| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh net | 6 | 2 | 177d | 213d | 0/29 | auto-obsoleted due to no activity on 2025/11/08 20:30 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh net | 6 | 2 | 177d | 213d | 0/29 | auto-obsoleted due to no activity on 2025/11/08 20:30 |
netlink: 'syz.3.3618': attribute type 11 has an invalid length. ================================================================== BUG: KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh write to 0xffff888109f265b0 of 8 bytes by interrupt on cpu 1: tcp_mstamp_refresh+0x51/0x70 net/ipv4/tcp_output.c:62 tcp_rcv_established+0x6f/0x1230 net/ipv4/tcp_input.c:6269 tcp_v4_do_rcv+0x91d/0xa20 net/ipv4/tcp_ipv4.c:1931 tcp_v4_rcv+0x1bb3/0x1f60 net/ipv4/tcp_ipv4.c:2374 ip_protocol_deliver_rcu+0x397/0x780 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x1fc/0x2f0 net/ipv4/ip_input.c:239 NF_HOOK include/linux/netfilter.h:318 [inline] ip_local_deliver+0xe8/0x1c0 net/ipv4/ip_input.c:260 dst_input include/net/dst.h:474 [inline] ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453 NF_HOOK include/linux/netfilter.h:318 [inline] ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573 __netif_receive_skb_one_core net/core/dev.c:6079 [inline] __netif_receive_skb+0xff/0x270 net/core/dev.c:6192 process_backlog+0x229/0x420 net/core/dev.c:6544 __napi_poll+0x66/0x310 net/core/dev.c:7594 napi_poll net/core/dev.c:7657 [inline] net_rx_action+0x423/0x8c0 net/core/dev.c:7784 handle_softirqs+0xba/0x290 kernel/softirq.c:622 do_softirq+0x5d/0x90 kernel/softirq.c:523 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline] __dev_queue_xmit+0x1200/0x2000 net/core/dev.c:4790 dev_queue_xmit include/linux/netdevice.h:3365 [inline] neigh_hh_output include/net/neighbour.h:531 [inline] neigh_output include/net/neighbour.h:545 [inline] ip_finish_output2+0x77f/0x8b0 net/ipv4/ip_output.c:237 __ip_finish_output net/ipv4/ip_output.c:-1 [inline] ip_finish_output+0x114/0x2a0 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0xbd/0x190 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:464 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0xbbf/0xc00 net/ipv4/ip_output.c:534 ip_queue_xmit+0x39/0x50 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x17fd/0x1c10 net/ipv4/tcp_output.c:1628 tcp_transmit_skb net/ipv4/tcp_output.c:1646 [inline] tcp_write_xmit+0x129c/0x30f0 net/ipv4/tcp_output.c:2999 __tcp_push_pending_frames+0x6d/0x1b0 net/ipv4/tcp_output.c:3182 tcp_send_fin+0x5fe/0x770 net/ipv4/tcp_output.c:3800 __tcp_close+0x67d/0x1130 net/ipv4/tcp.c:3207 tcp_close+0x28/0xd0 net/ipv4/tcp.c:3298 inet_release+0xce/0xf0 net/ipv4/af_inet.c:437 inet6_release+0x3e/0x60 net/ipv6/af_inet6.c:487 __sock_release net/socket.c:662 [inline] sock_release+0x4b/0xe0 net/socket.c:690 rds_tcp_accept_one+0x4b7/0x5d0 net/rds/tcp_listen.c:214 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:529 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346 worker_thread+0x582/0x770 kernel/workqueue.c:3427 kthread+0x489/0x510 kernel/kthread.c:463 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read to 0xffff888109f265b0 of 8 bytes by task 14634 on cpu 0: mptcp_rcv_space_init+0x9a/0x130 net/mptcp/protocol.c:3393 __mptcp_sync_state+0x2fa/0x430 net/mptcp/subflow.c:466 mptcp_release_cb+0x5c0/0x670 net/mptcp/protocol.c:3504 release_sock+0x13e/0x150 net/core/sock.c:3738 mptcp_sendmsg+0xc4a/0xf50 net/mptcp/protocol.c:1941 inet_sendmsg+0xc5/0xd0 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x102/0x180 net/socket.c:742 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2630 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2684 __sys_sendmsg net/socket.c:2716 [inline] __do_sys_sendmsg net/socket.c:2721 [inline] __se_sys_sendmsg net/socket.c:2719 [inline] __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2719 x64_sys_call+0x191e/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x000000001329dee1 -> 0x000000001329e918 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 14634 Comm: syz.3.3618 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/11/13 21:09 | upstream | 2ccec5944606 | 07e030de | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh |