[moderation] [can?] KCSAN: data-race in vxcan_xmit / vxcan_xmit
1 view
Skip to first unread message
syzbot
Jan 19, 2026, 5:17:26 AM (21 hours ago) Jan 19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 24d479d26b25 Linux 6.19-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e74b9a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=676c6f0212d0c041
dashboard link: https://syzkaller.appspot.com/bug?extid=3bc9daf7dfe55123c50f
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [linu...@vger.kernel.org linux-...@vger.kernel.org mai...@kernel.org m...@pengutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e47d2b960e97/disk-24d479d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/75c59e1fc76a/vmlinux-24d479d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e42579adf478/bzImage-24d479d2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3bc9da...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000012f5 -> 0x00000000000012f6
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
wg_index_hashtable_insert+0xab/0x2b0 drivers/net/wireguard/peerlookup.c:126
wg_noise_handshake_create_initiation+0x55b/0x610 drivers/net/wireguard/noise.c:569
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
mix_hash drivers/net/wireguard/noise.c:439 [inline]
message_encrypt drivers/net/wireguard/noise.c:470 [inline]
wg_noise_handshake_create_initiation+0x31c/0x610 drivers/net/wireguard/noise.c:555
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000284cd -> 0x00000000000284ce
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
read-write to 0xffff888146edf020 of 4 bytes by interrupt on cpu 0:
can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
kfree_skb_napi_cache net/core/skbuff.c:7218 [inline]
skb_attempt_defer_free+0x31d/0x450 net/core/skbuff.c:7240
tcp_eat_recv_skb net/ipv4/tcp.c:1583 [inline]
tcp_recvmsg_locked+0x1b48/0x20d0 net/ipv4/tcp.c:2888
tcp_recvmsg+0x12c/0x460 net/ipv4/tcp.c:2927
inet_recvmsg+0xb7/0x290 net/ipv4/af_inet.c:891
sock_recvmsg_nosec net/socket.c:1078 [inline]
sock_recvmsg+0xf6/0x160 net/socket.c:1100
sock_read_iter+0x169/0x1b0 net/socket.c:1170
new_sync_read fs/read_write.c:491 [inline]
vfs_read+0x6c0/0x7f0 fs/read_write.c:572
ksys_read+0xdc/0x1a0 fs/read_write.c:715
__do_sys_read fs/read_write.c:724 [inline]
__se_sys_read fs/read_write.c:722 [inline]
__x64_sys_read+0x40/0x50 fs/read_write.c:722
x64_sys_call+0x2889/0x3000 arch/x86/include/generated/asm/syscalls_64.h:1
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888146edf020 of 4 bytes by interrupt on cpu 1:
can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_update+0xa3/0x160 lib/crypto/blake2s.c:119
hmac+0x20c/0x400 drivers/net/wireguard/noise.c:324
kdf+0xa9/0x1e0 drivers/net/wireguard/noise.c:367
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_create_initiation+0x1b0/0x610 drivers/net/wireguard/noise.c:550
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00027b68 -> 0x00027b69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x3a1/0x400 drivers/net/wireguard/noise.c:333
kdf+0x7d/0x1e0 drivers/net/wireguard/noise.c:360
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_create_initiation+0x1b0/0x610 drivers/net/wireguard/noise.c:550
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x219/0x400 drivers/net/wireguard/noise.c:325
kdf+0xa9/0x1e0 drivers/net/wireguard/noise.c:367
mix_precomputed_dh drivers/net/wireguard/noise.c:426 [inline]
wg_noise_handshake_create_initiation+0x372/0x610 drivers/net/wireguard/noise.c:560
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002966d -> 0x000000000002966e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888100958298 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x3a1/0x400 drivers/net/wireguard/noise.c:333
kdf+0x7d/0x1e0 drivers/net/wireguard/noise.c:360
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_consume_initiation+0x176/0x800 drivers/net/wireguard/noise.c:608
wg_receive_handshake_packet drivers/net/wireguard/receive.c:144 [inline]
wg_packet_handshake_receive_worker+0x3a8/0x5d0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888100958298 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002bf2e -> 0x000000000002bf2f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x2d0/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002f581 -> 0x000000000002f582
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1663 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x0000000000052a38 -> 0x0000000000052a39
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x477/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000005671d -> 0x000000000005671e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 268 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x477/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000612c4 -> 0x00000000000612c5
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 935 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
vxcan1: j1939_xtp_rx_rts_session_active: 0xffff88811a005600: connection exists (00 02). last cmd: 10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 24d479d26b25 Linux 6.19-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e74b9a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=676c6f0212d0c041
dashboard link: https://syzkaller.appspot.com/bug?extid=3bc9daf7dfe55123c50f
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [linu...@vger.kernel.org linux-...@vger.kernel.org mai...@kernel.org m...@pengutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e47d2b960e97/disk-24d479d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/75c59e1fc76a/vmlinux-24d479d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e42579adf478/bzImage-24d479d2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3bc9da...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000012f5 -> 0x00000000000012f6
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
wg_index_hashtable_insert+0xab/0x2b0 drivers/net/wireguard/peerlookup.c:126
wg_noise_handshake_create_initiation+0x55b/0x610 drivers/net/wireguard/noise.c:569
