syzbot

==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5798
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:296 [inline]
 tick_nohz_handler+0x227/0x380 kernel/time/tick-sched.c:317
 __run_hrtimer kernel/time/hrtimer.c:2032 [inline]
 __hrtimer_run_queues+0x1f8/0x510 kernel/time/hrtimer.c:2096
 hrtimer_interrupt+0x257/0x810 kernel/time/hrtimer.c:2215
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1051 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1068
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1062
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
 deref_stack_reg arch/x86/kernel/unwind_orc.c:419 [inline]
 unwind_next_frame+0xb03/0xd40 arch/x86/kernel/unwind_orc.c:-1
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x91/0xd0 kernel/stacktrace.c:122
 ref_tracker_free+0x94/0x3f0 lib/ref_tracker.c:306
 netdev_tracker_free include/linux/netdevice.h:4509 [inline]
 netdev_put include/linux/netdevice.h:4526 [inline]
 dst_destroy+0x9e/0x330 net/core/dst.c:115
 dst_destroy_rcu+0x19/0x20 net/core/dst.c:133
 rcu_do_batch kernel/rcu/tree.c:2645 [inline]
 rcu_core+0x429/0x9d0 kernel/rcu/tree.c:2897
 rcu_core_si+0xd/0x20 kernel/rcu/tree.c:2914
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:214
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
 nsim_dev_trap_report_work+0x521/0x630 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read-write to 0xffff8881000c5cd8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x64/0x240 kernel/workqueue.c:1508
 sched_tick+0xbc/0x1f0 kernel/sched/core.c:5798
 update_process_times+0x15e/0x190 kernel/time/timer.c:2480
 tick_sched_handle kernel/time/tick-sched.c:296 [inline]
 tick_nohz_handler+0x227/0x380 kernel/time/tick-sched.c:317
 __run_hrtimer kernel/time/hrtimer.c:2032 [inline]
 __hrtimer_run_queues+0x1f8/0x510 kernel/time/hrtimer.c:2096
 hrtimer_interrupt+0x257/0x810 kernel/time/hrtimer.c:2215
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1051 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1068
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1062
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
 preempt_count arch/x86/include/asm/preempt.h:27 [inline]
 get_ctx kernel/kcsan/core.c:206 [inline]
 kcsan_atomic_next+0xb/0x50 kernel/kcsan/core.c:896
 read_seqbegin include/linux/seqlock.h:838 [inline]
 neigh_hh_output include/net/neighbour.h:514 [inline]
 neigh_output include/net/neighbour.h:558 [inline]
 ip_finish_output2+0x580/0x8a0 net/ipv4/ip_output.c:236
 __ip_finish_output net/ipv4/ip_output.c:-1 [inline]
 ip_finish_output+0x112/0x290 net/ipv4/ip_output.c:324
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0xbd/0x1c0 net/ipv4/ip_output.c:437
 dst_output include/net/dst.h:471 [inline]
 ip_local_out+0xaa/0xd0 net/ipv4/ip_output.c:131
 synproxy_send_tcp+0x293/0x2e0 net/netfilter/nf_synproxy_core.c:442
 synproxy_send_client_synack+0x55e/0x5b0 net/netfilter/nf_synproxy_core.c:487
 nft_synproxy_eval_v4+0x247/0x2a0 net/netfilter/nft_synproxy.c:60
 nft_synproxy_do_eval+0x1cf/0x270 net/netfilter/nft_synproxy.c:142
 nft_synproxy_eval+0x29/0x40 net/netfilter/nft_synproxy.c:248
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1ff/0xde0 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x2f0/0x320 net/netfilter/nft_chain_filter.c:162
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:619
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x199/0x1e0 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:481 [inline]
 ip_rcv_finish+0x188/0x1a0 net/ipv4/ip_input.c:492
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ip_rcv+0x62/0x160 net/ipv4/ip_input.c:612
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x333/0x680 net/core/dev.c:6670
 __napi_poll+0x61/0x300 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x456/0x930 net/core/dev.c:7949
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x6b1/0x6f0 net/core/skbuff.c:699
 alloc_skb include/linux/skbuff.h:1386 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x18b/0x630 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000005731c70 -> 0x0000000005734380

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4882 Comm: kworker/u8:13 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================