================================================================== BUG: KCSAN: data-race in __inet6_lookup_established / inet_put_port write to 0xffff88812802260e of 2 bytes by task 4354 on cpu 0: __inet_put_port net/ipv4/inet_hashtables.c:190 [inline] inet_put_port+0x219/0x3e0 net/ipv4/inet_hashtables.c:209 tcp_set_state net/ipv4/tcp.c:2635 [inline] tcp_disconnect+0x188/0xde0 net/ipv4/tcp.c:2982 __tcp_close+0xb03/0xfa0 net/ipv4/tcp.c:2798 tcp_close+0x26/0x90 net/ipv4/tcp.c:2919 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:427 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:480 __sock_release net/socket.c:654 [inline] sock_release+0x44/0xe0 net/socket.c:682 rds_tcp_accept_one+0xd4/0x680 net/rds/tcp_listen.c:230 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:532 process_one_work+0x434/0x860 kernel/workqueue.c:2600 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751 kthread+0x1d7/0x210 kernel/kthread.c:389 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read to 0xffff88812802260c of 4 bytes by interrupt on cpu 1: inet6_match include/net/inet6_hashtables.h:115 [inline] __inet6_lookup_established+0x4b5/0x6c0 net/ipv6/inet6_hashtables.c:77 tcp_v6_early_demux+0x267/0x490 net/ipv6/tcp_ipv6.c:1856 ip6_rcv_finish_core net/ipv6/ip6_input.c:56 [inline] ip6_rcv_finish+0x2b3/0x2e0 net/ipv6/ip6_input.c:77 NF_HOOK include/linux/netfilter.h:303 [inline] ipv6_rcv+0x74/0x150 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core net/core/dev.c:5452 [inline] __netif_receive_skb+0x90/0x1b0 net/core/dev.c:5566 process_backlog+0x21f/0x380 net/core/dev.c:5894 __napi_poll+0x60/0x3b0 net/core/dev.c:6460 napi_poll net/core/dev.c:6527 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6660 __do_softirq+0xc1/0x265 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 local_bh_enable+0x1f/0x20 include/linux/bottom_half.h:33 rcu_read_unlock_bh include/linux/rcupdate.h:819 [inline] __dev_queue_xmit+0xabb/0x1d10 net/core/dev.c:4230 dev_queue_xmit include/linux/netdevice.h:3088 [inline] neigh_hh_output include/net/neighbour.h:528 [inline] neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x994/0xc50 net/ipv6/ip6_output.c:135 __ip6_finish_output net/ipv6/ip6_output.c:196 [inline] ip6_finish_output+0x3a0/0x4f0 net/ipv6/ip6_output.c:207 NF_HOOK_COND include/linux/netfilter.h:292 [inline] ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:228 dst_output include/net/dst.h:458 [inline] NF_HOOK include/linux/netfilter.h:303 [inline] ip6_xmit+0x8da/0xb70 net/ipv6/ip6_output.c:344 inet6_csk_xmit+0x1cf/0x210 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x1231/0x1710 net/ipv4/tcp_output.c:1401 tcp_transmit_skb net/ipv4/tcp_output.c:1419 [inline] tcp_write_xmit+0x112b/0x2ed0 net/ipv4/tcp_output.c:2735 __tcp_push_pending_frames net/ipv4/tcp_output.c:2919 [inline] tcp_send_fin+0x572/0x7b0 net/ipv4/tcp_output.c:3514 tcp_shutdown+0xa7/0xc0 net/ipv4/tcp.c:2703 mptcp_subflow_shutdown+0x142/0x310 net/mptcp/protocol.c:2772 mptcp_check_send_data_fin net/mptcp/protocol.c:2839 [inline] __mptcp_wr_shutdown net/mptcp/protocol.c:2855 [inline] __mptcp_close+0x5fe/0x660 net/mptcp/protocol.c:2941 mptcp_close+0x28/0xf0 net/mptcp/protocol.c:2997 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:427 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:480 __sock_release net/socket.c:654 [inline] sock_close+0x70/0x150 net/socket.c:1386 __fput+0x2fd/0x600 fs/file_table.c:384 ____fput+0x15/0x20 fs/file_table.c:412 task_work_run+0x135/0x1a0 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xd1/0xe0 kernel/entry/common.c:171 exit_to_user_mode_prepare+0x6c/0xb0 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:297 do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0x4001dcc8 -> 0x0000dcc8 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 941 Comm: syz-executor.2 Not tainted 6.5.0-rc7-syzkaller-00185-g28f20a19294d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 ==================================================================