syzbot

 sign-in | mailing list | source | docs
🐞 Open [1420]
Subsystems
🐞 Fixed [6982]
🐞 Invalid [18202]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in can_rcv_filter / can_rx_unregister (4)

Status: moderation: reported on 2026/01/22 13:31
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+ab65362e0b709912d594@syzkaller.appspotmail.com
First crash: 49d, last: 47d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
3a9f4e89-a410-40c8-8944-a53a11e1dc25 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in can_rcv_filter / can_rx_unregister (4) 2026/02/25 03:14 2026/02/25 03:14 2026/02/25 03:25 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
5f1a3466-7ea6-4463-85bc-ef528a36c5f7 assessment-kcsan 💥 KCSAN: data-race in can_rcv_filter / can_rx_unregister (4) 2026/01/23 07:52 2026/01/23 07:52 2026/01/23 07:54 499a21815ec0ab13dbfc80e05fc32aadbc482145 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "16" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/usr/local/google/home/dvyukov/syzkaller/workdir/cache/build/08a402c00dcf920e418ce72eca15117888c80f58" "bzImage" "compile_commands.json"]: exit status 2
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister can 6 1 1050d 1050d 0/29 auto-obsoleted due to no activity on 2023/06/01 19:55
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister (2) can 6 1 989d 989d 0/29 auto-obsoleted due to no activity on 2023/08/01 12:06
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister (3) can 6 1 659d 659d 0/29 auto-obsoleted due to no activity on 2024/06/27 05:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rx_unregister

read-write to 0xffff88810a31e020 of 4 bytes by task 16049 on cpu 0:
 can_rx_unregister+0x44b/0x540 net/can/af_can.c:556
 bcm_release+0x298/0x640 net/can/bcm.c:1633
 __sock_release net/socket.c:662 [inline]
 sock_close+0x6b/0x150 net/socket.c:1455
 __fput+0x29b/0x650 fs/file_table.c:468
 ____fput+0x1c/0x30 fs/file_table.c:496
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x466/0x1590 kernel/exit.c:971
 __do_sys_exit kernel/exit.c:1079 [inline]
 __se_sys_exit kernel/exit.c:1077 [inline]
 __x64_sys_exit+0x1f/0x20 kernel/exit.c:1077
 x64_sys_call+0x2fe7/0x3000 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810a31e020 of 4 bytes by interrupt on cpu 1:
 can_rcv_filter+0x40/0x4f0 net/can/af_can.c:586
 can_receive+0xfb/0x1c0 net/can/af_can.c:662
 canfd_rcv+0xed/0x190 net/can/af_can.c:705
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6265
 process_backlog+0x228/0x420 net/core/dev.c:6617
 __napi_poll+0x5f/0x300 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x39/0xc0 kernel/softirq.c:723
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x34/0x80 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:704

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 16072 Comm: syz.5.3191 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/25 05:35 upstream 5dbeeb268b63 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rx_unregister
2026/01/22 13:30 upstream a66191c590b3 a16aed1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rx_unregister
* Struck through repros no longer work on HEAD.