syzbot

 sign-in | mailing list | source | docs
🐞 Open [115]
🐞 Fixed [291]
🐞 Invalid [890]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Instances [tested repos]:
Name Last active Uptime Corpus Coverage 🛈 Crashes Execs Kernel build syzkaller build Bugs
Commit Config Freshness Status Commit Freshness Status All Only
ci-openbsd-main now 7h19m 7607 44379 542 865246 909b52fe0f3b .config 10h45m 807a3b61 12h37m all only
ci-openbsd-multicore now 7h26m 7695 47050 648 1594998 909b52fe0f3b .config 10h45m 807a3b61 12h37m all only
ci-openbsd-setuid now 7h13m 4564 29993 1577 471381 909b52fe0f3b .config 10h45m 807a3b61 12h37m all only
upstream (115):
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Last activity
assert "pg->wire_count == NUM" failed in vfs_biomem.c (5) -1 1 5d16h 5d16h 5d16h
uvm_fault: bpfioctl (5) -1 1 13d 13d 13d
uvm_fault: alltraps_kern_meltdown -1 1 19d 19d 19d
panic: pool_p_free: rttmr free list modified: page ADDR; item addr ADDR; offset 0x10=ADDR 2 1 21d 21d 21d
assert "atomic_load_int(&fdp->fd_nuserevents) == NUM" failed in kern_descrip.c -1 2 20d 22d 22d
panic: softclock: invalid to_clock: -ADDR (3) 2 1 26d 26d 26d
protection_fault: sysctl_doproc -1 1 28d 28d 28d
uvm_fault: dt_ioctl_record_stop (2) -1 517 43m 29d 29d
uvm_fault: putc (2) -1 1 39d 39d 39d
panic: unhandled af (5) 2 1 41d 41d 41d
assert "cifp != NULL" failed in route.c (5) -1 2 40d 43d 43d
protection_fault: icmp_mtudisc_timeout (4) -1 5 18d 44d 44d
syzkaller: make host failed: failed to run ["gmake" "host" "ci"]: exit status 2 (5) -1 117 31d 46d 46d
panic: trap type NUM, code=NUM, pc=bd4f9 (2) 2 3 28d 49d 49d
panic: softclock: invalid to_clock: ADDR (4) 2 1 50d 50d 50d
uvm_fault: pmap_page_remove (6) -1 1 50d 50d 50d
SYZFAIL: open of /dev/kcov failed (2) -1 42 22d 51d 51d
protection_fault: pf_anchor_global_RB_REMOVE (2) -1 1 58d 58d 58d
assert "d->bd_in_uiomove == NUM" failed in bpf.c (4) -1 1 61d 61d 61d
panic: kernel diagnostic assertion "refs != ~NUM" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch 2 1 62d 62d 62d
uvm_fault: sys_shmat -1 1 62d 62d 62d
uvm_fault: _copyin -1 5 21d 65d 65d
SYZFAIL: tun: can't open device (6) -1 31 27d 68d 68d
protection_fault: mtx_enter (2) -1 1 71d 71d 71d
assert "(LIST_NEXT(inp, inp_lhash) == NULL) || (LIST_NEXT(inp, inp_lhash) == _Q_INVALID)" failed in in_pcb.c -1 1 78d 78d 78d
assert "!ISSET(inp->inp_flags, INP_IPV6)" failed in in_pcb.c -1 2 78d 78d 78d
protection_fault: in_pcbhash_lookup -1 3 78d 78d 78d
witness: reversal: sbufsnd inode (3) -1 5 4d08h 80d 80d
protection_fault: in6_addmulti (4) -1 1 82d 82d 82d
assert "next != NULL && next->start <= entry->end" failed in uvm_fault.c (5) -1 3 28d 102d 102d
uvm_fault: witness_checkorder (6) -1 30 1d23h 105d 105d
witness: reversal: &sched_lock &cq->cq_mtx -1 4 13d 106d 106d
assert "uvm_page_owner_locked_p(pg, TRUE)" failed in uvm_page.c (2) -1 3 14h30m 107d 107d
assert "kd_lookup(kd->kd_unit) == NULL" failed in kcov.c (3) -1 2 76d 108d 108d
SYZFAIL: dup2(NUM, kInPipeFd) failed (2) -1 2 88d 109d 109d
assert "rn != NULL" failed in pipex.c -1 18 16d 111d 111d
uvm_fault: mtx_enter_try -1 7 17d 115d 115d
uvm_fault: _copyinstr -1 13 26d 118d 118d
assert "(sih->sih_state & SIS_RESTART) == NUM" failed in kern_softintr.c -1 2 63d 121d 121d
protection_fault: __x86_indirect_thunk_r11 (4) -1 4 69d 122d 122d
SYZFAIL: can't reallocate -1 8 6h12m 124d 124d
SYZFAIL: invalid kcov comp type -1 6 80d 126d 126d
witness: reversal: &cq->cq_mtx &sched_lock -1 31 8d22h 130d 130d
uvm_fault: copyout -1 209 1d14h 130d 130d
panic: vrele: v_writecount != NUM 2 2 82d 135d 135d
multicore test error: SYZFATAL: image testing failed w/o kernel bug (2) -1 4 4d19h 135d 135d
uvm_fault: mtx_enter -1 44 2d14h 141d 141d
panic: uvm_fault_unwire_locked: address not in map (5) 2 34 20d 149d 149d
assert "info->rti_ifa->ifa_ifp != NULL" failed in route.c -1 12 84d 174d 174d
panic: chgproccnt: procs < NUM 2 5 3d15h 188d 188d
uvm_fault: savectx (3) -1 129 8h45m 190d 190d
SYZFAIL: repeatedly failed to execute the program (2) -1 10 3d03h 191d 191d
panic: trap type NUM, code=NUM, pc=NUM (4) 2 9 26d 192d 192d
SYZFAIL: coverage filter is full (3) -1 447421 1d08h 192d 192d
protection_fault: bpfdetach -1 31 3d22h 194d 194d
uvm_fault: x86_ipi_db (9) -1 192 8h01m 196d 196d
SYZFAIL: SIGBUS (2) -1 37 6d09h 198d 198d
assert "rdomain == rtable_l2(rdomain)" failed in route.c (2) -1 6 8d19h 200d 200d
assert "sc->sc_dev == NUM" failed in if_tun.c (6) -1 39 1d15h 200d 200d
witness: reversal: fdlock inode -1 4 73d 201d 201d
witness: reversal: sbufrcv inode (2) -1 11 36d 201d 201d
assert "refs != ~NUM" failed in kern_synch.c -1 389 1d01h 202d 202d
SYZFAIL: too many calls in output (2) -1 60 14d 203d 203d
SYZFAIL: posix_spawnp failed -1 430 1h54m 204d 204d
assert "map->limit == rtmap_limit" failed in rtable.c (2) -1 194 2h45m 204d 204d
uvm_fault: proc_trampoline (2) -1 110 12h07m 204d 204d
protection_fault: witness_checkorder (5) -1 7 16d 204d 204d
panic: pledge_namei: ni_pledge (2) 2 5 7d04h 205d 205d
uvm_fault: arp_rtrequest (3) -1 273 1d22h 205d 205d
protection_fault: copyout -1 8 15d 206d 206d
pool: free list modified: shmpl (6) -1 380 1d14h 206d 206d
uvm_fault: db_enter (6) -1 437 21h00m 206d 206d
can't ssh into the instance (2) -1 31501 32m 207d 207d
suppressed report (2) -1 9487 17m 207d 207d
panic: missing alias (6) 2 367 58m 207d 207d
SYZFAIL: failed to recv rpc (4) -1 820 10h12m 207d 207d
panic: trap type NUM, code=NUM, pc=ADDR (3) 2 340 2h25m 207d 207d
corrupted report (7) -1 3676 1h14m 207d 207d
witness: reversal: lock order data missing (5) -1 135311 now 207d 207d
SYZFAIL: ioctl remote attach failed (6) -1 27755 6m 207d 207d
SYZFAIL: failed to mkdtemp (2) -1 28091 now 207d 207d
SYZFAIL: failed to send rpc (2) -1 16187 now 207d 207d
SYZFAIL: tun_id out of range (4) -1 1486807 now 207d 207d
SYZFAIL: failed to mkdir (2) -1 2735 38m 207d 207d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (25) -1 78 22d 261d 255d
SYZFAIL: too much cover -1 197 4d20h 376d 376d
SYZFAIL: pipe failed -1 66 3d23h 411d 411d
pool: free list modified: rttmr -1 94 10h36m 526d 526d
protection_fault: lf_advlock (4) -1 C 20 10h59m 528d 528d
protection_fault: sys_semop -1 C 138 2h03m 548d 548d
uvm_fault: ktrops (2) -1 C 165 3h44m 701d 701d
uvm_fault: schedclock -1 syz 11 358d 727d 550d
kernel: page fault trap, code=NUM (3) -1 C 92 4d23h 757d 514d
malloc: free list modified: free (4) -1 C 23 4d15h 778d 778d
uvm_fault: hardclock (5) -1 syz 4 758d 910d 910d
panic: ufsdirhash_lookup: bad offset in hash array (3) 2 C 79 4d08h 921d 627d
protection_fault: sys_msgrcv (2) -1 C 159 7d23h 1052d 808d
uvm_fault: memcpy (5) -1 C 42 7h12m 1056d 1056d
assert "uvn->u_obj.uo_refs == NUM" failed in uvm_vnode.c (2) -1 syz 2 1060d 1060d 1060d
panic: pmap_unwire: invalid PDE 2 syz 6 471d 1114d 1056d
no output from test machine (8) -1 C 680840 now 1123d 1119d
uvm_fault: ffs_indirtrunc -1 C 5 139d 1167d 1167d
witness: reversal: vmmaplk inode (3) -1 C 1060 52d 1199d 1150d
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM -1 syz 175427 11d 1222d 1222d
panic: bad dir (3) 2 C 180 2d22h 1228d 1056d
uvm_fault: ufs_lookup -1 C 93 4d08h 1323d 675d
kernel: double fault trap, code=NUM (2) -1 C 34 380d 1323d 1275d
protection_fault: ktrops -1 C 259 384d 1333d 1313d
protection_fault: sblock -1 syz 38 1157d 1337d 1336d
uvm_fault: fifo_write (2) -1 C 3430 359d 1344d 1029d
SYZFAIL: tun: read failed -1 syz 291937 now 1362d 1330d
uvm_fault: memset -1 C 86 11d 1483d 1483d
SYZFAIL: command failed -1 syz 13556 1h49m 1650d 1332d
panic: ufs_rename: lost dir entry 2 C 124 5h42m 2024d 1262d
lost connection to test machine (2) -1 868238 16m 2440d never