syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18710]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in wq_worker_tick / wq_worker_tick

Status: moderation: reported on 2023/12/07 10:03
Subsystems: kernel
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+1f9c6a9361cf67ffc0d9@syzkaller.appspotmail.com
First crash: 1050d, last: 8h57m
✨ AI Jobs (4)
ID Workflow Result Correct Bug Created Started Finished Revision Error
828176b6-3c26-4dbf-af69-c741b2d6cdd3 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ✅ NetworkTrigger: ✅ PeripheralTrigger: ✅ RemoteTrigger: ✅ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ✅ VMHostTrigger: ✅ KCSAN: data-race in wq_worker_tick / wq_worker_tick 2026/05/13 05:10 2026/05/13 05:10 2026/05/13 06:07 a0949470b6a66f5eb685a5f70be7c66daf726d2b
6d2acab0-5f86-4452-a2aa-2986f682fbb0 repro KCSAN: data-race in wq_worker_tick / wq_worker_tick 2026/03/06 03:15 2026/03/06 03:15 2026/03/06 03:17 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
9f147d12-624d-4474-9665-abafc23ba67d assessment-kcsan Benign: ✅ Confident: ✅ KCSAN: data-race in wq_worker_tick / wq_worker_tick 2026/02/24 16:13 2026/02/24 16:13 2026/02/24 16:16 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
900af779-651d-4649-825d-fdd54228c6cf assessment-kcsan 💥 KCSAN: data-race in wq_worker_tick / wq_worker_tick 2026/01/09 14:24 2026/01/09 14:24 2026/01/09 14:26 9ee25c60da3366005e31dedd1574732f63338151 failed to load compile commands: open /usr/local/google/home/dvyukov/syzkaller/agent/workdir/cache/build/9dce9dd65e825296b412dc760805ab08dc7d0dbc/compile_commands.json: no such file or directory

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5678
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x275/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __find_rr_leaf+0x125/0x500 net/ipv6/route.c:845
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x1db/0x610 net/ipv6/route.c:2251
 ip6_pol_route+0xbf/0xeb0 net/ipv6/route.c:2287
 ip6_pol_route_input+0x42/0x60 net/ipv6/route.c:2344
 pol_lookup_func include/net/ip6_fib.h:667 [inline]
 fib6_rule_lookup+0x366/0x4c0 net/ipv6/fib6_rules.c:123
 ip6_route_input_lookup net/ipv6/route.c:2356 [inline]
 ip6_route_input+0x512/0x620 net/ipv6/route.c:2659
 ip6_rcv_finish_core net/ipv6/ip6_input.c:106 [inline]
 ip6_rcv_finish+0x1be/0x330 net/ipv6/ip6_input.c:117
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ipv6_rcv+0x72/0x170 net/ipv6/ip6_input.c:351
 __netif_receive_skb_one_core net/core/dev.c:6202 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x2a5/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
 nsim_dev_trap_report_work+0x53b/0x640 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5678
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x275/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:213
 skb_push+0x60/0x90 net/core/skbuff.c:2648
 nf_bridge_push_encap_header include/net/netfilter/br_netfilter.h:37 [inline]
 br_nf_pre_routing_finish+0x67a/0xbe0 net/bridge/br_netfilter_hooks.c:425
 rcu_read_unlock include/linux/rcupdate.h:871 [inline]
 nf_hook include/linux/netfilter.h:275 [inline]
 NF_HOOK+0x1ec/0x230 include/linux/netfilter.h:316
 br_nf_pre_routing+0xaea/0xbe0 net/bridge/br_netfilter_hooks.c:535
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x85f/0xa60 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6089
 __netif_receive_skb_one_core net/core/dev.c:6200 [inline]
 __netif_receive_skb net/core/dev.c:6315 [inline]
 process_backlog+0x25b/0x670 net/core/dev.c:6666
 __napi_poll+0x61/0x300 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7953
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
 nsim_dev_trap_report_work+0x53b/0x640 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3397
 worker_thread+0x58a/0x780 kernel/workqueue.c:3478
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000001960950 -> 0x0000000001963060

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7423 Comm: kworker/u8:17 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
net_ratelimit: 102355 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 115260 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (654):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/15 00:09 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/14 14:40 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/13 11:02 upstream 1d5dcaa3bd65 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/13 03:24 upstream c21b90f77687 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/09 21:58 upstream e92b2872d0b1 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/09 03:32 upstream 27a26ccfd528 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/08 18:04 upstream 917719c412c4 b2988c17 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/07 17:05 upstream 8ab992f815d6 cbf9e0fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/06 06:02 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/05 06:32 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/04 16:48 upstream 6d35786de281 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/04 03:04 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/05/02 23:23 upstream 66edb901bf87 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/30 00:49 upstream 57b8e2d666a3 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/29 12:47 upstream dca922e019dd 7ca9e4d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/29 01:28 upstream dca922e019dd 95008c03 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/28 13:09 upstream 3b3bea6d4b9c ce741359 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/27 17:40 upstream 254f49634ee1 0f700595 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/25 03:14 upstream 27d128c1cff6 9c2d0995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/24 17:55 upstream dd6c438c3e64 1c2b9291 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/24 00:58 upstream 45dcf5e28813 9cfb3ca7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/23 21:40 upstream 2e6803928193 4c3406dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/23 04:41 upstream 2a4c0c11c019 b10da5ec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/22 18:22 upstream 6596a02b2078 4595e353 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/22 00:59 upstream 4ee64205ffaa 0b6ab7ec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/20 10:20 upstream c1f49dea2b8f 303e2802 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/18 16:41 upstream 8541d8f725c6 303e2802 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/17 18:20 upstream 43cfbdda5af6 24ecfc1e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/17 12:27 upstream 3cd8b194bf34 de0a551d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/16 15:24 upstream 1d51b370a0f8 4743f87d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/16 08:17 upstream aec2f682d47c df15c5f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/15 23:01 upstream 1f5ffc672165 c441f497 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/12 10:54 upstream f5459048c38a 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/11 11:37 upstream e774d5f1bc27 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/09 13:25 upstream 7f87a5ea75f0 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/08 12:18 upstream 3036cd0d3328 2c961e87 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/06 07:35 upstream 591cd656a1bf 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/05 12:49 upstream 3aae9383f42f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/04 14:19 upstream 7ca6d1cfec80 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/03 18:01 upstream d8a9a4b11a13 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/04/01 18:14 upstream dbf00d8d23b4 9a1f7828 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/03/31 23:44 upstream dbf00d8d23b4 fb8b2c26 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/03/31 01:49 upstream d0c3bcd5b897 d0af506e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/03/30 20:11 upstream 7aaa8047eafd dcaebc52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/03/30 01:06 upstream a3d97d1d3fa6 b5ceaad2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/03/05 22:04 upstream c107785c7e8d d20b04c8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/02/24 08:01 upstream 7dff99b35460 41d2fa6a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2026/01/09 06:31 upstream 623fb9912f6a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/12/01 12:41 upstream e8f60209d6cf f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
2023/11/28 23:33 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wq_worker_tick / wq_worker_tick
* Struck through repros no longer work on HEAD.