syzbot

 sign-in | mailing list | source | docs
🐞 Open [164]
🐞 Fixed [271]
🐞 Invalid [704]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

Instances [tested repos]:
Name Last active Uptime Corpus Coverage 🛈 Crashes Execs Kernel build syzkaller build Bugs
Commit Config Freshness Status Commit Freshness Status All Only
ci-openbsd-main now 4h44m 7125 41758 317 1252340 1a81a8e6e44b .config 8h17m 9d74f456 5h33m all only
ci-openbsd-multicore now 4h44m 7508 44660 1252 3224752 1a81a8e6e44b .config 8h17m 9d74f456 5h33m all only
ci-openbsd-setuid now 4h44m 4628 29953 224 9913398 1a81a8e6e44b .config 8h17m 9d74f456 5h33m all only
upstream (164):
Title Repro Cause bisect Fix bisect Count Last Reported Last activity
panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: 1 18h09m 18h09m 18h09m
panic: mutex 0xffffWAfRd8N0I7NeG:b7 8S8PL1 NUM noNtO T heLOlWd EiREnD m tOxN SY_SlCeaALL v7e5 NUM 1 1d07h 1d07h 1d07h
panic: mutex ADDR not held in mtx_leave 1190 1d07h 1d14h 1d14h
panic: kernel diagnostic assertion "map->limit == rtmap_limit" f 1 2d09h 2d09h 2d09h
panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg) 65 1h26m 3d11h 3d11h
panic: kernel diagnostic assertion "ps->ps_uvncount == NUM" faile 81 51m 3d11h 3d11h
panic: kernel diagnostic assertion "pg->wire_count == NUM" failed 18 41m 3d12h 3d12h
SYZFAIL: failed to recv rpc (3) 391 now 5d13h 5d13h
panic: kernel diagnostic assert 1 7d02h 7d02h 7d02h
malloc: free list modified: proc 1 10d 10d 10d
panic: Non dma-reachable buffer at curaddr ADDR(raw) (3) 2 13d 13d 13d
uvm_fault: lf_advlock 1 14d 14d 14d
assert "rdomain == rtable_l2(rdomain)" failed in route.c 1 17d 17d 17d
panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed 1 18d 18d 18d
assert "pr->ps_threadcnt == NUM" failed in kern_exit.c 1 20d 20d 20d
witness: lock_obwitness_checkordwitness_checkordrw_enter_write(ADDR)rw_enter_write+0unveil_delete_naunveil_delete_naunve 1 21d 21d 21d
uvm_fault: uao_detach 2 23d 26d 26d
panic: ffs_blkfree: freeing free frag 1 27d 27d 27d
panic: pfi_attach_ifnet: pfi_kif_get failed 1 30d 30d 30d
assert "kd_lookup(kd->kd_unit) == NULL" failed in kcov.c 1 31d 31d 31d
panic: pool_do_get: shmpl free list modified: page ADDR; item addr ADDR; offset 0x0=0x0 != ADDR 1 32d 32d 32d
protection_fault: in6_addmulti (3) 1 34d 34d 34d
witness: lock_object uninitializwitness_checkorder(ADDRwitness_checkordrw_enter_write(frw_enter_write+0unveil_delete_nau 1 36d 36d 36d
uvm_fault: ufsdirhash_findfree 1 37d 37d 37d
panic: ffs2_balloc: unwind failed 1 38d 38d 38d
panic: thread NUM p_stat is NUM (2) 1 38d 38d 38d
uvm_fault: ffs_alloccg 1 38d 38d 38d
uvm_fault: ffs_nodealloccg (2) 2 38d 39d 39d
uvm_fault: ffs_fragextend 2 39d 39d 39d
uvm_fault: ffs_blkfree 6 38d 39d 39d
panic: pledge_namei: ni_pledge 1 39d 39d 39d
uvm_fault: ufs_direnter (3) 3 37d 39d 39d
uvm_fault: ffs_freefile 2 38d 39d 39d
protection_fault: icmp_mtudisc_timeout (2) 1 41d 41d 41d
panic: trap type NUM, code=NUM, pc=e9779 133 12d 41d 41d
panic: trap type NUM, code=NUM, pc=e94f9 4 42d 42d 42d
protection_fault: witness_checkorder (4) 1 43d 43d 43d
assert "uvm_page_owner_locked_p(pg)" failed in managers/multicore/kernel/sys/uvm/uvm_page.c 1 43d 43d 43d
panic: malloc: out of space in kmem_map (3) 1 45d 45d 45d
panic: ffs_freefile: freeing free inode (2) 1 46d 46d 46d
uvm_fault: ffs2_balloc (4) 17 37d 48d 48d
panic: trap type NUM, code=NUM, pc=e9509 36 43d 49d 49d
uvm_fault: softclock (5) 1 50d 50d 50d
uvm_fault: unveil_add_vnode (2) 8 1d19h 53d 53d
panic: trap type NUM, code=NUM, pc=e9439 1 53d 53d 53d
kernel: protection fault trap, code=NUM (7) 6 6d19h 57d 57d
panic: ffs_valloc: dup alloc (2) 47 27d 57d 57d
pool: double put: shmpl 4 2d15h 59d 59d
panic: malloc: allocation too large, type = NUM, size = ADDR (2) 5 40d 61d 61d
multicore build error (19) 3 12d 63d 63d
protection_fault: __x86_indirect_thunk_r11 (3) 9 13d 65d 65d
SYZFAIL: too much cover 5 2d11h 65d 65d
pool: free list modified: shmpl (5) 27 2d11h 65d 65d
witness: reversal: sbufsnd inode 4 1d20h 67d 67d
panic: trap type NUM, code=NUM, pc=e8fb9 3 67d 68d 68d
assert "start >= vm_map_min(map) && end <= vm_map_max(map)" failed in uvm_fault.c 1 70d 70d 70d
protection_fault: reaper 7 16d 70d 70d
panic: vpaopni_cg:en keerrinecl_b daidaogpn 1 70d 70d 70d
pool: free list modified: inpcb (3) 1 74d 74d 74d
SYZFAIL: SIGBUS 925 1d00h 75d 75d
witness: reversal: sbufrcv inode 2 75d 75d 75d
protection_fault: fill_file (4) 1 76d 76d 76d
protection_fault: done_flush (3) 5 62d 76d 76d
panic: pmap_remove_ptes: managed page without PG_PVLIST: va ADDR, opte ADDR (2) 1 77d 77d 77d
panic: softclock: invalid to_clock: ADDR (2) 4 5d17h 78d 78d
panic: trap type NUM, code=NUM, pc=e8f59 1 78d 78d 78d
panic: free: size too small NUM <= NUM / NUM (ADDR) type shm 2 31d 81d 81d
panic: pmap_remove_pte: unmanaged page marked PG_PVLIST: va ADDR, opte ADDR 1 82d 82d 82d
openbsd test error: lost connection to test machine (3) 1 83d 83d 83d
uvm_fault: dopselect 1 84d 84d 84d
panic: pr_find_pagehead: pdppl: incorrect page (2) 1 85d 85d 85d
panic: trap type NUM, code=NUM, pc=e88b9 4 84d 87d 87d
panic: curcpu->ci_proc_pmap didn't point to previous pmap 1 88d 88d 88d
uvm_fault: savectx (2) 33 1d09h 88d 88d
panic: vput: ref cnt (2) 1 89d 89d 89d
panic: assertwaitok: non-zero mutex count: NUM (2) 138 2d00h 92d 92d
panic: missing alias (5) 28 9h42m 92d 92d
SYZFAIL: posix_spawn failed 83 9h13m 92d 92d
SYZFAIL: failed to mkdtemp 18766 18m 99d 99d
SYZFAIL: failed to mkdir 2708 3h31m 99d 99d
SYZFAIL: pipe failed 10 11d 100d 100d
uvm_fault: vm_terminate 4 63d 101d 101d
SYZFAIL: repeatedly failed to execute the program 8 38d 101d 101d
assert "map->limit == rtmap_limit" failed in rtable.c 61 2d10h 102d 102d
SYZFAIL: SIGSEGV 10 44d 103d 103d
SYZFAIL: tun: can't open device (4) 8 1d23h 103d 103d
witness: reversal: lock order data missing (4) 40596 now 103d 103d
SYZFAIL: ioctl remote attach failed (5) 199 3h00m 104d 104d
SYZFAIL: too many calls in output 52 3d18h 104d 104d
SYZFAIL: failed to send rpc 5790 now 104d 104d
panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c" 2 88d 118d 118d
pool: free list modified: pmappl 3 62d 148d 148d
openbsd build error (21) 114 25d 152d 152d
can't ssh into the instance 488 1d00h 153d 126d
protection_fault: nd6_timer 8 65d 153d 153d
panic: vwakeup: neg numoutput 2 76d 156d 156d
panic: inconsistent bufpage counts 3 57d 159d 159d
uvm_fault: rw_enter (3) 2 84d 161d 161d
assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c 8 1d07h 161d 161d
panic: ffs_blkfree: bad size (4) 5 67d 165d 165d
pool: free list modified: pdppl (4) 7 86d 177d 177d
panic: vrele: ref cnt 4 60d 184d 184d
assert "pmap->pm_type != PMAP_TYPE_EPT" failed in pmap.c (3) 8 58d 185d 185d
assert "!ISSET(rt->rt_flags, RTF_LOCAL)" failed in nd6.c (3) 4 59d 186d 186d
