syzbot

 sign-in | mailing list | source | docs
🐞 Open [1459]
Subsystems
🐞 Fixed [6862]
🐞 Invalid [17798]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in can_rcv_filter / can_rcv_filter (14)

Status: moderation: reported on 2025/12/15 00:20
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+f12639ce6abace0ad523@syzkaller.appspotmail.com
First crash: 31d, last: 1d11h
Similar bugs (13)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (13) can 6 4 91d 108d 0/29 auto-obsoleted due to no activity on 2025/12/11 20:38
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (11) can 6 5 321d 312d 0/29 auto-obsoleted due to no activity on 2025/04/25 09:54
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter can 6 3 2175d 2187d 0/29 auto-closed as invalid on 2020/04/11 00:08
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (12) can 6 7 189d 224d 0/29 auto-obsoleted due to no activity on 2025/09/04 19:07
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (2) can 6 1 1772d 1772d 0/29 auto-closed as invalid on 2021/04/14 07:16
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (9) can 6 9 599d 659d 0/29 auto-obsoleted due to no activity on 2024/06/30 06:15
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (8) can 6 9 925d 1042d 0/29 auto-obsoleted due to no activity on 2023/08/09 14:18
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (5) can 6 1 1348d 1348d 0/29 auto-closed as invalid on 2022/06/12 10:04
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (7) can 6 3 1117d 1148d 0/29 auto-obsoleted due to no activity on 2023/02/28 05:31
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (4) can 6 6 1384d 1450d 0/29 auto-closed as invalid on 2022/05/07 18:40
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (10) can 6 1 454d 454d 0/29 auto-obsoleted due to no activity on 2024/11/22 01:30
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (3) can 6 2 1492d 1493d 0/29 auto-closed as invalid on 2022/01/19 00:57
upstream KCSAN: data-race in can_rcv_filter / can_rcv_filter (6) can 6 7 1194d 1271d 0/29 auto-obsoleted due to no activity on 2022/11/13 19:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff8881009506a8 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881009506a8 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x0000000000000a4d -> 0x0000000000000a4e

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 17649 Comm: kworker/u8:22 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001537a0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:377 [inline]
 wg_packet_encrypt_worker+0x169/0xe10 drivers/net/wireguard/send.c:293
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881001537a0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x0000243d -> 0x0000243e

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 17649 Comm: kworker/u8:22 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter

read-write to 0xffff8881009506a8 of 8 bytes by interrupt on cpu 0:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32b/0x530 kernel/smpboot.c:160
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881009506a8 of 8 bytes by interrupt on cpu 1:
 deliver net/can/af_can.c:576 [inline]
 can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 lock_sock_nested+0x112/0x140 net/core/sock.c:3787
 lock_sock include/net/sock.h:1700 [inline]
 sockopt_lock_sock+0x42/0x50 net/core/sock.c:1152
 do_ipv6_setsockopt+0x699/0x2160 net/ipv6/ipv6_sockglue.c:549
 ipv6_setsockopt+0x59/0x130 net/ipv6/ipv6_sockglue.c:973
 tcp_setsockopt+0x98/0xb0 net/ipv4/tcp.c:4164
 sock_common_setsockopt+0x69/0x80 net/core/sock.c:3973
 do_sock_setsockopt net/socket.c:2322 [inline]
 __sys_setsockopt+0x184/0x200 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2353 [inline]
 __se_sys_setsockopt net/socket.c:2350 [inline]
 __x64_sys_setsockopt+0x64/0x80 net/socket.c:2350
 x64_sys_call+0x21d5/0x3000 arch/x86/include/generated/asm/syscalls_64.h:55
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000000871b0 -> 0x00000000000871b2

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 20622 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv

read-write to 0xffff8881001537a0 of 4 bytes by interrupt on cpu 0:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881001537a0 of 4 bytes by interrupt on cpu 1:
 can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
 can_receive+0x163/0x1c0 net/can/af_can.c:666
 can_rcv+0xed/0x190 net/can/af_can.c:690
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x0008c36e -> 0x0008c36f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/14 09:52 upstream c537e12daeec d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rcv_filter
2026/01/13 04:01 upstream b71e635feefc d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rcv_filter
2026/01/06 00:33 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rcv_filter
2026/01/06 00:32 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rcv_filter
2025/12/15 00:19 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rcv_filter
* Struck through repros no longer work on HEAD.