syzbot

 sign-in | mailing list | source | docs
🐞 Open [1445]
Subsystems
🐞 Fixed [6920]
🐞 Invalid [18017]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (5)

Status: moderation: reported on 2025/12/15 04:17
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+a34b5a7b2a9e0fa0cf77@syzkaller.appspotmail.com
First crash: 62d, last: 7d05h
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv can 6 4 646d 690d 0/29 auto-obsoleted due to no activity on 2024/06/14 15:49
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (4) can 6 9 161d 254d 0/29 auto-obsoleted due to no activity on 2025/11/02 07:50
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (3) can 6 4 358d 343d 0/29 auto-obsoleted due to no activity on 2025/04/19 08:20
upstream KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv (2) can 6 1 468d 468d 0/29 auto-obsoleted due to no activity on 2024/12/30 16:15

Sample crash report:
vxcan1: j1939_xtp_rx_abort_one: 0xffff88811ad96000: 0x00000: (1) Already in one or more connection managed sessions and cannot support another.
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff888100153860 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff888100153860 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00612b3a -> 0x00612b3b

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3431 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff88810199a3d8 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 update_defense_level+0x59d/0x5d0 net/netfilter/ipvs/ip_vs_ctl.c:209
 defense_work_handler+0x1f/0x80 net/netfilter/ipvs/ip_vs_ctl.c:234
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff88810199a3d8 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:377 [inline]
 wg_packet_encrypt_worker+0x169/0xde0 drivers/net/wireguard/send.c:293
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00000000000108dd -> 0x00000000000108de

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: wg-crypt-wg2 wg_packet_encrypt_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 rxrpc_peer_keepalive_worker+0x2a5/0x820 net/rxrpc/peer_event.c:352
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x0000000000616332 -> 0x0000000000616333

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 44 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: krxrpcd rxrpc_peer_keepalive_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 lock_sock_nested+0x132/0x160 net/core/sock.c:3787
 lock_sock include/net/sock.h:1700 [inline]
 netlink_insert+0x5e/0x950 net/netlink/af_netlink.c:557
 netlink_autobind+0xa9/0x160 net/netlink/af_netlink.c:826
 netlink_bind+0x390/0x930 net/netlink/af_netlink.c:1031
 __sys_bind_socket net/socket.c:1874 [inline]
 __sys_bind+0x1d0/0x290 net/socket.c:1905
 __do_sys_bind net/socket.c:1910 [inline]
 __se_sys_bind net/socket.c:1908 [inline]
 __x64_sys_bind+0x3f/0x50 net/socket.c:1908
 x64_sys_call+0x2ceb/0x3000 arch/x86/include/generated/asm/syscalls_64.h:50
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_global_purge net/batman-adv/translation-table.c:2250 [inline]
 batadv_tt_purge+0x2cd/0x610 net/batman-adv/translation-table.c:3510
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 rescuer_thread+0x71b/0xa00 kernel/workqueue.c:3528
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x000000000066ba6b -> 0x000000000066ba6c

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1559 Comm: kworker/R-bat_e Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: bat_events batadv_tt_purge
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff888100153860 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff888100153860 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 xt_replace_table+0x26a/0x460 net/netfilter/x_tables.c:1429
 __do_replace+0xc9/0x580 net/ipv6/netfilter/ip6_tables.c:1081
 do_replace net/ipv6/netfilter/ip6_tables.c:1158 [inline]
 do_ip6t_set_ctl+0x77d/0x8f0 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x199/0x1b0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x11a/0x130 net/ipv6/ipv6_sockglue.c:978
 tcp_setsockopt+0x98/0xb0 net/ipv4/tcp.c:4164
 sock_common_setsockopt+0x69/0x80 net/core/sock.c:3973
 do_sock_setsockopt net/socket.c:2322 [inline]
 __sys_setsockopt+0x184/0x200 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2353 [inline]
 __se_sys_setsockopt net/socket.c:2350 [inline]
 __x64_sys_setsockopt+0x64/0x80 net/socket.c:2350
 x64_sys_call+0x21d5/0x3000 arch/x86/include/generated/asm/syscalls_64.h:55
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x006b5069 -> 0x006b506a

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3313 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 neigh_periodic_work+0x5e9/0x690 net/core/neighbour.c:1039
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00000000006c0832 -> 0x00000000006c0834

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3420 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: events_power_efficient neigh_periodic_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:377 [inline]
 wg_packet_decrypt_worker+0x69e/0x6e0 drivers/net/wireguard/receive.c:499
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff88810199a248 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb net/core/dev.c:6265 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6617
 __napi_poll+0x5f/0x310 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 addrconf_ifdown+0x3bb/0xf90 net/ipv6/addrconf.c:3907
 addrconf_notify+0x222/0x8f0 net/ipv6/addrconf.c:-1
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0x6f/0x1b0 kernel/notifier.c:453
 call_netdevice_notifiers_info net/core/dev.c:2243 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
 call_netdevice_notifiers net/core/dev.c:2295 [inline]
 netif_close_many+0x1df/0x2d0 net/core/dev.c:1798
 unregister_netdevice_many_notify+0x521/0x1710 net/core/dev.c:12366
 unregister_netdevice_many net/core/dev.c:12459 [inline]
 unregister_netdevice_queue+0x1cd/0x200 net/core/dev.c:12273
 unregister_netdevice include/linux/netdevice.h:3405 [inline]
 __tun_detach+0x82c/0xb30 drivers/net/tun.c:621
 tun_detach drivers/net/tun.c:637 [inline]
 tun_chr_close+0x5a/0x100 drivers/net/tun.c:3436
 __fput+0x29b/0x650 fs/file_table.c:468
 ____fput+0x1c/0x30 fs/file_table.c:496
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x466/0x1590 kernel/exit.c:971
 do_group_exit+0xfe/0x140 kernel/exit.c:1112
 get_signal+0xe4f/0xf60 kernel/signal.c:3034
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x1d3/0x2a0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000715494 -> 0x0000000000715495

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 12284 Comm: syz.0.3886 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/08 18:46 upstream e98f34af6116 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/26 13:03 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/21 19:55 upstream cf38b2340c0e 8fc37797 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/21 15:41 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2026/01/20 16:01 upstream 24d479d26b25 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
2025/12/15 04:16 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
* Struck through repros no longer work on HEAD.