syzbot

 sign-in | mailing list | source | docs
🐞 Open [114]
🐞 Fixed [288]
🐞 Invalid [881]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

assert "(LIST_NEXT(inp, inp_lhash) == NULL) || (LIST_NEXT(inp, inp_lhash) == _Q_INVALID)" failed in in_pcb.c

Status: upstream: reported on 2025/06/12 23:13
Reported-by: syzbot+f62974b57730ca5b1f0d@syzkaller.appspotmail.com
First crash: 33d, last: 33d

Sample crash report:
panic: kernel diagnostic assertion "(LIST_NEXT(inp, inp_lhash) == NULL) || (LIST_NEXT(inp, inp_lhash) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 671
Starting stack trace...
panic(ffffffff8342de09) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833de45c,ffffffff833c8dfd,29f,ffffffff8330f9c4) at __assert+0x29 sys/kern/subr_prf.c:-1
in_pcbunref(fffffd8079f9c3d8) at in_pcbunref+0x1d9 sys/netinet/in_pcb.c:672
tcp_input_solocked(ffff80002a74b190,ffff80002a74b19c,0,2,ffff80002a74b188) at tcp_input_solocked+0xfd sys/netinet/tcp_input.c:2229
tcp_input_mlist(ffffffff839cae60,2) at tcp_input_mlist+0x93 sys/netinet/tcp_input.c:-1
if_input_process(ffff800000b11800,ffff80002a74b268,0) at if_input_process+0x229 sys/net/if.c:1015
ifiq_process(ffff800000b11c18) at ifiq_process+0xcd sys/net/ifq.c:874
taskq_thread(ffff80000002c000) at taskq_thread+0xd4 sys/kern/kern_task.c:446
end trace frame: 0x0, count: 249
End of stack trace.

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/12 23:13 openbsd 97ee8abe534f 98683f8f .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "(LIST_NEXT(inp, inp_lhash) == NULL) || (LIST_NEXT(inp, inp_lhash) == _Q_INVALID)" failed in in_pcb.c
* Struck through repros no longer work on HEAD.