syzbot

==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff88811e12ef80 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x812/0x820 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x354/0x680 net/core/dev.c:6670
 __napi_poll+0x61/0x300 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x456/0x930 net/core/dev.c:7949
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 rt6_uncached_list_add net/ipv6/route.c:146 [inline]
 icmp6_dst_alloc+0x2d8/0x340 net/ipv6/route.c:3364
 mld_sendpack+0x337/0x7c0 net/ipv6/mcast.c:1842
 mld_send_cr net/ipv6/mcast.c:2154 [inline]
 mld_ifc_work+0x55a/0x840 net/ipv6/mcast.c:2694
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff88811e12ef80 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x812/0x820 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x354/0x680 net/core/dev.c:6670
 __napi_poll+0x61/0x300 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x456/0x930 net/core/dev.c:7949
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x42/0xd0 kernel/softirq.c:735
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1062
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
 _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198
 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
 __skb_try_recv_datagram+0xd0/0x2b0 net/core/datagram.c:267
 __unix_dgram_recvmsg+0x257/0x860 net/unix/af_unix.c:2582
 unix_dgram_recvmsg+0x7e/0x90 net/unix/af_unix.c:2681
 sock_recvmsg_nosec+0xc2/0xf0 net/socket.c:1126
 ____sys_recvmsg+0x26f/0x280 net/socket.c:2902
 ___sys_recvmsg+0x11f/0x3a0 net/socket.c:2946
 do_recvmmsg+0x1e5/0x560 net/socket.c:3041
 __sys_recvmmsg net/socket.c:3115 [inline]
 __do_sys_recvmmsg net/socket.c:3138 [inline]
 __se_sys_recvmmsg net/socket.c:3131 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3131
 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00008ab8 -> 0x00008ab9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6824 Comm: syz.2.1031 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff88811e12ef80 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x812/0x820 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x354/0x680 net/core/dev.c:6670
 __napi_poll+0x61/0x300 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x456/0x930 net/core/dev.c:7949
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x6b1/0x6f0 net/core/skbuff.c:699
 alloc_skb include/linux/skbuff.h:1386 [inline]
 mld_newpack+0xa7/0x510 net/ipv6/mcast.c:1773
 add_grhead net/ipv6/mcast.c:1884 [inline]
 add_grec+0xa39/0xc00 net/ipv6/mcast.c:2023
 mld_send_cr net/ipv6/mcast.c:2148 [inline]
 mld_ifc_work+0x503/0x840 net/ipv6/mcast.c:2694
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff88811e12ef80 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x812/0x820 net/can/gw.c:572
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x354/0x680 net/core/dev.c:6670
 __napi_poll+0x61/0x300 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x456/0x930 net/core/dev.c:7949
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x6b1/0x6f0 net/core/skbuff.c:699
 alloc_skb include/linux/skbuff.h:1386 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18b/0x630 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x000d5add -> 0x000d5ade

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================