syzbot

 sign-in | mailing list | source | docs
🐞 Open [1466]
Subsystems
🐞 Fixed [6853]
🐞 Invalid [17783]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in wq_worker_tick / wq_worker_tick

Status: moderation: reported on 2023/12/07 10:03
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+1f9c6a9361cf67ffc0d9@syzkaller.appspotmail.com
First crash: 929d, last: 14h29m

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 kcsan_setup_watchpoint+0x406/0x420 kernel/kcsan/core.c:705
 ip6t_do_table+0x75b/0xbd0 net/ipv6/netfilter/ip6_tables.c:321
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_nf_pre_routing_ipv6+0x269/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __tsan_read8+0x4/0x190 kernel/kcsan/core.c:1025
 xt_get_this_cpu_counter include/linux/netfilter/x_tables.h:426 [inline]
 ip6t_do_table+0x72e/0xbd0 net/ipv6/netfilter/ip6_tables.c:320
 ip6table_mangle_hook+0x163/0x340 net/ipv6/netfilter/ip6table_mangle.c:73
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_nf_post_routing+0x850/0x950 net/bridge/br_netfilter_hooks.c:966
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_forward_finish+0x116/0x160 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_ip+0x5c1/0x5e0 net/bridge/br_netfilter_hooks.c:716
 br_nf_forward+0x5a2/0xe90 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x24c/0x330 net/bridge/br_forward.c:115
 br_flood+0x30f/0x460 net/bridge/br_forward.c:-1
 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x4d1/0x570 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x000000000237eea0 -> 0x00000000023815b0

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1873 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)

Crashes (562):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/13 13:00 upstream b71e635feefc d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/12 05:17 upstream 9c7ef209cd0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/11 09:08 upstream 97313d6113ab d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/10 13:11 upstream b6151c4e60e5 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/09 06:31 upstream 623fb9912f6a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/06 19:37 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/06 01:12 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/05 12:23 upstream 3609fa95fb0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/04 00:55 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/01 00:40 upstream 349bd28a86f2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/30 07:39 upstream 8640b74557fc d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/28 20:22 upstream c875a6c32467 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/28 12:31 upstream d26143bb38e2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/27 04:55 upstream 3f0e9c8cefa9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/23 03:12 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/22 18:02 upstream 9448598b22c5 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/21 10:17 upstream 9094662f6707 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/21 06:00 upstream d8ba32c5a460 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/15 13:53 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/14 00:47 upstream 9d9c1cfec01c d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/11 21:23 upstream d358e5254674 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/10 03:25 upstream cb015814f8b6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/07 23:29 upstream 37bb2e7217b0 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/07 07:16 upstream cc3ee4ba57b7 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/06 22:34 upstream 416f99c3b16f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/05 18:54 upstream 2061f18ad76e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/04 21:12 upstream 559e608c4655 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/03 04:25 upstream d61f1cc5db79 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/02 21:36 upstream 4a26e7032d7d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 23:17 upstream 1d18101a644e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 07:26 upstream 7d0a66e4bb90 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 01:12 upstream e69c7c175115 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/30 14:18 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/28 19:53 upstream e538109ac71d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/27 20:15 upstream 765e56e41a5a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/27 00:23 upstream 4941a17751c9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/26 19:09 upstream 30f09200cc4a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/26 11:05 upstream 30f09200cc4a 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/25 20:52 upstream 8a2bcda5e139 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/25 14:46 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/24 14:35 upstream ac3fd01e4c1e bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/23 09:36 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/22 23:47 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/21 21:08 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/12/01 12:41 upstream e8f60209d6cf f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/11/28 23:33 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
* Struck through repros no longer work on HEAD.