================================================================== BUG: KCSAN: data-race in __inet6_lookup_established / inet_put_port write to 0xffff8881430f354e of 2 bytes by task 2418 on cpu 1: __inet_put_port net/ipv4/inet_hashtables.c:118 [inline] inet_put_port+0x112/0x1b0 net/ipv4/inet_hashtables.c:126 tcp_set_state net/ipv4/tcp.c:2602 [inline] __tcp_close+0x5a6/0x11d0 net/ipv4/tcp.c:2762 tcp_close+0x24/0xa0 net/ipv4/tcp.c:2888 inet_release+0xc6/0xe0 net/ipv4/af_inet.c:427 inet6_release+0x3a/0x50 net/ipv6/af_inet6.c:479 __sock_release net/socket.c:649 [inline] sock_close+0x6c/0x150 net/socket.c:1314 __fput+0x295/0x520 fs/file_table.c:280 ____fput+0x11/0x20 fs/file_table.c:313 task_work_run+0x8e/0x110 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x160/0x190 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:300 do_syscall_64+0x50/0xd0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff8881430f354c of 4 bytes by interrupt on cpu 0: __inet6_lookup_established+0x40d/0x600 net/ipv6/inet6_hashtables.c:79 tcp_v6_early_demux+0x1ff/0x3f0 net/ipv6/tcp_ipv6.c:1869 ip6_rcv_finish_core net/ipv6/ip6_input.c:59 [inline] ip6_rcv_finish+0x247/0x260 net/ipv6/ip6_input.c:74 ip_sabotage_in+0x119/0x130 net/bridge/br_netfilter_hooks.c:873 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0x72/0x170 net/netfilter/core.c:619 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ipv6_rcv+0x11c/0x140 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5462 [inline] __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5576 netif_receive_skb_internal+0x37/0x150 net/core/dev.c:5662 netif_receive_skb+0x16/0x170 net/core/dev.c:5721 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] br_pass_frame_up+0x280/0x330 net/bridge/br_input.c:61 br_handle_frame_finish+0xafe/0xbe0 br_nf_hook_thresh+0x194/0x1d0 br_nf_pre_routing_finish_ipv6+0x4dc/0x500 NF_HOOK include/linux/netfilter.h:307 [inline] br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:236 br_nf_pre_routing+0x4d1/0xb30 net/bridge/br_netfilter_hooks.c:505 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_bridge_pre net/bridge/br_input.c:230 [inline] br_handle_frame+0x463/0xba0 net/bridge/br_input.c:370 __netif_receive_skb_core+0xa4b/0x1df0 net/core/dev.c:5356 __netif_receive_skb_one_core net/core/dev.c:5460 [inline] __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5576 process_backlog+0x23f/0x3e0 net/core/dev.c:6452 __napi_poll+0x65/0x3f0 net/core/dev.c:7020 napi_poll net/core/dev.c:7087 [inline] net_rx_action+0x29e/0x650 net/core/dev.c:7174 __do_softirq+0x158/0x2de kernel/softirq.c:558 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:920 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164 kthread+0x2c7/0x2e0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 value changed: 0xcc7e0140 -> 0x00000140 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 12 Comm: ksoftirqd/0 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ================================================================== sd 0:0:1:0: tag#7511 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s sd 0:0:1:0: tag#7511 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: tag#7511 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: tag#7511 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: tag#7511 CDB[20]: ba sd 0:0:1:0: tag#7516 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s sd 0:0:1:0: tag#7516 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: tag#7516 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: tag#7516 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: tag#7516 CDB[20]: ba sd 0:0:1:0: tag#7517 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s sd 0:0:1:0: tag#7517 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: tag#7517 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: tag#7517 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: tag#7517 CDB[20]: ba