[moderation] [can?] KCSAN: data-race in can_rcv_filter / can_rcv_filter (11)
2 views
Skip to first unread message
syzbot
Mar 9, 2025, 6:42:28 AM3/9/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1e15510b71c9 Merge tag 'net-6.14-rc5' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12f3f064580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e9dd6c7eeba2114e
dashboard link: https://syzkaller.appspot.com/bug?extid=ff47b1772b3d264839f1
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [linu...@vger.kernel.org linux-...@vger.kernel.org m...@pengutronix.de sock...@hartkopp.net]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e29e02b61dc2/disk-1e15510b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d062759f3619/vmlinux-1e15510b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/21d415531a75/bzImage-1e15510b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ff47b1...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
lock_sock_nested+0x10f/0x140 net/core/sock.c:3669
lock_sock include/net/sock.h:1624 [inline]
bcm_release+0x156/0x5d0 net/can/bcm.c:1575
__sock_release net/socket.c:647 [inline]
sock_close+0x68/0x150 net/socket.c:1398
__fput+0x2ac/0x640 fs/file_table.c:464
____fput+0x1c/0x30 fs/file_table.c:492
task_work_run+0x13a/0x1a0 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0xa8/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000036fe6c -> 0x000000000036fe6d
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 0:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:80 [inline]
fpu_clone+0x244/0x560 arch/x86/kernel/fpu/core.c:634
copy_thread+0x17d/0x390 arch/x86/kernel/process.c:215
copy_process+0xd9f/0x1f50 kernel/fork.c:2412
kernel_clone+0x167/0x5e0 kernel/fork.c:2815
__do_sys_clone3 kernel/fork.c:3119 [inline]
__se_sys_clone3+0x1c1/0x200 kernel/fork.c:3098
__x64_sys_clone3+0x31/0x40 kernel/fork.c:3098
x64_sys_call+0x2d56/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:436
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 1:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
lock_sock_nested+0x10f/0x140 net/core/sock.c:3669
lock_sock include/net/sock.h:1624 [inline]
tcp_sock_set_nodelay+0x1c/0xa0 net/ipv4/tcp.c:3572
rds_tcp_tune+0x3b/0x2d0 net/rds/tcp.c:497
rds_tcp_conn_path_connect+0x1a5/0x440 net/rds/tcp_connect.c:127
rds_connect_worker+0x12c/0x1b0 net/rds/threads.c:176
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x0000000000006c7b -> 0x0000000000006c7c
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7868 Comm: kworker/u8:60 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: krdsd rds_connect_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_encrypt_worker+0x180/0xb80 drivers/net/wireguard/send.c:293
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_encrypt_worker+0x180/0xb80 drivers/net/wireguard/send.c:293
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x00000000003aeec7 -> 0x00000000003aeec8
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 2963 Comm: kworker/1:2 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 0:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 1:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
_raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
neigh_periodic_work+0x605/0x6b0 net/core/neighbour.c:968
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000000fb8c -> 0x000000000000fb8d
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3372 Comm: kworker/1:3 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_power_efficient neigh_periodic_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239910 of 8 bytes by interrupt on cpu 0:
can_send+0x5a2/0x6d0 net/can/af_can.c:290
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_decrypt_worker+0x173/0x6f0 drivers/net/wireguard/receive.c:499
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888119239910 of 8 bytes by interrupt on cpu 1:
can_send+0x5a2/0x6d0 net/can/af_can.c:290
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x00000000003b692d -> 0x00000000003b692e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
read-write to 0xffff888116cc0020 of 4 bytes by interrupt on cpu 0:
can_can_gw_rcv+0x7cb/0x7e0 net/can/gw.c:564
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
inet_unhash+0x312/0x3e0
tcp_set_state+0x1b1/0x280 net/ipv4/tcp.c:2936
tcp_close_state net/ipv4/tcp.c:2982 [inline]
__tcp_close+0x943/0x10e0 net/ipv4/tcp.c:3113
tcp_close+0x26/0xd0 net/ipv4/tcp.c:3234
inet_release+0xce/0xf0 net/ipv4/af_inet.c:435
__sock_release net/socket.c:647 [inline]
sock_close+0x68/0x150 net/socket.c:1398
__fput+0x2ac/0x640 fs/file_table.c:464
____fput+0x1c/0x30 fs/file_table.c:492
task_work_run+0x13a/0x1a0 kernel/task_work.c:227
get_signal+0xe78/0x1000 kernel/signal.c:2809
arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x62/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888116cc0020 of 4 bytes by interrupt on cpu 1:
can_can_gw_rcv+0x7cb/0x7e0 net/can/gw.c:564
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x003b93f8 -> 0x003b93f9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7868 Comm: kworker/u8:60 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000043359e -> 0x000000000043359f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 1e15510b71c9 Merge tag 'net-6.14-rc5' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12f3f064580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e9dd6c7eeba2114e
dashboard link: https://syzkaller.appspot.com/bug?extid=ff47b1772b3d264839f1