uvm_fault: arp_rtrequest (2) 18 16d 189d 189d
pool: cpu free list modified: mbufpl (4) 5 70d 189d 189d
panic: ifa_update_broadaddr does not support dynamic length (3) 37 20d 190d 190d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3efff 11 58d 190d 190d
panic: vref used where vget required (4) 9 71d 195d 195d
uvm_fault: checkalias 8 70d 196d 196d
uvm_fault: proc_trampoline 6 26d 198d 198d
uvm_fault: witness_checkorder (5) 6 25d 211d 211d
pool: free list modified: rttmr 9 12d 214d 214d
protection_fault: lf_advlock (4) C 3 4d13h 217d 217d
assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4) 10 1d08h 223d 223d
assert "nlevel >= IPL_NONE" failed in intr.c (2) 67 2d22h 231d 231d
panic: softclock: invalid to_clock: NUM 14 10d 233d 233d
panic: softclock: invalid to_clock: -ADDR 22 1d16h 235d 235d
protection_fault: sys_semop C 3 4d05h 236d 236d
assert "ps->ps_uvncount == NUM" failed in kern_unveil.c (4) C 6341 now 241d 207d
assert "sc->sc_dev == NUM" failed in if_tun.c (5) 355 15d 242d 242d
uvm_fault: db_read_bytes 94 11d 245d 245d
assert "cifp != NULL" failed in route.c (3) 198 2d14h 250d 250d
uvm_fault: pool_gc_pages (2) 9 61d 250d 250d
assert "pg->wire_count == NUM" failed in vfs_biomem.c (3) 1346 32m 298d 298d
uvm_fault: pmap_page_remove (5) 16 7d20h 318d 318d
uvm_fault: km_free (2) 10 72d 319d 319d
panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk (3) 164 4h01m 364d 364d
uvm_fault: ktrops (2) C 41 1d15h 389d 389d
uvm_fault: db_enter (5) 284 3h06m 407d 407d
uvm_fault: schedclock syz 11 47d 415d 238d
kernel: page fault trap, code=NUM (3) C 73 14d 445d 203d
malloc: free list modified: free (4) C 16 2d12h 467d 466d
panic: trap type NUM, code=NUM, pc=NUM (3) 206 1d06h 496d 496d
witness: lock_object uninitialized: ADDR (3) C 3486 2d17h 570d 428d
uvm_fault: hardclock (5) syz 4 447d 599d 599d
panic: ufsdirhash_lookup: bad offset in hash array (3) C 79 18d 610d 315d
protection_fault: sys_msgrcv (2) C 31 170d 740d 497d
uvm_fault: memcpy (5) C 20 37d 744d 744d
assert "uvn->u_obj.uo_refs == NUM" failed in uvm_vnode.c (2) syz 2 748d 748d 748d
protection_fault: pool_do_put (2) syz 36 73d 769d 445d
panic: vop_generic_badop (2) 91 48d 779d 779d
panic: pmap_unwire: invalid PDE syz 6 159d 802d 744d
no output from test machine (8) C 488044 now 812d 808d
uvm_fault: ffs_indirtrunc C 4 567d 856d 856d
witness: reversal: vmmaplk inode (3) C 858 12h01m 888d 838d
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM syz 175427 19d 910d 910d
panic: bad dir (3) C 36 61d 917d 745d
panic: uvm_fault_unwire_locked: address not in map (4) C 425 10h29m 932d 913d
uvm_fault: x86_ipi_db (8) 329 3h21m 976d 976d
uvm_fault: ufs_lookup C 84 37d 1012d 364d
kernel: double fault trap, code=NUM (2) C 34 69d 1012d 963d
panic: trap type NUM, code=NUM, pc=ADDR (2) 464 2d22h 1019d 1019d
protection_fault: ktrops C 259 73d 1022d 1002d
protection_fault: sblock syz 38 846d 1025d 1025d
assert "uvm_page_owner_locked_p(pg)" failed in uvm_page.c 6583 10m 1030d 1030d
uvm_fault: fifo_write (2) C 3430 47d 1033d 718d
SYZFAIL: tun: read failed syz 58709 14m 1050d 1019d
corrupted report (6) 2110 2h05m 1129d 1129d
uvm_fault: memset C 78 6d21h 1171d 1171d
SYZFAIL: command failed syz 12780 3h43m 1338d 1021d
suppressed report 335180 23m 1339d 1328d
panic: ufs_rename: lost dir entry C 109 6h31m 1712d 950d
lost connection to test machine (2) 849348 16m 2129d never