==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff888100073ab8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1480
 sched_tick+0x11a/0x270 kernel/sched/core.c:5616
 update_process_times+0x15f/0x190 kernel/time/timer.c:2478
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x249/0x2d0 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 is_atomic kernel/kcsan/core.c:249 [inline]
 should_watch kernel/kcsan/core.c:277 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read2+0xe9/0x190 kernel/kcsan/core.c:1023
 skb_network_header include/linux/skbuff.h:3115 [inline]
 ip_hdr include/linux/ip.h:21 [inline]
 ipt_do_table+0x87/0xab0 net/ipv4/netfilter/ip_tables.c:243
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x178/0x1c0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6079 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6192
 process_backlog+0x229/0x420 net/core/dev.c:6544
 __napi_poll+0x66/0x310 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x423/0x8c0 net/core/dev.c:7784
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x5d/0x90 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 worker_thread+0x582/0x770 kernel/workqueue.c:3427
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff888100073ab8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1480
 sched_tick+0x11a/0x270 kernel/sched/core.c:5616
 update_process_times+0x15f/0x190 kernel/time/timer.c:2478
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x249/0x2d0 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 should_watch kernel/kcsan/core.c:280 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read4+0x118/0x190 kernel/kcsan/core.c:1024
 skb_end_offset include/linux/skbuff.h:1729 [inline]
 skb_free_head+0x4c/0x150 net/core/skbuff.c:1060
 skb_release_data+0x33b/0x370 net/core/skbuff.c:1087
 skb_release_all net/core/skbuff.c:1152 [inline]
 __kfree_skb+0x44/0x150 net/core/skbuff.c:1166
 consume_skb+0x49/0x150 net/core/skbuff.c:1398
 nft_synproxy_eval_v4+0x249/0x290 net/netfilter/nft_synproxy.c:-1
 nft_synproxy_do_eval+0x1cf/0x270 net/netfilter/nft_synproxy.c:141
 nft_synproxy_eval+0x29/0x40 net/netfilter/nft_synproxy.c:247
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x178/0x1c0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x194/0x1c0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x140 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6079 [inline]
 __netif_receive_skb+0xff/0x270 net/core/dev.c:6192
 process_backlog+0x229/0x420 net/core/dev.c:6544
 __napi_poll+0x66/0x310 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x423/0x8c0 net/core/dev.c:7784
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x5d/0x90 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 worker_thread+0x582/0x770 kernel/workqueue.c:3427
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000012aeb70 -> 0x00000000012b1280

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 4282 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================