syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1339]
Subsystems
🐞 Fixed [7130]
🐞 Invalid [18874]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (5)

Status: moderation: reported on 2025/12/15 04:17
Subsystems: can
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+a34b5a7b2a9e0fa0cf77@syzkaller.appspotmail.com
First crash: 170d, last: 1d14h
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
c1d111e8-0d6a-4f4d-a8b7-80d5ab20283d assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (5) 2026/05/24 12:46 2026/05/24 12:46 2026/05/24 13:26 c69befb30ac10e158cc9d1557b508ee3f0eca1de
15b877cf-65aa-4ab6-aff6-801c328ece03 assessment-kcsan Benign: ✅ Confident: ✅ KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (5) 2026/01/15 13:04 2026/01/15 13:04 2026/01/15 13:08 a9d6a79219801d2130df3b1a792c57f0e5428e9f
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv can 6 4 754d 798d 0/29 auto-obsoleted due to no activity on 2024/06/14 15:49
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (4) can 6 9 269d 362d 0/29 auto-obsoleted due to no activity on 2025/11/02 07:50
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (3) can 6 4 466d 451d 0/29 auto-obsoleted due to no activity on 2025/04/19 08:20
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (2) can 6 1 576d 576d 0/29 auto-obsoleted due to no activity on 2024/12/30 16:15

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 release_sock+0x10c/0x180 net/core/sock.c:3825
 tcp_recvmsg+0x134/0x460 net/ipv4/tcp.c:2946
 inet_recvmsg+0x8d/0x210 net/ipv4/af_inet.c:896
 sock_recvmsg_nosec net/socket.c:1137 [inline]
 sock_recvmsg+0xda/0x120 net/socket.c:1159
 sock_read_iter+0x169/0x1b0 net/socket.c:1229
 new_sync_read fs/read_write.c:493 [inline]
 vfs_read+0x6c0/0x7f0 fs/read_write.c:574
 ksys_read+0xdc/0x1a0 fs/read_write.c:717
 __do_sys_read fs/read_write.c:726 [inline]
 __se_sys_read fs/read_write.c:724 [inline]
 __x64_sys_read+0x40/0x50 fs/read_write.c:724
 x64_sys_call+0x2886/0x3020 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x658/0x690 net/core/skbuff.c:697
 alloc_skb include/linux/skbuff.h:1385 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18a/0x640 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x000ce19d -> 0x000ce19e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13030 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x2b6/0x690 net/core/skbuff.c:697
 alloc_skb include/linux/skbuff.h:1385 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18a/0x640 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __tcp_close+0x10a4/0x1130 net/ipv4/tcp.c:3307
 tcp_close+0x28/0xd0 net/ipv4/tcp.c:3313
 inet_release+0xcd/0xf0 net/ipv4/af_inet.c:442
 __sock_release net/socket.c:722 [inline]
 sock_release+0x4b/0xe0 net/socket.c:750
 rds_tcp_conn_path_connect+0x5b8/0x5f0 net/rds/tcp_connect.c:220
 rds_connect_worker+0x12f/0x1b0 net/rds/threads.c:176
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00119178 -> 0x00119179

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 30 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: krds_cp_wq#7/0 rds_connect_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 release_sock+0x10c/0x180 net/core/sock.c:3825
 inet_stream_connect+0x57/0x70 net/ipv4/af_inet.c:756
 kernel_connect+0x9f/0xf0 net/socket.c:3740
 rds_tcp_conn_path_connect+0x50d/0x5f0 net/rds/tcp_connect.c:205
 rds_connect_worker+0x12f/0x1b0 net/rds/threads.c:176
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff88811b472f80 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x863/0x870 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x658/0x690 net/core/skbuff.c:697
 alloc_skb include/linux/skbuff.h:1385 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18a/0x640 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0016961b -> 0x0016961c

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 30 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/02 04:11 upstream 6f3ed7fec72f 1095583b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/06/01 15:22 upstream e43ffb69e043 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/29 05:08 upstream 8fde5d1d47f6 4624854e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/12 22:54 upstream c21b90f77687 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/08 02:16 upstream fcee7d82f27d 5633175a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/05 11:12 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/05 01:10 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/05 01:10 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/02 06:58 upstream 6fe0be6dc7fa 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/05/01 05:41 upstream 26fd6bff2c05 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/30 10:35 upstream e75a43c7cec4 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/30 10:34 upstream e75a43c7cec4 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/28 08:47 upstream 3b3bea6d4b9c ce741359 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/28 00:45 upstream 3b3bea6d4b9c ce741359 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/27 18:18 upstream 254f49634ee1 0f700595 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/24 14:32 upstream dd6c438c3e64 1c2b9291 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/21 21:43 upstream 4ee64205ffaa 0b6ab7ec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/21 16:27 upstream b4e07588e743 0b6ab7ec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/15 18:18 upstream 1f5ffc672165 c441f497 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/04/09 23:37 upstream 8b02520ec5f7 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/03/31 15:19 upstream d0c3bcd5b897 aeea1c72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/02/24 23:52 upstream 7dff99b35460 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/02/21 11:31 upstream d79526b89571 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/02/20 12:09 upstream 8bf22c33e7a1 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/02/19 20:10 upstream 2b7a25df823d c8d8c52d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/02/08 18:46 upstream e98f34af6116 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/26 13:03 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/21 19:55 upstream cf38b2340c0e 8fc37797 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/21 15:41 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/20 16:01 upstream 24d479d26b25 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/12/15 04:16 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
* Struck through repros no longer work on HEAD.