From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C54AC39903E for ; Thu, 5 Mar 2026 11:59:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.71 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772711976; cv=none; b=GiR0+zOcSPRgMl/nUMye5rIWqqA/zpaJRgBSKNlZJemg1jxLl7IyPIZOgsXK6dQmA8b1t2BOEJ/kywNgl77kYm+pAPKiRSkGg7ySuGhB9GdkOrgT7sd28CLJH9wxbjx1AUVUxxGVUI6FD86hs2bprrt90DK5RJW/0O2vcpeXEbg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772711976; c=relaxed/simple; bh=d6iya0+CX0sihdTCb79lp3XbLdlDgDeY0yMYMLKcAXs=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=EIgu4HyaXqrQY5gcEdXfZVv9ApxWQ1xD1b/75rJysX2b1lbKuAh0m1HQATYt87JTQRE9katR7gOigZYqLWBGk5yv12aaLhLnO7SrjE4IPFdqoWoHyIDboLKskOs7ITZv343cYN4kOxPAGyViB/S3dDY7JJYQglyAcls8W7sAaC0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-679c51b2d6cso102895786eaf.2 for ; Thu, 05 Mar 2026 03:59:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772711974; x=1773316774; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=1nFvq2+V2x7J3mK6MTpBslU2KIn31x6q2F4F5zppXBQ=; b=qtDRiTBi+RlCd9SlVpF9W0RrWdNqEesZAzDpJ1miZsPM1TipPCIZC+smBGYY4Zotd0 b8RRZ0c3aAYGB40dOWZ4/TP3gA/PR/5An/RqoEor8zScNW19jyT2K+Pck+HpOUhrfEOj 20ZlTgJNSo+BeL9lbZiz36zOiMYOzPTLPR3GEAfe/X68dHv3QNrgaiolc1dI/POjJ3AN qZoysYdK+CBK3/gemXYeTMGVNGRj+SugL2Jun1w5kZrdEVVvCzojugO1qsaWuHk2NBrG mIGq8PKZWETCLkUlNkvEoMpmdqUyk0RsN+x1Otcak09uma4DE+17FsAjgsLqxLNqXdUM YpAg== X-Forwarded-Encrypted: i=1; AJvYcCXARLLfaNSoboGMt3Ac21QeJjnoz5EhkcSbVQayJAEQwDuyXC10UL3Gf5DJwmREZM9hG/nL8Nc=@vger.kernel.org X-Gm-Message-State: AOJu0YzRXPACujHRZPR0X12YwI6KlfkEMteQNT3h0LJaOadoG4KyO0Ys YhVLsG3e/+Oim9B7pn23GF7+yliiAvCdQPUo8XcE6IDAWNF+XDWdM0tJNZpEI2yd8N1RHun/Rq9 y068Py3NffdP3wnW2s3VSjJLlZAvE7uYzQy3awh6km027FpLR/odT0l8WHE8= Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:c8c:b0:67a:9918:5610 with SMTP id 006d021491bc7-67af72279c6mr3486778eaf.0.1772711973857; Thu, 05 Mar 2026 03:59:33 -0800 (PST) Date: Thu, 05 Mar 2026 03:59:33 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69a97025.a70a0220.2f119.0006.GAE@google.com> Subject: [syzbot] [sctp?] KCSAN: data-race in sctp_do_sm / sctp_wait_for_connect (4) From: syzbot To: davem@davemloft.net, edumazet@google.com, horms@kernel.org, kuba@kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, lucien.xin@gmail.com, marcelo.leitner@gmail.com, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Hello, syzbot found the following issue on: HEAD commit: 23b0f90ba871 Merge tag 'sysctl-7.00-rc1' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13427ee6580000 kernel config: https://syzkaller.appspot.com/x/.config?x=70c3ed59b49365c3 dashboard link: https://syzkaller.appspot.com/bug?extid=5a18a1130eb54693214f compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ae3bcc875a04/disk-23b0f90b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1a4dbd53da8f/vmlinux-23b0f90b.xz kernel image: https://storage.googleapis.com/syzbot-assets/3c3824777f5c/bzImage-23b0f90b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5a18a1130eb54693214f@syzkaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in sctp_do_sm / sctp_wait_for_connect write to 0xffff88815e3ad228 of 4 bytes by task 15371 on cpu 1: sctp_cmd_new_state net/sctp/sm_sideeffect.c:878 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1342 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1204 [inline] sctp_do_sm+0xa19/0x3330 net/sctp/sm_sideeffect.c:1175 sctp_primitive_SHUTDOWN+0x74/0x90 net/sctp/primitive.c:89 sctp_close+0x272/0x570 net/sctp/socket.c:1529 inet_release+0xcd/0xf0 net/ipv4/af_inet.c:437 __sock_release net/socket.c:662 [inline] sock_close+0x6b/0x150 net/socket.c:1455 __fput+0x29b/0x650 fs/file_table.c:469 ____fput+0x1c/0x30 fs/file_table.c:497 task_work_run+0x130/0x1a0 kernel/task_work.c:233 get_signal+0xe0e/0xf60 kernel/signal.c:2807 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x249/0x370 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88815e3ad228 of 4 bytes by task 15375 on cpu 0: sctp_wait_for_connect+0x173/0x390 net/sctp/socket.c:9381 sctp_sendmsg_to_asoc+0xf34/0xf50 net/sctp/socket.c:1884 sctp_sendmsg+0x13b9/0x1d60 net/sctp/socket.c:2030 inet_sendmsg+0xc5/0xd0 net/ipv4/af_inet.c:859 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x3f4/0x4d0 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __x64_sys_sendto+0x76/0x90 net/socket.c:2209 x64_sys_call+0x2d35/0x3020 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000001 -> 0x00000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 15375 Comm: syz.4.3516 Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup