syzbot


fixed bugs (81)
Instances:
Name Active Uptime Corpus Coverage Crashes Execs Kernel build syzkaller build
Commit Freshness Status Commit Freshness Status
ci-openbsd-main now 11h17m 7925 40954 759 844636 e8d9fd7d 18h23m d5696d51 1d23h
ci-openbsd-multicore now 11h08m 7842 43246 948 878505 d8449269 17h39m d5696d51 1d23h
ci-openbsd-setuid now 11h27m 3579 25887 290 1520117 e8d9fd7d 18h23m d5696d51 1d23h
upstream (62):
Title Repro Bisected Count Last Reported
corrupted report (3) 1 9h39m 9h39m
panic: receive 1: so ADDR, so_type 3, sb_cc 48 1 10h21m 10h21m
panic: bad arg kind (2) 1 1d11h 1d11h
assert "ifp != NULL" failed in rtsock.c 2 12h38m 2d06h
panic: m_copym0: short mbuf chain 4 1d09h 2d19h
panic: m_copym0: m == NULL and not COPYALL 6 1h05m 3d19h
panic: receive 3: so ADDR, so_type 3, m ADDR, m_type 0 syz 10 1h18m 4d02h
pool: free list modified: anonpl 1 4d04h 4d04h
uvm_fault: x86_send_ipi 1 4d11h 4d11h
assert "TAILQ_EMPTY(&ifp->if_addrhooks)" failed in if.c 2 3d01h 4d17h
uvm_fault: VOP_ISLOCKED 1 4d19h 4d19h
panic: runtime error: invalid memory address or nil pointer dereference (3) 2 3d08h 9d03h
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST, va = ADDR, pa = ADDR (2) 1 9d08h 9d08h
uvm_fault: m_zero 1 10d 10d
uvm_fault: soreceive 1 14d 14d
panic: receive 3: so ADDR, so_type 1, m ADDR, m_type 0 1 16d 16d
kernel: double fault trap, code=0 (2) syz 2 16d 16d
uvm_fault: bpf_mtap 1 16d 16d
pool: double put: mbufpl (2) 1 17d 17d
uvm_fault: fifo_write 1 17d 17d
panic: m_copydata: null mbuf C 145 1h34m 18d
panic: receive 1: so ADDR, so_type 3, sb_cc 176 3 2d09h 20d
panic: pr_find_pagehead: mbufpl: incorrect page (2) 1 21d 21d
panic: ffs_valloc: dup alloc 2 20d 23d
uvm_fault: in_delmulti syz 5710 now 24d
pool: cpu free list modified: mbufpl syz 388 now 24d
assert "dupe == NULL" failed in uvm_page.c 3 4d08h 27d
uvm_fault: pool_cache_get 1 27d 27d
malloc: free list modified: free 2 26d 28d
panic: free: size too small 24 <= 256 / 2 (ADDR) type in_multi 1 36d 36d
panic: free: non-malloced addr ADDR type in_multi 4 15d 37d
panic: sbdrop 5 17h30m 39d
panic: attempt to access user address ADDR in supervisor mode 3 13d 39d
uvm_fault: tun_clone_destroy 1 42d 42d
panic: amap_pp_adjref: negative reference count 82 4h10m 45d
uvm_fault: amap_pp_adjref 1 45d 45d
panic: uvmspace_fork: no space in map for entry in empty map C 414 57m 45d
uvm_fault 10 30d 45d
panic: receive 1a: so ADDR, so_type 3, m ADDR, m_type 0 syz 11 2h27m 45d
assert "ifa == rt->rt_ifa" failed in nd6.c (2) 263 11d 48d
uvm_fault: in6_purgeaddr 1423 9d10h 50d
assert "rt->rt_ifa->ifa_ifp != NULL" failed in route.c 841 9d09h 50d
panic: attempt to execute user address 1962 9d10h 51d
panic: tcp_output: template len != hdrlen - optlen syz 13 15h18m 51d
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr ADDR+16 0x0!=ADDR (2) syz 47 25d 59d
uvm_fault: vio_rxeof syz 294 22m 59d
assert "cifp != NULL" failed in route.c 89 9d23h 64d
assert "ifp != NULL" failed in if_ether.c 208 11d 65d
uvm_fault: uvm_unmap_remove (2) C 6827 5m 66d
kernel: protection fault trap, code=0 (6) C 28424 now 66d
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock (2) syz 4 9d12h 66d
pool: free list modified: mbufpl (2) syz 71 21m 66d
uvm_fault: memcpy (2) syz 2114 2d19h 67d
uvm_fault: rtable_satoplen (3) syz 237 24d 67d
panic: vref used where vget required 1 75d 75d
uvm_fault: pfi_kif_update 6 17d 144d
assert "!_kernel_lock_held()" failed in kern_fork.c 16 24d 285d
witness: reversal: vmmaplk inode C 96210 now 296d
uvm_fault: pmap_page_remove 7 58d 314d
assert "pg->wire_count == 1" failed in vfs_biomem.c 68 6h32m 325d
lost connection to test machine (2) 571539 now 327d
no output from test machine C 344528 now 401d