syzbot

 sign-in | mailing list | source | docs
🐞 Open [1431]
Subsystems
🐞 Fixed [6752]
🐞 Invalid [17383]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in wq_worker_tick / wq_worker_tick

Status: moderation: reported on 2023/12/07 10:03
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+1f9c6a9361cf67ffc0d9@syzkaller.appspotmail.com
First crash: 876d, last: 2h46m

Sample crash report:
==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff888100073ab8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1480
 sched_tick+0x11a/0x270 kernel/sched/core.c:5616
 update_process_times+0x15f/0x190 kernel/time/timer.c:2478
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x249/0x2d0 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 is_atomic kernel/kcsan/core.c:249 [inline]
 should_watch kernel/kcsan/core.c:277 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read2+0xe9/0x190 kernel/kcsan/core.c:1023
 skb_network_header include/linux/skbuff.h:3115 [inline]
 ip_hdr include/linux/ip.h:21 [inline]
 ipt_do_table+0x87/0xab0 net/ipv4/netfilter/ip_tables.c:243
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x178/0x1c0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6079 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6192
 process_backlog+0x229/0x420 net/core/dev.c:6544
 __napi_poll+0x66/0x310 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x423/0x8c0 net/core/dev.c:7784
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x5d/0x90 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 worker_thread+0x582/0x770 kernel/workqueue.c:3427
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888100073ab8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1480
 sched_tick+0x11a/0x270 kernel/sched/core.c:5616
 update_process_times+0x15f/0x190 kernel/time/timer.c:2478
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x249/0x2d0 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 should_watch kernel/kcsan/core.c:280 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read4+0x118/0x190 kernel/kcsan/core.c:1024
 skb_end_offset include/linux/skbuff.h:1729 [inline]
 skb_free_head+0x4c/0x150 net/core/skbuff.c:1060
 skb_release_data+0x33b/0x370 net/core/skbuff.c:1087
 skb_release_all net/core/skbuff.c:1152 [inline]
 __kfree_skb+0x44/0x150 net/core/skbuff.c:1166
 consume_skb+0x49/0x150 net/core/skbuff.c:1398
 nft_synproxy_eval_v4+0x249/0x290 net/netfilter/nft_synproxy.c:-1
 nft_synproxy_do_eval+0x1cf/0x270 net/netfilter/nft_synproxy.c:141
 nft_synproxy_eval+0x29/0x40 net/netfilter/nft_synproxy.c:247
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x178/0x1c0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6079 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6192
 process_backlog+0x229/0x420 net/core/dev.c:6544
 __napi_poll+0x66/0x310 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x423/0x8c0 net/core/dev.c:7784
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x5d/0x90 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 worker_thread+0x582/0x770 kernel/workqueue.c:3427
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000012aeb70 -> 0x00000000012b1280

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 4282 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================

Crashes (513):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/21 21:08 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/19 22:43 upstream 23cb64fb7625 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/17 09:21 upstream 6a23ae0a96a6 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/16 21:53 upstream 7254a2b52279 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/16 07:07 upstream f824272b6e3f f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/14 06:39 upstream 6da43bbeb691 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/13 20:51 upstream 2ccec5944606 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/12 18:47 upstream 24172e0d7990 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/12 11:53 upstream 24172e0d7990 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/06 04:32 upstream 1c353dc8d962 a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/05 08:38 upstream 17d85f33a83b a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/05 02:56 upstream 17d85f33a83b 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/04 07:01 upstream 8bb886cb8f3a 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/02 22:06 upstream 6146a0f1dfae 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/11/01 15:17 upstream ba36dd5ee6fd 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/31 09:37 upstream d127176862a9 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/30 04:53 upstream e53642b87a4f fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/27 18:17 upstream dcb6fa37fd7b fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/27 00:32 upstream dbfc6422a34d c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/26 12:15 upstream 72761a7e3122 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/26 00:10 upstream 566771afc7a8 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/24 12:05 upstream 6fab32bb6508 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/23 11:47 upstream 43e9ad0c55a3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/23 01:55 upstream dd72c8fcf6d3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/21 09:16 upstream 6548d364a3e8 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/21 00:13 upstream 211ddde0823f d422939c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/19 01:17 upstream 1c64efcb083c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/18 20:48 upstream f406055cb18c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/16 06:01 upstream 7ea30958b305 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/15 17:03 upstream 1f4a222b0e33 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/14 03:53 upstream 3a8660878839 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/09 22:45 upstream ec714e371f22 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/09 09:16 upstream cd5a0afbdf80 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/08 18:31 upstream 0d97f2067c16 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/07 18:54 upstream 971199ad2a0f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/06 07:07 upstream 7a405dbb0f03 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/10/03 06:58 upstream e406d57be7bd 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/30 15:57 upstream 30d4efb2f5a5 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/30 09:45 upstream 1896ce8eb6c6 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/29 00:37 upstream 8f9736633f8c 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/25 07:06 upstream 4ea5af085908 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/24 06:40 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/23 08:50 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2025/09/22 09:11 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/12/01 12:41 upstream e8f60209d6cf f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/11/28 23:33 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
* Struck through repros no longer work on HEAD.