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [linu...@vger.kernel.org linux-...@vger.kernel.org m...@pengutronix.de sock...@hartkopp.net]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e29e02b61dc2/disk-1e15510b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d062759f3619/vmlinux-1e15510b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/21d415531a75/bzImage-1e15510b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ff47b1...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
lock_sock_nested+0x10f/0x140 net/core/sock.c:3669
lock_sock include/net/sock.h:1624 [inline]
bcm_release+0x156/0x5d0 net/can/bcm.c:1575
__sock_release net/socket.c:647 [inline]
sock_close+0x68/0x150 net/socket.c:1398
__fput+0x2ac/0x640 fs/file_table.c:464
____fput+0x1c/0x30 fs/file_table.c:492
task_work_run+0x13a/0x1a0 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0xa8/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000036fe6c -> 0x000000000036fe6d
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 0:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:80 [inline]
fpu_clone+0x244/0x560 arch/x86/kernel/fpu/core.c:634
copy_thread+0x17d/0x390 arch/x86/kernel/process.c:215
copy_process+0xd9f/0x1f50 kernel/fork.c:2412
kernel_clone+0x167/0x5e0 kernel/fork.c:2815
__do_sys_clone3 kernel/fork.c:3119 [inline]
__se_sys_clone3+0x1c1/0x200 kernel/fork.c:3098
__x64_sys_clone3+0x31/0x40 kernel/fork.c:3098
x64_sys_call+0x2d56/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:436
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 1:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
lock_sock_nested+0x10f/0x140 net/core/sock.c:3669
lock_sock include/net/sock.h:1624 [inline]
tcp_sock_set_nodelay+0x1c/0xa0 net/ipv4/tcp.c:3572
rds_tcp_tune+0x3b/0x2d0 net/rds/tcp.c:497
rds_tcp_conn_path_connect+0x1a5/0x440 net/rds/tcp_connect.c:127
rds_connect_worker+0x12c/0x1b0 net/rds/threads.c:176
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x0000000000006c7b -> 0x0000000000006c7c
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7868 Comm: kworker/u8:60 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: krdsd rds_connect_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_encrypt_worker+0x180/0xb80 drivers/net/wireguard/send.c:293
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_encrypt_worker+0x180/0xb80 drivers/net/wireguard/send.c:293
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x00000000003aeec7 -> 0x00000000003aeec8
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 2963 Comm: kworker/1:2 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 0:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888119239970 of 8 bytes by interrupt on cpu 1:
can_send+0x5b6/0x6d0 net/can/af_can.c:291
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
_raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
neigh_periodic_work+0x605/0x6b0 net/core/neighbour.c:968
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000000fb8c -> 0x000000000000fb8d
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3372 Comm: kworker/1:3 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_power_efficient neigh_periodic_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_send / can_send
read-write to 0xffff888119239910 of 8 bytes by interrupt on cpu 0:
can_send+0x5a2/0x6d0 net/can/af_can.c:290
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_decrypt_worker+0x173/0x6f0 drivers/net/wireguard/receive.c:499
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888119239910 of 8 bytes by interrupt on cpu 1:
can_send+0x5a2/0x6d0 net/can/af_can.c:290
can_can_gw_rcv+0x77d/0x7e0 net/can/gw.c:561
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x00000000003b692d -> 0x00000000003b692e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
read-write to 0xffff888116cc0020 of 4 bytes by interrupt on cpu 0:
can_can_gw_rcv+0x7cb/0x7e0 net/can/gw.c:564
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
inet_unhash+0x312/0x3e0
tcp_set_state+0x1b1/0x280 net/ipv4/tcp.c:2936
tcp_close_state net/ipv4/tcp.c:2982 [inline]
__tcp_close+0x943/0x10e0 net/ipv4/tcp.c:3113
tcp_close+0x26/0xd0 net/ipv4/tcp.c:3234
inet_release+0xce/0xf0 net/ipv4/af_inet.c:435
__sock_release net/socket.c:647 [inline]
sock_close+0x68/0x150 net/socket.c:1398
__fput+0x2ac/0x640 fs/file_table.c:464
____fput+0x1c/0x30 fs/file_table.c:492
task_work_run+0x13a/0x1a0 kernel/task_work.c:227
get_signal+0xe78/0x1000 kernel/signal.c:2809
arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x62/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888116cc0020 of 4 bytes by interrupt on cpu 1:
can_can_gw_rcv+0x7cb/0x7e0 net/can/gw.c:564
deliver net/can/af_can.c:573 [inline]
can_rcv_filter+0xbf/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x003b93f8 -> 0x003b93f9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7868 Comm: kworker/u8:60 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
read-write to 0xffff888101ddc4c8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0xd1/0x4c0 net/can/af_can.c:600
can_receive+0x182/0x1f0 net/can/af_can.c:664
canfd_rcv+0xe7/0x180 net/can/af_can.c:703
__netif_receive_skb_one_core net/core/dev.c:5893 [inline]
__netif_receive_skb+0x123/0x280 net/core/dev.c:6006
process_backlog+0x22e/0x440 net/core/dev.c:6354
__napi_poll+0x63/0x3c0 net/core/dev.c:7188
napi_poll net/core/dev.c:7257 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7379
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:950
smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x000000000043359e -> 0x000000000043359f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 25, 2025, 5:54:18 AM4/25/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages