syzbot

 sign-in | mailing list | source | docs
🐞 Open [1507]
Subsystems
🐞 Fixed [6531]
🐞 Invalid [16650]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (4)

Status: moderation: reported on 2025/06/06 02:52
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+11f6b0979969b5e96a04@syzkaller.appspotmail.com
First crash: 83d, last: 25d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv can 6 4 474d 519d 0/29 auto-obsoleted due to no activity on 2024/06/14 15:49
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (3) can 6 4 186d 171d 0/29 auto-obsoleted due to no activity on 2025/04/19 08:20
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (2) can 6 1 296d 296d 0/29 auto-obsoleted due to no activity on 2024/12/30 16:15

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680
 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:285
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
 finish_task_switch+0xb6/0x2b0 kernel/sched/core.c:5225
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x6b9/0xb30 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x5f/0xd0 kernel/sched/core.c:7058
 do_nanosleep+0x96/0x330 kernel/time/hrtimer.c:2100
 hrtimer_nanosleep+0xdd/0x280 kernel/time/hrtimer.c:2147
 common_nsleep+0x62/0x80 kernel/time/posix-timers.c:1353
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1399 [inline]
 __se_sys_clock_nanosleep+0x217/0x250 kernel/time/posix-timers.c:1376
 __x64_sys_clock_nanosleep+0x55/0x70 kernel/time/posix-timers.c:1376
 x64_sys_call+0x272d/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000a27 -> 0x00000a28

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 release_sock+0x116/0x150 net/core/sock.c:3757
 tcp_recvmsg+0x138/0x490 net/ipv4/tcp.c:2906
 inet_recvmsg+0xb7/0x290 net/ipv4/af_inet.c:883
 sock_recvmsg_nosec net/socket.c:1065 [inline]
 sock_recvmsg+0xf6/0x170 net/socket.c:1087
 sock_read_iter+0x152/0x1a0 net/socket.c:1157
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x5cd/0x6f0 fs/read_write.c:572
 ksys_read+0xda/0x1a0 fs/read_write.c:715
 __do_sys_read fs/read_write.c:724 [inline]
 __se_sys_read fs/read_write.c:722 [inline]
 __x64_sys_read+0x40/0x50 fs/read_write.c:722
 x64_sys_call+0x27bc/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000000006b80 -> 0x0000000000006b81

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00053632 -> 0x00053633

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:910 [inline]
 __dev_queue_xmit+0x1200/0x2000 net/core/dev.c:4740
 dev_queue_xmit include/linux/netdevice.h:3358 [inline]
 alb_send_lp_vid+0x201/0x240 drivers/net/bonding/bond_alb.c:949
 alb_send_learning_packets drivers/net/bonding/bond_alb.c:1012 [inline]
 bond_alb_monitor+0x24c/0xa40 drivers/net/bonding/bond_alb.c:1563
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000000597ce -> 0x00000000000597cf

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 j1939_sk_queue_session net/can/j1939/socket.c:107 [inline]
 j1939_sk_send_loop net/can/j1939/socket.c:1161 [inline]
 j1939_sk_sendmsg+0x906/0xc00 net/can/j1939/socket.c:1279
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:729
 ____sys_sendmsg+0x345/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmmsg+0x178/0x300 net/socket.c:2757
 __do_sys_sendmmsg net/socket.c:2784 [inline]
 __se_sys_sendmmsg net/socket.c:2781 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2781
 x64_sys_call+0x1c4a/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x000aa76c -> 0x000aa76d

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 8660 Comm: syz.2.1885 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x32b/0x530 kernel/smpboot.c:160
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5979 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6092
 process_backlog+0x229/0x420 net/core/dev.c:6444
 __napi_poll+0x63/0x310 net/core/dev.c:7497
 napi_poll net/core/dev.c:7560 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7687
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
 _raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
 neigh_periodic_work+0x5e9/0x690 net/core/neighbour.c:1040
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0010038f -> 0x00100391

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_power_efficient neigh_periodic_work
==================================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/02 09:34 upstream 0905809b38bd 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/20 05:40 upstream bf61759db409 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/10 19:06 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/10 19:06 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/07 15:58 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/21 22:05 upstream 3f75bfff44be d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/10 13:21 upstream f09079bd04a9 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/06 02:52 upstream e271ed52b344 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
* Struck through repros no longer work on HEAD.