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
mix_hash drivers/net/wireguard/noise.c:439 [inline]
message_encrypt drivers/net/wireguard/noise.c:470 [inline]
wg_noise_handshake_create_initiation+0x31c/0x610 drivers/net/wireguard/noise.c:555
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000284cd -> 0x00000000000284ce
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv
read-write to 0xffff888146edf020 of 4 bytes by interrupt on cpu 0:
can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
kfree_skb_napi_cache net/core/skbuff.c:7218 [inline]
skb_attempt_defer_free+0x31d/0x450 net/core/skbuff.c:7240
tcp_eat_recv_skb net/ipv4/tcp.c:1583 [inline]
tcp_recvmsg_locked+0x1b48/0x20d0 net/ipv4/tcp.c:2888
tcp_recvmsg+0x12c/0x460 net/ipv4/tcp.c:2927
inet_recvmsg+0xb7/0x290 net/ipv4/af_inet.c:891
sock_recvmsg_nosec net/socket.c:1078 [inline]
sock_recvmsg+0xf6/0x160 net/socket.c:1100
sock_read_iter+0x169/0x1b0 net/socket.c:1170
new_sync_read fs/read_write.c:491 [inline]
vfs_read+0x6c0/0x7f0 fs/read_write.c:572
ksys_read+0xdc/0x1a0 fs/read_write.c:715
__do_sys_read fs/read_write.c:724 [inline]
__se_sys_read fs/read_write.c:722 [inline]
__x64_sys_read+0x40/0x50 fs/read_write.c:722
x64_sys_call+0x2889/0x3000 arch/x86/include/generated/asm/syscalls_64.h:1
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read-write to 0xffff888146edf020 of 4 bytes by interrupt on cpu 1:
can_can_gw_rcv+0x807/0x820 net/can/gw.c:566
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_update+0xa3/0x160 lib/crypto/blake2s.c:119
hmac+0x20c/0x400 drivers/net/wireguard/noise.c:324
kdf+0xa9/0x1e0 drivers/net/wireguard/noise.c:367
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_create_initiation+0x1b0/0x610 drivers/net/wireguard/noise.c:550
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00027b68 -> 0x00027b69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x3a1/0x400 drivers/net/wireguard/noise.c:333
kdf+0x7d/0x1e0 drivers/net/wireguard/noise.c:360
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_create_initiation+0x1b0/0x610 drivers/net/wireguard/noise.c:550
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x219/0x400 drivers/net/wireguard/noise.c:325
kdf+0xa9/0x1e0 drivers/net/wireguard/noise.c:367
mix_precomputed_dh drivers/net/wireguard/noise.c:426 [inline]
wg_noise_handshake_create_initiation+0x372/0x610 drivers/net/wireguard/noise.c:560
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002966d -> 0x000000000002966e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff888100958298 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506
blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
blake2s_final+0x6a/0xa0 lib/crypto/blake2s.c:142
hmac+0x3a1/0x400 drivers/net/wireguard/noise.c:333
kdf+0x7d/0x1e0 drivers/net/wireguard/noise.c:360
mix_dh drivers/net/wireguard/noise.c:413 [inline]
wg_noise_handshake_consume_initiation+0x176/0x800 drivers/net/wireguard/noise.c:608
wg_receive_handshake_packet drivers/net/wireguard/receive.c:144 [inline]
wg_packet_handshake_receive_worker+0x3a8/0x5d0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888100958298 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0xd9/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002bf2e -> 0x000000000002bf2f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x2d0/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000002f581 -> 0x000000000002f582
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1663 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119988228 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x28b/0x340 drivers/net/can/vxcan.c:74
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x0000000000052a38 -> 0x0000000000052a39
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 0:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff8881009581f8 of 8 bytes by interrupt on cpu 1:
deliver net/can/af_can.c:576 [inline]
can_rcv_filter+0x242/0x4f0 net/can/af_can.c:609
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x477/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x000000000005671d -> 0x000000000005671e
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 268 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
==================================================================
BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 0:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x2b/0x610 net/batman-adv/translation-table.c:3509
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
read-write to 0xffff888119980220 of 8 bytes by interrupt on cpu 1:
vxcan_xmit+0x2c8/0x340 drivers/net/can/vxcan.c:77
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3866 [inline]
dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
__dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
can_send+0x589/0x720 net/can/af_can.c:279
can_can_gw_rcv+0x7bb/0x820 net/can/gw.c:563
deliver net/can/af_can.c:575 [inline]
can_rcv_filter+0xc7/0x4f0 net/can/af_can.c:602
can_receive+0x163/0x1c0 net/can/af_can.c:666
can_rcv+0xed/0x190 net/can/af_can.c:690
__netif_receive_skb_one_core net/core/dev.c:6152 [inline]
__netif_receive_skb+0x120/0x270 net/core/dev.c:6265
process_backlog+0x228/0x420 net/core/dev.c:6617
__napi_poll+0x5f/0x300 net/core/dev.c:7681
napi_poll net/core/dev.c:7744 [inline]
net_rx_action+0x452/0x930 net/core/dev.c:7896
handle_softirqs+0xb9/0x280 kernel/softirq.c:622
do_softirq+0x45/0x60 kernel/softirq.c:523
__local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x477/0x4b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
worker_thread+0x581/0x770 kernel/workqueue.c:3421
kthread+0x488/0x510 kernel/kthread.c:463
ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
value changed: 0x00000000000612c4 -> 0x00000000000612c5
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 935 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
vxcan1: j1939_xtp_rx_rts_session_active: 0xffff88811a005600: connection exists (00 02). last cmd: 10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages