syzbot

 sign-in | mailing list | source | docs
🐞 Open [140] 🐞 Fixed [269] 🐞 Invalid [579] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

Instances [tested repos]:
Name Last active Uptime Corpus Coverage 🛈 Crashes Execs Kernel build syzkaller build
Commit Config Freshness Status Commit Freshness Status
ci-openbsd-main now 3h55m 6543 39508 118 433632 fbadb84b3757 .config 8h27m de979bc2 20h21m
ci-openbsd-multicore now 3h45m 6248 41698 189 890870 fbadb84b3757 .config 8h27m de979bc2 20h21m
ci-openbsd-setuid now 3h37m 3844 28392 171 794381 fbadb84b3757 .config 8h27m de979bc2 20h21m
upstream (140):
Title Repro Cause bisect Fix bisect Count Last Reported Last activity
uvm_fault: ufs_rmdir 1 40m 39m 39m
panic: ffs_blkfree: bad size (4) 1 1h55m 1h54m 1h54m
assert "obj == NULL || UVM_OBJ_IS_DUMMY(obj) || rw_write_held(obj->vmobjlock)" failed in uvm_page.c 1 6h18m 6h17m 6h17m
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock (8) C 82 10h17m 6d11h 6d06h
panic: trap type NUM, code=NUM, pc=3c6d9 17 8h34m 6d22h 6d22h
pool: free list modified: mbufpl (4) 1 7d05h 7d05h 7d05h
panic: reflect: call of reflect.Value.Uint on string Value [recovered] 1 7d09h 7d09h 7d09h
panic: inconsistent poll.fdMutex 1 7d15h 7d15h 7d15h
panic: reflect: call of reflect.Value.Int on string Value [recovered] 1 10d 10d 10d
pool: free list modified: pdppl (4) 5 2d16h 11d 11d
uvm_fault (3) 1 17d 17d 17d
panic: uvm_fault_WuAnRwNiIrNe_lGoc: SPLke d: NaOTddr essL OnWoEtRED iOnN mSapY 1 18d 18d 18d
panic: pool_do_get: sigapl: page empty 1 18d 18d 18d
panic: vrele: ref cnt 1 18d 18d 18d
panic: pool_do_get: pkpcb: page empty 1 18d 18d 18d
assert "pmap->pm_type != PMAP_TYPE_EPT" failed in pmap.c (3) 3 2d02h 19d 19d
panic: vop (2) 1 19d 19d 19d
panic: trap type NUM, code=NUM, pc=3c729 39 8d08h 20d 20d
assert "!ISSET(rt->rt_flags, RTF_LOCAL)" failed in nd6.c (3) 1 21d 21d 21d
assert "(pg->pg_flags & PG_BUSY) == NUM" failed in pmap.c 11 2d21h 22d 22d
panic: pool_do_get: filepl: page empty 1 22d 22d 22d
assert "mo->ro_magic == RWLOCK_OBJ_MAGIC" failed in kern_rwlock.c 1 23d 23d 23d
uvm_fault: VOP_LOCK (2) 3 2d23h 23d 23d
panic: trap type NUM, code=NUM, pc=3c709 1 23d 23d 23d
uvm_fault: arp_rtrequest (2) 4 9d06h 24d 24d
pool: cpu free list modified: mbufpl (4) 1 24d 24d 24d
uvm_fault: pool_do_get (3) 1 24d 24d 24d
panic: ifa_update_broadaddr does not support dynamic length (3) 9 2d01h 24d 24d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3efff 1 24d 24d 24d
protection_fault: solock_shared 2 22d 25d 25d
panic: broken type ref (4) 3 24d 25d 25d
panic: thread NUM p_stat is NUM 1 26d 26d 26d
assert "__mp_lock_held(&sched_lock, curcpu()) == NUM" failed in kern_lock.c (5) 13 4d04h 28d 28d
protection_fault: ifaof_ifpforaddr 2 28d 28d 28d
panic: vop_generConnection to us-central1-ssh-serialport.googleapis.com closed by remote host. 1 28d 28d 28d
panic: ffs_fsync: not dirty 3 18d 28d 28d
panic: vref used where vget required (4) 3 9h18m 29d 29d
