syzbot

==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5677
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x275/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 decode_watchpoint kernel/kcsan/encoding.h:74 [inline]
 find_watchpoint kernel/kcsan/core.c:132 [inline]
 check_access kernel/kcsan/core.c:737 [inline]
 __tsan_read1+0x2d/0x180 kernel/kcsan/core.c:1022
 skb_ext_get_ptr net/core/skbuff.c:7031 [inline]
 skb_ext_add+0x23c/0x390 net/core/skbuff.c:7161
 vxcan_xmit+0xee/0x360 drivers/net/can/vxcan.c:73
 __netdev_start_xmit include/linux/netdevice.h:5343 [inline]
 netdev_start_xmit include/linux/netdevice.h:5352 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x12a/0x3a0 net/core/dev.c:3904
 __dev_queue_xmit+0xbd5/0x1ec0 net/core/dev.c:4870
 dev_queue_xmit include/linux/netdevice.h:3401 [inline]
 can_send+0x589/0x720 net/can/af_can.c:279
 can_can_gw_rcv+0x817/0x870 net/can/gw.c:569
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6209 [inline]
 __netif_receive_skb net/core/dev.c:6322 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6673
 __napi_poll+0x61/0x300 net/core/dev.c:7737
 napi_poll net/core/dev.c:7800 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7957
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3385
 worker_thread+0x58a/0x780 kernel/workqueue.c:3466
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5677
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x275/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __tsan_read4+0x12/0x190 kernel/kcsan/core.c:1024
 skb_is_nonlinear include/linux/skbuff.h:2528 [inline]
 skb_put net/core/skbuff.c:2624 [inline]
 skb_copy+0x17e/0x3f0 net/core/skbuff.c:2190
 can_can_gw_rcv+0x29d/0x870 net/can/gw.c:507
 deliver net/can/af_can.c:575 [inline]
 can_rcv_filter+0xc3/0x480 net/can/af_can.c:602
 can_receive+0x13e/0x190 net/can/af_can.c:674
 can_rcv+0x17d/0x1f0 net/can/af_can.c:699
 __netif_receive_skb_one_core net/core/dev.c:6209 [inline]
 __netif_receive_skb net/core/dev.c:6322 [inline]
 process_backlog+0x363/0x670 net/core/dev.c:6673
 __napi_poll+0x61/0x300 net/core/dev.c:7737
 napi_poll net/core/dev.c:7800 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7957
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x658/0x690 net/core/skbuff.c:697
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3385
 worker_thread+0x58a/0x780 kernel/workqueue.c:3466
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000007d1a5e0 -> 0x0000000007d1ccf0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 16423 Comm: kworker/u8:3 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================