syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 1: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline] _raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366 sock_orphan include/net/sock.h:2088 [inline] pfkey_release+0x178/0x230 net/key/af_key.c:181 __sock_release net/socket.c:649 [inline] sock_close+0x68/0x150 net/socket.c:1439 __fput+0x29b/0x650 fs/file_table.c:468 ____fput+0x1c/0x30 fs/file_table.c:496 task_work_run+0x131/0x1a0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xe4/0x100 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x1d6/0x200 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 0: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline] sysvec_irq_work+0x6b/0x80 arch/x86/kernel/irq_work.c:17 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738 __wrmsrq arch/x86/include/asm/msr.h:80 [inline] native_write_msr arch/x86/include/asm/msr.h:137 [inline] wrmsrq arch/x86/include/asm/msr.h:199 [inline] native_apic_msr_write+0x3d/0x60 arch/x86/include/asm/apic.h:212 apic_write arch/x86/include/asm/apic.h:405 [inline] x2apic_send_IPI_self+0x10/0x20 arch/x86/kernel/apic/x2apic_phys.c:107 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline] arch_irq_work_raise+0x46/0x50 arch/x86/kernel/irq_work.c:31 irq_work_raise kernel/irq_work.c:84 [inline] __irq_work_queue_local+0x10f/0x2c0 kernel/irq_work.c:112 irq_work_queue+0x70/0x100 kernel/irq_work.c:124 bpf_send_signal_common+0x280/0x300 kernel/trace/bpf_trace.c:872 ____bpf_send_signal kernel/trace/bpf_trace.c:881 [inline] bpf_send_signal+0x1d/0x30 kernel/trace/bpf_trace.c:879 bpf_prog_631417f49dd64198+0x25/0x4c bpf_dispatcher_nop_func include/linux/bpf.h:1332 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline] bpf_trace_run2+0x107/0x1c0 kernel/trace/bpf_trace.c:2298 __traceiter_kfree+0x2e/0x50 include/trace/events/kmem.h:94 __do_trace_kfree include/trace/events/kmem.h:94 [inline] trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x27b/0x320 mm/slub.c:4881 ___sys_recvmsg+0x135/0x370 net/socket.c:2877 do_recvmmsg+0x1ef/0x540 net/socket.c:2971 __sys_recvmmsg net/socket.c:3045 [inline] __do_sys_recvmmsg net/socket.c:3068 [inline] __se_sys_recvmmsg net/socket.c:3061 [inline] __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3061 x64_sys_call+0x27a6/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x000000000004ddc8 -> 0x000000000004ddc9 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 19336 Comm: syz.0.4427 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ================================================================== ================================================================== BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 1: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline] nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319 worker_thread+0x582/0x770 kernel/workqueue.c:3400 kthread+0x486/0x510 kernel/kthread.c:463 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 0: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 kcsan_setup_watchpoint+0x415/0x430 kernel/kcsan/core.c:705 bpf_reset_run_ctx include/linux/bpf.h:2259 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2260 [inline] bpf_trace_run2+0x114/0x1c0 kernel/trace/bpf_trace.c:2298 __traceiter_kfree+0x2e/0x50 include/trace/events/kmem.h:94 __do_trace_kfree include/trace/events/kmem.h:94 [inline] trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x27b/0x320 mm/slub.c:4881 ___sys_recvmsg+0x135/0x370 net/socket.c:2877 do_recvmmsg+0x1ef/0x540 net/socket.c:2971 __sys_recvmmsg net/socket.c:3045 [inline] __do_sys_recvmmsg net/socket.c:3068 [inline] __se_sys_recvmmsg net/socket.c:3061 [inline] __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3061 x64_sys_call+0x27a6/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000000a41c7 -> 0x00000000000a41c8 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 19336 Comm: syz.0.4427 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ================================================================== ================================================================== BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv read-write to 0xffff88810a474020 of 4 bytes by interrupt on cpu 1: can_can_gw_rcv+0x807/0x820 net/can/gw.c:566 deliver net/can/af_can.c:575 [inline] can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:910 [inline] mod_peer_timer drivers/net/wireguard/timers.c:38 [inline] wg_timers_any_authenticated_packet_traversal+0xdd/0x100 drivers/net/wireguard/timers.c:218 wg_packet_create_data_done drivers/net/wireguard/send.c:247 [inline] wg_packet_tx_worker+0xeb/0x330 drivers/net/wireguard/send.c:276 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319 worker_thread+0x582/0x770 kernel/workqueue.c:3400 kthread+0x486/0x510 kernel/kthread.c:463 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read-write to 0xffff88810a474020 of 4 bytes by interrupt on cpu 0: can_can_gw_rcv+0x807/0x820 net/can/gw.c:566 deliver net/can/af_can.c:575 [inline] can_rcv_filter+0xc4/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 should_watch kernel/kcsan/core.c:280 [inline] check_access kernel/kcsan/core.c:752 [inline] __tsan_read_write8+0x14d/0x190 kernel/kcsan/core.c:1025 __import_iovec+0x321/0x540 lib/iov_iter.c:-1 import_iovec+0x61/0x80 lib/iov_iter.c:1523 copy_msghdr_from_user net/socket.c:2551 [inline] recvmsg_copy_msghdr net/socket.c:2800 [inline] ___sys_recvmsg+0x358/0x370 net/socket.c:2872 do_recvmmsg+0x1ef/0x540 net/socket.c:2971 __sys_recvmmsg net/socket.c:3045 [inline] __do_sys_recvmmsg net/socket.c:3068 [inline] __se_sys_recvmmsg net/socket.c:3061 [inline] __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3061 x64_sys_call+0x27a6/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x000aa2b1 -> 0x000aa2b2 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 19336 Comm: syz.0.4427 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ================================================================== ================================================================== BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 1: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline] nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319 worker_thread+0x582/0x770 kernel/workqueue.c:3400 kthread+0x486/0x510 kernel/kthread.c:463 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read-write to 0xffff8881014626a8 of 8 bytes by interrupt on cpu 0: deliver net/can/af_can.c:576 [inline] can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602 can_receive+0x163/0x1c0 net/can/af_can.c:666 canfd_rcv+0xed/0x190 net/can/af_can.c:705 __netif_receive_skb_one_core net/core/dev.c:5991 [inline] __netif_receive_skb+0x120/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x66/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319 worker_thread+0x582/0x770 kernel/workqueue.c:3400 kthread+0x486/0x510 kernel/kthread.c:463 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 value changed: 0x00000000000f523e -> 0x00000000000f523f Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 4415 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: bat_events batadv_nc_worker ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/09/29 00:32 | upstream | 8f9736633f8c | 001c9061 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in can_rcv_filter / can_rcv_filter |