panic: ffs_freefile: freeing free inode 1 30d 30d 30d
panic: pmap_enter: PG_PVLIST mapping with unmanaged page: va ADDR, opte ADDR, pa ADDR (2) 1 30d 30d 30d
uvm_fault: checkalias 2 2d18h 30d 30d
panic: trap type NUM, code=NUM, pc=3c7a9 2 25d 30d 30d
protection_fault: strlcpy 1 30d 30d 30d
panic: time: Stop called on uninitialized Timer 2 26d 31d 31d
assert "bp->b_data != NULL" failed in vfs_biomem.c (5) 5 16d 31d 31d
panic: pool_do_get: rwobjpl: page empty 2 11d 31d 31d
uvm_fault: proc_trampoline 2 21d 32d 32d
pool: free list modified: tcpcb 1 34d 34d 34d
multicore boot error: can't ssh into the instance (6) 3 34d 34d 34d
multicore test error: SYZFATAL: BUG: failed to run executor version: failed to run ["./syz-executor" "version"]: signal: bad system call (core 249 38d 42d 42d
uvm_fault: kcov_remote_enter (2) 2 31d 42d 42d
panic: (4) 1 45d 45d 45d
uvm_fault: witness_checkorder (5) 2 20d 46d 46d
uvm_fault: bpfioctl (4) 1 46d 46d 46d
assert "fp->f_count >= NUM" failed in kern_descrip.c 1 46d 46d 46d
uvm_fault: ufs_direnter (2) 1 48d 48d 48d
pool: free list modified: rttmr 4 8d05h 49d 49d
panic: runtime error: invalid memory address or nil pointer dereference (9) 4 24d 50d 50d
protection_fault: lf_advlock (4) C 1 37d 51d 51d
panic: wakeup: p_stat is NUM (4) 1 53d 53d 53d
uvm_fault: VOP_BWRITE 1 54d 54d 54d
panic: bad arg kind: <nil> (13) 1 57d 57d 57d
assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4) 5 7d07h 57d 57d
uvm_fault: strcmp 1 63d 63d 63d
assert "scan->kqs_start.kn_filter == EVFILT_MARKER" failed in kern_event.c 1 64d 64d 64d
protection_fault: __x86_indirect_thunk_r11 (2) 12 15d 64d 64d
uvm_fault: softclock (4) 9 34d 65d 65d
assert "nlevel >= IPL_NONE" failed in intr.c (2) 1 65d 65d 65d
protection_fault: witness_checkorder (3) 1 66d 66d 66d
panic: softclock: invalid to_clock: NUM 9 2d19h 67d 67d
panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte ADDR (4) 16 5d20h 67d 67d
panic: pool_do_get: pfstkey: page empty 1 70d 70d 70d
panic: softclock: invalid to_clock: -ADDR 13 1d13h 70d 70d
uvm_fault: rt_timer_timer 3 58d 70d 70d
protection_fault: sys_semop C 2 57d 71d 71d
panic: softclock: invalid to_clock: ADDR 51 3d18h 71d 71d
panic: missing alias (4) 1 71d 71d 71d
assert "ps->ps_uvncount == NUM" failed in kern_unveil.c (4) C 18 14h53m 76d 41d
assert "sc->sc_dev == NUM" failed in if_tun.c (5) 9 9h33m 77d 77d
panic: runtime error: index out of range [ADDR] with length NUM 10 3d17h 77d 77d
uvm_fault: db_read_bytes 23 11h23m 79d 79d
panic: vputonfreelist: lock count is not zero (3) 3 21d 81d 81d
uvm_fault: unveil_add_vnode 2 12d 81d 81d
assert "cifp != NULL" failed in route.c (3) 33 1d12h 84d 84d
uvm_fault: pool_gc_pages (2) 5 17d 84d 84d
assert "(bp->b_flags & B_BUSY) == NUM" failed in vfs_biomem.c 1 87d 87d 87d
protection_fault: icmp_mtudisc_timeout 3 38d 90d 90d
assert "ISSET(bp->b_flags, B_BC)" failed in vfs_bio.c 3 29d 101d 101d
