syzbot

 sign-in | mailing list | source | docs
🐞 Open [1465]
Subsystems
🐞 Fixed [6848]
🐞 Invalid [17767]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in wq_worker_tick / wq_worker_tick

Status: moderation: reported on 2023/12/07 10:03
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+1f9c6a9361cf67ffc0d9@syzkaller.appspotmail.com
First crash: 928d, last: 12h05m

Sample crash report:
==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 is_atomic kernel/kcsan/core.c:260 [inline]
 should_watch kernel/kcsan/core.c:277 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read1+0xf8/0x180 kernel/kcsan/core.c:1022
 __nf_ct_ext_exist include/net/netfilter/nf_conntrack_extend.h:47 [inline]
 nf_ct_ext_find include/net/netfilter/nf_conntrack_extend.h:61 [inline]
 nfct_nat include/net/netfilter/nf_nat.h:51 [inline]
 nf_nat_inet_fn+0x10d/0x690 net/netfilter/nf_nat_core.c:922
 nf_nat_ipv4_fn net/netfilter/nf_nat_proto.c:602 [inline]
 nf_nat_ipv4_pre_routing+0x124/0x210 net/netfilter/nf_nat_proto.c:612
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_rcv+0xfe/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 kcsan_setup_watchpoint+0x406/0x420 kernel/kcsan/core.c:705
 ipt_do_table+0x1d3/0xab0 net/ipv4/netfilter/ip_tables.c:263
 ipt_mangle_out net/ipv4/netfilter/iptable_mangle.c:53 [inline]
 iptable_mangle_hook+0xd6/0x260 net/ipv4/netfilter/iptable_mangle.c:79
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 __ip_local_out+0x2cb/0x2f0 net/ipv4/ip_output.c:120
 ip_local_out+0x2a/0xe0 net/ipv4/ip_output.c:129
 synproxy_send_tcp+0x2ae/0x2f0 net/netfilter/nf_synproxy_core.c:439
 synproxy_send_client_synack+0x57c/0x5d0 net/netfilter/nf_synproxy_core.c:484
 nft_synproxy_eval_v4+0x22a/0x280 net/netfilter/nft_synproxy.c:59
 nft_synproxy_do_eval+0x1cf/0x270 net/netfilter/nft_synproxy.c:141
 nft_synproxy_eval+0x29/0x40 net/netfilter/nft_synproxy.c:247
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x178/0x1c0 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00000000053aa750 -> 0x00000000053ace60

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 41 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================

Crashes (561):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/12 05:17 upstream 9c7ef209cd0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/11 09:08 upstream 97313d6113ab d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/10 13:11 upstream b6151c4e60e5 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/09 06:31 upstream 623fb9912f6a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/06 19:37 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/06 01:12 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/05 12:23 upstream 3609fa95fb0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/04 00:55 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/01 00:40 upstream 349bd28a86f2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/30 07:39 upstream 8640b74557fc d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/28 20:22 upstream c875a6c32467 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/28 12:31 upstream d26143bb38e2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/27 04:55 upstream 3f0e9c8cefa9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/23 03:12 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/22 18:02 upstream 9448598b22c5 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/21 10:17 upstream 9094662f6707 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/21 06:00 upstream d8ba32c5a460 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/15 13:53 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/14 00:47 upstream 9d9c1cfec01c d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/11 21:23 upstream d358e5254674 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/10 03:25 upstream cb015814f8b6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/07 23:29 upstream 37bb2e7217b0 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/07 07:16 upstream cc3ee4ba57b7 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/06 22:34 upstream 416f99c3b16f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/05 18:54 upstream 2061f18ad76e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/04 21:12 upstream 559e608c4655 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/03 04:25 upstream d61f1cc5db79 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/02 21:36 upstream 4a26e7032d7d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 23:17 upstream 1d18101a644e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 07:26 upstream 7d0a66e4bb90 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/12/01 01:12 upstream e69c7c175115 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/30 14:18 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/28 19:53 upstream e538109ac71d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/27 20:15 upstream 765e56e41a5a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/27 00:23 upstream 4941a17751c9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/26 19:09 upstream 30f09200cc4a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/26 11:05 upstream 30f09200cc4a 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/25 20:52 upstream 8a2bcda5e139 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/25 14:46 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/24 14:35 upstream ac3fd01e4c1e bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/23 09:36 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/22 23:47 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/21 21:08 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/12/01 12:41 upstream e8f60209d6cf f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/11/28 23:33 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
* Struck through repros no longer work on HEAD.