d 212d
SYZFAIL: can't reallocate -1 34 14d 220d 220d
witness: reversal: &cq->cq_mtx &sched_lock -1 42 22d 226d 226d
uvm_fault: mtx_enter -1 103 20h08m 237d 237d
panic: uvm_fault_unwire_locked: address not in map (5) 2 87 5d21h 246d 246d
panic: chgproccnt: procs < NUM 2 7 7d01h 285d 285d
uvm_fault: savectx (3) -1 363 4h19m 287d 287d
SYZFAIL: repeatedly failed to execute the program (2) -1 23 7d21h 288d 288d
panic: trap type NUM, code=NUM, pc=NUM (4) 2 18 5d08h 288d 288d
SYZFAIL: coverage filter is full (3) -1 555572 5d22h 289d 289d
protection_fault: bpfdetach -1 44 15d 291d 291d
uvm_fault: x86_ipi_db (9) -1 342 1h54m 292d 292d
SYZFAIL: SIGBUS (2) -1 616 7d02h 295d 295d
assert "rdomain == rtable_l2(rdomain)" failed in route.c (2) -1 8 89d 297d 297d
assert "sc->sc_dev == NUM" failed in if_tun.c (6) -1 105 19d 297d 297d
witness: reversal: sbufrcv inode (2) -1 13 59d 298d 298d
assert "refs != ~NUM" failed in kern_synch.c -1 842 3h25m 299d 299d
SYZFAIL: too many calls in output (2) -1 66 2d21h 300d 300d
SYZFAIL: posix_spawnp failed -1 1153 now 301d 301d
assert "map->limit == rtmap_limit" failed in rtable.c (2) -1 369 1h16m 301d 301d
uvm_fault: proc_trampoline (2) -1 245 12h28m 301d 301d
protection_fault: witness_checkorder (5) -1 12 14d 301d 301d
panic: pledge_namei: ni_pledge (2) 2 11 22d 302d 302d
uvm_fault: arp_rtrequest (3) -1 323 1d06h 302d 302d
pool: free list modified: shmpl (6) -1 571 8h24m 303d 303d
uvm_fault: db_enter (6) -1 528 1d05h 303d 303d
can't ssh into the instance (2) -1 34606 1h04m 303d 303d
suppressed report (2) -1 14036 1h07m 303d 303d
panic: missing alias (6) 2 939 6m 303d 303d
SYZFAIL: failed to recv rpc (4) -1 1344 8h34m 303d 303d
panic: trap type NUM, code=NUM, pc=ADDR (3) 2 674 3h10m 303d 303d
corrupted report (7) -1 6703 33m 304d 304d
witness: reversal: lock order data missing (5) -1 180835 13m 304d 304d
SYZFAIL: ioctl remote attach failed (6) -1 44266 8m 304d 304d
SYZFAIL: failed to mkdtemp (2) -1 74767 1h39m 304d 304d
SYZFAIL: failed to send rpc (2) -1 22867 9m 304d 304d
SYZFAIL: tun_id out of range (4) -1 2273153 now 304d 304d
SYZFAIL: failed to mkdir (2) -1 9193 11h16m 304d 304d
SYZFAIL: too much cover -1 297 46m 473d 473d
SYZFAIL: pipe failed -1 6687 1d09h 508d 508d
pool: free list modified: rttmr -1 140 2d10h 622d 622d
protection_fault: lf_advlock (4) -1 C 38 1d13h 625d 625d
protection_fault: sys_semop -1 C 245 3h02m 644d 644d
uvm_fault: ktrops (2) -1 C 224 2d02h 797d 797d
uvm_fault: schedclock -1 syz 11 455d 823d 646d
kernel: page fault trap, code=NUM (3) -1 C 92 6d13h 854d 611d
malloc: free list modified: free (4) -1 C 26 10d 875d 874d
uvm_fault: hardclock (5) -1 syz 4 855d 1007d 1007d
panic: ufsdirhash_lookup: bad offset in hash array (3) 2 C 96 now 1018d 724d
protection_fault: sys_msgrcv (2) -1 C 164 44d 1148d 905d
uvm_fault: memcpy (5) -1 C 62 10d 1153d 1153d
assert "uvn->u_obj.uo_refs == NUM" failed in uvm_vnode.c (2) -1 syz 2 1156d 1156d 1156d
panic: pmap_unwire: invalid PDE 2 syz 6 567d 1211d 1152d
no output from test machine (8) -1 C 756216 now 1220d 1216d
uvm_fault: ffs_indirtrunc -1 C 6 62d 1264d 1264d
witness: reversal: vmmaplk inode (3) -1 C 1061 8d21h 1296d 1246d
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM -1 syz 175427 10d 1319d 1319d
panic: bad dir (3) 2 C 185 2d01h 1325d 1153d
uvm_fault: ufs_lookup -1 C 99 31d 1420d 772d
kernel: double fault trap, code=NUM (2) -1 C 34 477d 1420d 1372d
protection_fault: ktrops -1 C 259 481d 1430d 1410d
protection_fault: sblock -1 syz 38 1254d 1434d 1433d
uvm_fault: fifo_write (2) -1 C 3430 455d 1441d 1126d
SYZFAIL: tun: read failed -1 syz 431687 now 1459d 1427d
uvm_fault: memset -1 C 100 38d 1579d 1579d
SYZFAIL: command failed -1 syz 14946 2h09m 1747d 1429d
panic: ufs_rename: lost dir entry 2 C 133 4d17h 2120d 1358d
lost connection to test machine (2) -1 891545 24m 2537d never