uvm_fault: ffs2_balloc (3) 5 7d12h 111d 111d
protection_fault: softclock 2 77d 121d 121d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (23) 168 28d 125d 125d
go runtime error 36 9d23h 132d 132d
uvm_fault: pf_purge_expired_states 2 55d 132d 132d
assert "pg->wire_count == NUM" failed in vfs_biomem.c (3) 82 3h23m 132d 132d
uvm_fault: pmap_page_remove (5) 6 20h21m 152d 152d
uvm_fault: km_free (2) 7 3d09h 154d 154d
panic: Non dma-reachable buffer at curaddr ADDR(raw) (2) 3 42d 170d 170d
protection_fault: done_flush (2) C 51 22d 180d 32d
assert "dupe == NULL" failed in uvm_page.c (4) 65 28m 182d 182d
panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk (3) 13 9d19h 198d 198d
uvm_fault: softclock_process_kclock_timeout (2) 4 80d 198d 198d
uvm_fault: ktrops (2) C 7 63d 224d 224d
panic: ffs_update: bad link cnt (2) 16 6d13h 234d 234d
uvm_fault: db_enter (5) 20 5h29m 241d 241d
pool: free list modified: fdescpl (4) 13 70d 248d 248d
uvm_fault: schedclock syz 10 39d 250d 73d
kernel: page fault trap, code=NUM (3) C 46 23h09m 280d 37d
malloc: free list modified: free (4) C 14 29d 301d 301d
panic: trap type NUM, code=NUM, pc=NUM (3) 79 12h28m 331d 331d
witness: lock_object uninitialized: ADDR (3) C 330 7d06h 404d 263d
uvm_fault: hardclock (5) syz 4 281d 433d 433d
panic: ufsdirhash_lookup: bad offset in hash array (3) C 79 28d 444d 150d
kernel: protection fault trap, code=NUM (6) 42 39m 546d 546d
protection_fault: sys_msgrcv (2) C 31 4d19h 575d 331d
uvm_fault: memcpy (5) C 6 53d 579d 579d
assert "uvn->u_obj.uo_refs == NUM" failed in uvm_vnode.c (2) syz 2 583d 583d 583d
pool: free list modified: sockpl (3) 40 2d07h 599d 599d
protection_fault: pool_do_put (2) syz 34 23d 603d 280d
panic: vop_generic_badop (2) 80 1d21h 614d 614d
panic: pmap_unwire: invalid PDE syz 6 78d 637d 579d
no output from test machine (8) C 353247 now 646d 642d
uvm_fault: ffs_indirtrunc C 4 402d 690d 690d
witness: reversal: vmmaplk inode (3) C 435 4h41m 722d 673d
SYZFATAL: executor NUM failed NUM times: executor NUM: exit status NUM syz 170076 13m 745d 745d
panic: bad dir (3) C 28 14h10m 751d 579d
panic: uvm_fault_unwire_locked: address not in map (4) C 149 1d15h 767d 748d
uvm_fault: x86_ipi_db (8) 193 9h52m 811d 811d
uvm_fault: ufs_lookup C 45 18h55m 846d 198d
kernel: double fault trap, code=NUM (2) C 22 10d 846d 798d
panic: trap type NUM, code=NUM, pc=ADDR (2) 318 18h15m 853d 853d
protection_fault: ktrops C 246 7d11h 856d 836d
protection_fault: sblock syz 38 680d 860d 859d
assert "uvm_page_owner_locked_p(pg)" failed in uvm_page.c 522 now 864d 864d
uvm_fault: fifo_write (2) C 2773 34m 867d 552d
SYZFAIL: tun: read failed syz 35263 44d 885d 853d
corrupted report (6) 1078 1h09m 964d 964d
uvm_fault: memset C 40 38d 1006d 1006d
SYZFAIL: command failed syz 2451 59d 1173d 855d
suppressed report 277483 now 1173d 1162d
panic: ufs_rename: lost dir entry C 68 1d02h 1547d 785d
lost connection to test machine (2) 836012 7m 1963d never