syzbot

 sign-in | mailing list | source | docs
🐞 Open [1452]
Subsystems
🐞 Fixed [6885]
🐞 Invalid [17899]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in can_rcv_filter / can_rx_unregister (4)

Status: moderation: reported on 2026/01/22 13:31
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+ab65362e0b709912d594@syzkaller.appspotmail.com
First crash: 5d15h, last: 2d23h
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister can 6 1 1006d 1006d 0/29 auto-obsoleted due to no activity on 2023/06/01 19:55
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister (2) can 6 1 945d 945d 0/29 auto-obsoleted due to no activity on 2023/08/01 12:06
upstream KCSAN: data-race in can_rcv_filter / can_rx_unregister (3) can 6 1 615d 615d 0/29 auto-obsoleted due to no activity on 2024/06/27 05:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rx_unregister

read-write to 0xffff88810a31e020 of 4 bytes by task 16049 on cpu 0:
 can_rx_unregister+0x44b/0x540 net/can/af_can.c:556
 bcm_release+0x298/0x640 net/can/bcm.c:1633
 __sock_release net/socket.c:662 [inline]
 sock_close+0x6b/0x150 net/socket.c:1455
 __fput+0x29b/0x650 fs/file_table.c:468
 ____fput+0x1c/0x30 fs/file_table.c:496
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x466/0x1590 kernel/exit.c:971
 __do_sys_exit kernel/exit.c:1079 [inline]
 __se_sys_exit kernel/exit.c:1077 [inline]
 __x64_sys_exit+0x1f/0x20 kernel/exit.c:1077
 x64_sys_call+0x2fe7/0x3000 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810a31e020 of 4 bytes by interrupt on cpu 1:
 can_rcv_filter+0x40/0x4f0 net/can/af_can.c:586
 can_receive+0xfb/0x1c0 net/can/af_can.c:662
 canfd_rcv+0xed/0x190 net/can/af_can.c:705
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb+0x120/0x270 net/core/dev.c:6265
 process_backlog+0x228/0x420 net/core/dev.c:6617
 __napi_poll+0x5f/0x300 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x39/0xc0 kernel/softirq.c:723
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x34/0x80 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:704

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 16072 Comm: syz.5.3191 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/25 05:35 upstream 5dbeeb268b63 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rx_unregister
2026/01/22 13:30 upstream a66191c590b3 a16aed1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in can_rcv_filter / can_rx_unregister
* Struck through repros no longer work on HEAD.