syzbot

 sign-in | mailing list | source | docs
🐞 Open [1435]
Subsystems
🐞 Fixed [6894]
🐞 Invalid [17932]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh

Status: auto-obsoleted due to no activity on 2025/11/08 20:30
Subsystems: net
[Documentation on labels]
First crash: 177d, last: 140d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh (2) net 6 1 79d 34d 0/29 closed as invalid on 2026/01/09 12:02

Sample crash report:
==================================================================
BUG: KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh

write to 0xffff888109e165a8 of 8 bytes by interrupt on cpu 0:
 tcp_mstamp_refresh+0x51/0x70 net/ipv4/tcp_output.c:60
 tcp_rcv_established+0x6a/0xf50 net/ipv4/tcp_input.c:6044
 tcp_v4_do_rcv+0x672/0x740 net/ipv4/tcp_ipv4.c:1926
 tcp_v4_rcv+0x1bd5/0x1f70 net/ipv4/tcp_ipv4.c:2368
 ip_protocol_deliver_rcu+0x397/0x780 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x1fc/0x2f0 net/ipv4/ip_input.c:239
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_local_deliver+0xe8/0x1c0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:471 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:454
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:574
 __netif_receive_skb_one_core net/core/dev.c:5991 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6104
 process_backlog+0x229/0x420 net/core/dev.c:6456
 __napi_poll+0x66/0x310 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7696
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:910 [inline]
 __dev_queue_xmit+0x1200/0x2000 net/core/dev.c:4752
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 neigh_hh_output include/net/neighbour.h:531 [inline]
 neigh_output include/net/neighbour.h:545 [inline]
 ip_finish_output2+0x77f/0x8b0 net/ipv4/ip_output.c:235
 __ip_finish_output net/ipv4/ip_output.c:-1 [inline]
 ip_finish_output+0x114/0x2a0 net/ipv4/ip_output.c:323
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0xbd/0x190 net/ipv4/ip_output.c:436
 dst_output include/net/dst.h:461 [inline]
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 __ip_queue_xmit+0xb4b/0xb80 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x39/0x50 net/ipv4/ip_output.c:546
 __tcp_transmit_skb+0x1641/0x1a60 net/ipv4/tcp_output.c:1479
 tcp_transmit_skb net/ipv4/tcp_output.c:1497 [inline]
 tcp_write_xmit+0x1210/0x2fd0 net/ipv4/tcp_output.c:2833
 __tcp_push_pending_frames+0x6d/0x1b0 net/ipv4/tcp_output.c:3016
 tcp_send_fin+0x533/0x6b0 net/ipv4/tcp_output.c:3632
 __tcp_close+0x607/0x10b0 net/ipv4/tcp.c:3183
 tcp_close+0x28/0xd0 net/ipv4/tcp.c:3274
 inet_release+0xce/0xf0 net/ipv4/af_inet.c:435
 inet6_release+0x3e/0x60 net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:649 [inline]
 sock_release+0x48/0xe0 net/socket.c:677
 rds_tcp_accept_one+0x4b7/0x5d0 net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:529
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff888109e165a8 of 8 bytes by task 28646 on cpu 1:
 mptcp_rcv_space_init+0x9a/0x130 net/mptcp/protocol.c:3331
 __mptcp_sync_state+0x2fa/0x430 net/mptcp/subflow.c:466
 mptcp_release_cb+0x5c0/0x670 net/mptcp/protocol.c:3445
 release_sock+0x13e/0x150 net/core/sock.c:3729
 mptcp_sendmsg+0xc53/0xde0 net/mptcp/protocol.c:1861
 inet_sendmsg+0xc2/0xd0 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x102/0x180 net/socket.c:729
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2703
 x64_sys_call+0x191e/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x000000001ccd2d25 -> 0x000000001ccd2e4d

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 28646 Comm: syz.4.8160 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/13 20:29 upstream 5cd64d4f9268 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh
2025/08/08 05:52 upstream bec077162bd0 6a893178 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mptcp_rcv_space_init / tcp_mstamp_refresh
* Struck through repros no longer work on HEAD.