DiscordSign up
SKILLS.SH

debug-buttercup

Diagnose and resolve Buttercup CRS pod crashes, cascading failures, and service misbehavior on Kubernetes. Covers 20+ services across fuzzing, analysis, orchestration, and infrastructure layers; includes triage workflow, log analysis, resource pressure diagnosis, and Redis queue inspection Provides cascade-failure detection (e.g., Redis down triggering mass restarts), health-check file monitoring, and per-service failure patterns Supports OpenTelemetry/Signoz distributed tracing, volume and storage verification, and Helm configuration validation against actual pod state Includes automated diagnostic script and detailed queue inspection commands for Redis streams and consumer groups

INSTALLATION
npx skills add https://github.com/trailofbits/skills --skill debug-buttercup
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Debug Buttercup

When to Use

  • Pods in the crs namespace are in CrashLoopBackOff, OOMKilled, or restarting
  • Multiple services restart simultaneously (cascade failure)
  • Redis is unresponsive or showing AOF warnings
  • Queues are growing but tasks are not progressing
  • Nodes show DiskPressure, MemoryPressure, or PID pressure
  • Build-bot cannot reach the Docker daemon (DinD failures)
  • Scheduler is stuck and not advancing task state
  • Health check probes are failing unexpectedly
  • Deployed Helm values don't match actual pod configuration

When NOT to Use

  • Deploying or upgrading Buttercup (use Helm and deployment guides)
  • Debugging issues outside the crs Kubernetes namespace
  • Performance tuning that doesn't involve a failure symptom

Namespace and Services

All pods run in namespace crs. Key services:

Layer

Services

Infra

redis, dind, litellm, registry-cache

Orchestration

scheduler, task-server, task-downloader, scratch-cleaner

Fuzzing

build-bot, fuzzer-bot, coverage-bot, tracer-bot, merger-bot

Analysis

patcher, seed-gen, program-model, pov-reproducer

Interface

competition-api, ui

Triage Workflow

Always start with triage. Run these three commands first:

# 1. Pod status - look for restarts, CrashLoopBackOff, OOMKilled

kubectl get pods -n crs -o wide

# 2. Events - the timeline of what went wrong

kubectl get events -n crs --sort-by='.lastTimestamp'

# 3. Warnings only - filter the noise

kubectl get events -n crs --field-selector type=Warning --sort-by='.lastTimestamp'

Then narrow down:

# Why did a specific pod restart? Check Last State Reason (OOMKilled, Error, Completed)

kubectl describe pod -n crs <pod-name> | grep -A8 'Last State:'

# Check actual resource limits vs intended

kubectl get pod -n crs <pod-name> -o jsonpath='{.spec.containers[0].resources}'

# Crashed container's logs (--previous = the container that died)

kubectl logs -n crs <pod-name> --previous --tail=200

# Current logs

kubectl logs -n crs <pod-name> --tail=200

Historical vs Ongoing Issues

High restart counts don't necessarily mean an issue is ongoing -- restarts accumulate over a pod's lifetime. Always distinguish:

  • --tail shows the end of the log buffer, which may contain old messages. Use --since=300s to confirm issues are actively happening now.
  • --timestamps on log output helps correlate events across services.
  • Check Last State timestamps in describe pod to see when the most recent crash actually occurred.

Cascade Detection

When many pods restart around the same time, check for a shared-dependency failure before investigating individual pods. The most common cascade: Redis goes down -> every service gets ConnectionError/ConnectionRefusedError -> mass restarts. Look for the same error across multiple --previous logs -- if they all say redis.exceptions.ConnectionError, debug Redis, not the individual services.

Log Analysis

# All replicas of a service at once

kubectl logs -n crs -l app=fuzzer-bot --tail=100 --prefix

# Stream live

kubectl logs -n crs -l app.kubernetes.io/name=redis -f

# Collect all logs to disk (existing script)

bash deployment/collect-logs.sh

Resource Pressure

# Per-pod CPU/memory

kubectl top pods -n crs

# Node-level

kubectl top nodes

# Node conditions (disk pressure, memory pressure, PID pressure)

kubectl describe node <node> | grep -A5 Conditions

# Disk usage inside a pod

kubectl exec -n crs <pod> -- df -h

# What's eating disk

kubectl exec -n crs <pod> -- sh -c 'du -sh /corpus/* 2>/dev/null'

kubectl exec -n crs <pod> -- sh -c 'du -sh /scratch/* 2>/dev/null'

Redis Debugging

Redis is the backbone. When it goes down, everything cascades.

# Redis pod status

kubectl get pods -n crs -l app.kubernetes.io/name=redis

# Redis logs (AOF warnings, OOM, connection issues)

kubectl logs -n crs -l app.kubernetes.io/name=redis --tail=200

# Connect to Redis CLI

kubectl exec -n crs <redis-pod> -- redis-cli

# Inside redis-cli: key diagnostics

INFO memory          # used_memory_human, maxmemory

INFO persistence     # aof_enabled, aof_last_bgrewrite_status, aof_delayed_fsync

INFO clients         # connected_clients, blocked_clients

INFO stats           # total_connections_received, rejected_connections

CLIENT LIST          # see who's connected

DBSIZE               # total keys

# AOF configuration

CONFIG GET appendonly     # is AOF enabled?

CONFIG GET appendfsync   # fsync policy: everysec, always, or no

# What is /data mounted on? (disk vs tmpfs matters for AOF performance)
kubectl exec -n crs <redis-pod> -- mount | grep /data

kubectl exec -n crs <redis-pod> -- du -sh /data/

Queue Inspection

Buttercup uses Redis streams with consumer groups. Queue names:

Queue

Stream Key

Build

fuzzer_build_queue

Build Output

fuzzer_build_output_queue

Crash

fuzzer_crash_queue

Confirmed Vulns

confirmed_vulnerabilities_queue

Download Tasks

orchestrator_download_tasks_queue

Ready Tasks

tasks_ready_queue

Patches

patches_queue

Index

index_queue

Index Output

index_output_queue

Traced Vulns

traced_vulnerabilities_queue

POV Requests

pov_reproducer_requests_queue

POV Responses

pov_reproducer_responses_queue

Delete Task

orchestrator_delete_task_queue

# Check stream length (pending messages)

kubectl exec -n crs <redis-pod> -- redis-cli XLEN fuzzer_build_queue

# Check consumer group lag

kubectl exec -n crs <redis-pod> -- redis-cli XINFO GROUPS fuzzer_build_queue

# Check pending messages per consumer

kubectl exec -n crs <redis-pod> -- redis-cli XPENDING fuzzer_build_queue build_bot_consumers - + 10

# Task registry size

kubectl exec -n crs <redis-pod> -- redis-cli HLEN tasks_registry

# Task state counts

kubectl exec -n crs <redis-pod> -- redis-cli SCARD cancelled_tasks

kubectl exec -n crs <redis-pod> -- redis-cli SCARD succeeded_tasks

kubectl exec -n crs <redis-pod> -- redis-cli SCARD errored_tasks

Consumer groups: build_bot_consumers, orchestrator_group, patcher_group, index_group, tracer_bot_group.

Health Checks

Pods write timestamps to /tmp/health_check_alive. The liveness probe checks file freshness.

# Check health file freshness

kubectl exec -n crs <pod> -- stat /tmp/health_check_alive

kubectl exec -n crs <pod> -- cat /tmp/health_check_alive

If a pod is restart-looping, the health check file is likely going stale because the main process is blocked (e.g. waiting on Redis, stuck on I/O).

Telemetry (OpenTelemetry / Signoz)

All services export traces and metrics via OpenTelemetry. If Signoz is deployed (global.signoz.deployed: true), use its UI for distributed tracing across services.

# Check if OTEL is configured

kubectl exec -n crs <pod> -- env | grep OTEL

# Verify Signoz pods are running (if deployed)

kubectl get pods -n platform -l app.kubernetes.io/name=signoz

Traces are especially useful for diagnosing slow task processing, identifying which service in a pipeline is the bottleneck, and correlating events across the scheduler -> build-bot -> fuzzer-bot chain.

Volume and Storage

# PVC status

kubectl get pvc -n crs

# Check if corpus tmpfs is mounted, its size, and backing type

kubectl exec -n crs <pod> -- mount | grep corpus_tmpfs

kubectl exec -n crs <pod> -- df -h /corpus_tmpfs 2>/dev/null

# Check if CORPUS_TMPFS_PATH is set

kubectl exec -n crs <pod> -- env | grep CORPUS

# Full disk layout - what's on real disk vs tmpfs

kubectl exec -n crs <pod> -- df -h

CORPUS_TMPFS_PATH is set when global.volumes.corpusTmpfs.enabled: true. This affects fuzzer-bot, coverage-bot, seed-gen, and merger-bot.

Deployment Config Verification

When behavior doesn't match expectations, verify Helm values actually took effect:

# Check a pod's actual resource limits

kubectl get pod -n crs <pod-name> -o jsonpath='{.spec.containers[0].resources}'

# Check a pod's actual volume definitions

kubectl get pod -n crs <pod-name> -o jsonpath='{.spec.volumes}'

Helm values template typos (e.g. wrong key names) silently fall back to chart defaults. If deployed resources don't match the values template, check for key name mismatches.

Service-Specific Debugging

For detailed per-service symptoms, root causes, and fixes, see references/failure-patterns.md.

Quick reference:

  • DinD: kubectl logs -n crs -l app=dind --tail=100 -- look for docker daemon crashes, storage driver errors
  • Build-bot: check build queue depth, DinD connectivity, OOM during compilation
  • Fuzzer-bot: corpus disk usage, CPU throttling, crash queue backlog
  • Patcher: LiteLLM connectivity, LLM timeout, patch queue depth
  • Scheduler: the central brain -- kubectl logs -n crs -l app=scheduler --tail=-1 --prefix | grep "WAIT_PATCH_PASS\|ERROR\|SUBMIT"

Diagnostic Script

Run the automated triage snapshot:

bash {baseDir}/scripts/diagnose.sh

Pass --full to also dump recent logs from all pods:

bash {baseDir}/scripts/diagnose.sh --full

This collects pod status, events, resource usage, Redis health, and queue depths in one pass.

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card