syzbot

 sign-in | mailing list | source | docs
🐞 Open [1517]
Subsystems
🐞 Fixed [6464]
🐞 Invalid [16374]
Missing Backports [198]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (4)

Status: moderation: reported on 2025/06/06 02:52
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+11f6b0979969b5e96a04@syzkaller.appspotmail.com
First crash: 51d, last: 7d17h
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv can 6 4 443d 487d 0/29 auto-obsoleted due to no activity on 2024/06/14 15:49
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (3) can 6 4 155d 140d 0/29 auto-obsoleted due to no activity on 2025/04/19 08:20
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (2) can 6 1 265d 265d 0/29 auto-obsoleted due to no activity on 2024/12/30 16:15

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x328/0x530 kernel/smpboot.c:164
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x328/0x530 kernel/smpboot.c:164
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0002f6ff -> 0x0002f700

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3ff/0xae0 net/batman-adv/network-coding.c:722
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
 kernel_fpu_end+0x9d/0xd0 arch/x86/kernel/fpu/core.c:476
 blake2s_compress+0x5f/0xd0 arch/x86/lib/crypto/blake2s-glue.c:46
 blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:54
 hmac+0x208/0x270 drivers/net/wireguard/noise.c:333
 kdf+0x10b/0x1d0 drivers/net/wireguard/noise.c:375
 mix_dh drivers/net/wireguard/noise.c:413 [inline]
 wg_noise_handshake_create_initiation+0x222/0x5a0 drivers/net/wireguard/noise.c:550
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
 wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000000034c54 -> 0x0000000000034c55

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3697 Comm: kworker/u8:9 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 addrconf_ifdown+0x3c3/0xf30 net/ipv6/addrconf.c:3906
 addrconf_notify+0x222/0x930 net/ipv6/addrconf.c:-1
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0x6c/0x1b0 kernel/notifier.c:453
 call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0xd9d/0x1690 net/core/dev.c:12077
 unregister_netdevice_many net/core/dev.c:12140 [inline]
 unregister_netdevice_queue+0x1f5/0x220 net/core/dev.c:11984
 unregister_netdevice include/linux/netdevice.h:3379 [inline]
 nsim_destroy+0xf4/0x360 drivers/net/netdevsim/netdev.c:1069
 __nsim_dev_port_del+0xcf/0x110 drivers/net/netdevsim/dev.c:1428
 nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]
 nsim_dev_reload_destroy+0x1a3/0x2c0 drivers/net/netdevsim/dev.c:1661
 nsim_dev_reload_down+0x67/0x80 drivers/net/netdevsim/dev.c:968
 devlink_reload+0xaa/0x580 net/devlink/dev.c:461
 devlink_nl_reload_doit+0x503/0x8f0 net/devlink/dev.c:584
 genl_family_rcv_msg_doit+0x140/0x1b0 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x422/0x460 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x120/0x220 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5a5/0x680 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:727
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2566
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2620
 __sys_sendmsg net/socket.c:2652 [inline]
 __do_sys_sendmsg net/socket.c:2657 [inline]
 __se_sys_sendmsg net/socket.c:2655 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2655
 x64_sys_call+0x2999/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x000824a2 -> 0x000824a3

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x328/0x530 kernel/smpboot.c:164
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x000000000008ba71 -> 0x000000000008ba72

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: bat_events batadv_nc_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888102355158 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
 kernel_fpu_end+0x9d/0xd0 arch/x86/kernel/fpu/core.c:476
 blake2s_compress+0x5f/0xd0 arch/x86/lib/crypto/blake2s-glue.c:46
 blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:54
 hmac+0x208/0x270 drivers/net/wireguard/noise.c:333
 kdf+0x7d/0x1d0 drivers/net/wireguard/noise.c:360
 mix_dh drivers/net/wireguard/noise.c:413 [inline]
 wg_noise_handshake_create_initiation+0x222/0x5a0 drivers/net/wireguard/noise.c:550
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
 wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000000e3902 -> 0x00000000000e3903

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4627 Comm: kworker/u8:11 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
 _raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
 neigh_periodic_work+0x5ef/0x6a0 net/core/neighbour.c:966
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888100152b60 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 netif_addr_unlock_bh include/linux/netdevice.h:4815 [inline]
 __dev_mc_add net/core/dev_addr_lists.c:873 [inline]
 dev_mc_add+0x95/0xb0 net/core/dev_addr_lists.c:886
 igmp6_group_added+0xfc/0x320 net/ipv6/mcast.c:684
 __ipv6_dev_mc_inc+0x53e/0x760 net/ipv6/mcast.c:988
 ipv6_dev_mc_inc+0x1f/0x30 net/ipv6/mcast.c:997
 ipv6_add_dev+0x99c/0xb30 net/ipv6/addrconf.c:473
 addrconf_notify+0x4c8/0x930 net/ipv6/addrconf.c:3649
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0x6c/0x1b0 kernel/notifier.c:453
 call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 register_netdevice+0xd48/0xf00 net/core/dev.c:11143
 nsim_init_netdevsim drivers/net/netdevsim/netdev.c:965 [inline]
 nsim_create+0x5b7/0x780 drivers/net/netdevsim/netdev.c:1033
 __nsim_dev_port_add+0x477/0x640 drivers/net/netdevsim/dev.c:1393
 nsim_dev_port_add_all+0x31/0xc0 drivers/net/netdevsim/dev.c:1449
 nsim_dev_reload_create drivers/net/netdevsim/dev.c:1501 [inline]
 nsim_dev_reload_up+0x30c/0x480 drivers/net/netdevsim/dev.c:988
 devlink_reload+0x31b/0x580 net/devlink/dev.c:474
 devlink_nl_reload_doit+0x503/0x8f0 net/devlink/dev.c:584
 genl_family_rcv_msg_doit+0x140/0x1b0 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x422/0x460 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x120/0x220 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5a5/0x680 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:727
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2566
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2620
 __sys_sendmsg net/socket.c:2652 [inline]
 __do_sys_sendmsg net/socket.c:2657 [inline]
 __se_sys_sendmsg net/socket.c:2655 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2655
 x64_sys_call+0x2999/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00128898 -> 0x0012889a

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 12501 Comm: syz.5.2335 Tainted: G        W           6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/20 05:40 upstream bf61759db409 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/10 19:06 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/10 19:06 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/07/07 15:58 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/21 22:05 upstream 3f75bfff44be d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/10 13:21 upstream f09079bd04a9 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/06/06 02:52 upstream e271ed52b344 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
* Struck through repros no longer work on HEAD.