assert "!ISSET(inp->inp_flags, INP_IPV6)" failed in in_pcb.c
2 views
Skip to first unread message
syzbot
Jun 12, 2025, 6:13:37 PM6/12/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 97ee8abe534f Unbreak previous.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11d07682580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=2a13b27391f4027079c6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8299542ddda4/disk-97ee8abe.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/6e71d76af37b/bsd-97ee8abe.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d1f72584b382/kernel-97ee8abe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a13b2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!ISSET(inp->inp_flags, INP_IPV6)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 1115
Starting stack trace...
panic(ffffffff8342de09) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833de45c,ffffffff833c8dfd,45b,ffffffff833cd3f3) at __assert+0x29 sys/kern/subr_prf.c:-1
in_pcbhash_lookup(ffffffff839cdd98,5573470905f6a1ce,0,ffff80003b5411e0,1600,ffff80003b5411e8,260dfea015b649fa) at in_pcbhash_lookup+0x33e sys/netinet/in_pcb.c:1111
in_pcblookup_lock(ffffffff839cdd98,ffffff7f,1600,100007f,40bb,0,859b685137e5d5b) at in_pcblookup_lock+0x1b4 sys/netinet/in_pcb.c:1209
in_pcbconnect(fffffd806f8ca668,fffffd8061bd5200) at in_pcbconnect+0x323 sys/netinet/in_pcb.c:-1
tcp_connect(ffff800001528ab0,fffffd8061bd5200) at tcp_connect+0x3aa sys/netinet/tcp_usrreq.c:670
sys_connect(ffff80003c968a68,ffff80003b5414a0,ffff80003b5413f0) at sys_connect+0x344 sys/kern/uipc_syscalls.c:415
syscall(ffff80003b5414a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b5414a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdbedfa44ab0, count: 248
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 97ee8abe534f Unbreak previous.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11d07682580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=2a13b27391f4027079c6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8299542ddda4/disk-97ee8abe.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/6e71d76af37b/bsd-97ee8abe.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d1f72584b382/kernel-97ee8abe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a13b2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!ISSET(inp->inp_flags, INP_IPV6)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 1115
Starting stack trace...
panic(ffffffff8342de09) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833de45c,ffffffff833c8dfd,45b,ffffffff833cd3f3) at __assert+0x29 sys/kern/subr_prf.c:-1
in_pcbhash_lookup(ffffffff839cdd98,5573470905f6a1ce,0,ffff80003b5411e0,1600,ffff80003b5411e8,260dfea015b649fa) at in_pcbhash_lookup+0x33e sys/netinet/in_pcb.c:1111
in_pcblookup_lock(ffffffff839cdd98,ffffff7f,1600,100007f,40bb,0,859b685137e5d5b) at in_pcblookup_lock+0x1b4 sys/netinet/in_pcb.c:1209
in_pcbconnect(fffffd806f8ca668,fffffd8061bd5200) at in_pcbconnect+0x323 sys/netinet/in_pcb.c:-1
tcp_connect(ffff800001528ab0,fffffd8061bd5200) at tcp_connect+0x3aa sys/netinet/tcp_usrreq.c:670
sys_connect(ffff80003c968a68,ffff80003b5414a0,ffff80003b5413f0) at sys_connect+0x344 sys/kern/uipc_syscalls.c:415
syscall(ffff80003b5414a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b5414a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdbedfa44ab0, count: 248
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 10, 2025, 7:58:17 PM9/10/25
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages