ghsa-8v8f-6c96-795r
Vulnerability from github
Published
2025-09-16 18:31
Modified
2025-09-16 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

workqueue: fix data race with the pwq->stats[] increment

KCSAN has discovered a data race in kernel/workqueue.c:2598:

[ 1863.554079] ================================================================== [ 1863.554118] BUG: KCSAN: data-race in process_one_work / process_one_work

[ 1863.554142] write to 0xffff963d99d79998 of 8 bytes by task 5394 on cpu 27: [ 1863.554154] process_one_work (kernel/workqueue.c:2598) [ 1863.554166] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752) [ 1863.554177] kthread (kernel/kthread.c:389) [ 1863.554186] ret_from_fork (arch/x86/kernel/process.c:145) [ 1863.554197] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)

[ 1863.554213] read to 0xffff963d99d79998 of 8 bytes by task 5450 on cpu 12: [ 1863.554224] process_one_work (kernel/workqueue.c:2598) [ 1863.554235] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752) [ 1863.554247] kthread (kernel/kthread.c:389) [ 1863.554255] ret_from_fork (arch/x86/kernel/process.c:145) [ 1863.554266] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)

[ 1863.554280] value changed: 0x0000000000001766 -> 0x000000000000176a

[ 1863.554295] Reported by Kernel Concurrency Sanitizer on: [ 1863.554303] CPU: 12 PID: 5450 Comm: kworker/u64:1 Tainted: G L 6.5.0-rc6+ #44 [ 1863.554314] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023 [ 1863.554322] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] [ 1863.554941] ==================================================================

lockdep_invariant_state(true);

→ pwq->stats[PWQ_STAT_STARTED]++; trace_workqueue_execute_start(work); worker->current_func(work);

Moving pwq->stats[PWQ_STAT_STARTED]++; before the line

raw_spin_unlock_irq(&pool->lock);

resolves the data race without performance penalty.

KCSAN detected at least one additional data race:

[ 157.834751] ================================================================== [ 157.834770] BUG: KCSAN: data-race in process_one_work / process_one_work

[ 157.834793] write to 0xffff9934453f77a0 of 8 bytes by task 468 on cpu 29: [ 157.834804] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606) [ 157.834815] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752) [ 157.834826] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389) [ 157.834834] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145) [ 157.834845] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)

[ 157.834859] read to 0xffff9934453f77a0 of 8 bytes by task 214 on cpu 7: [ 157.834868] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606) [ 157.834879] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752) [ 157.834890] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389) [ 157.834897] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145) [ 157.834907] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)

[ 157.834920] value changed: 0x000000000000052a -> 0x0000000000000532

[ 157.834933] Reported by Kernel Concurrency Sanitizer on: [ 157.834941] CPU: 7 PID: 214 Comm: kworker/u64:2 Tainted: G L 6.5.0-rc7-kcsan-00169-g81eaf55a60fc #4 [ 157.834951] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023 [ 157.834958] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] [ 157.835567] ==================================================================

in code:

    trace_workqueue_execute_end(work, worker->current_func);

→ pwq->stats[PWQ_STAT_COM ---truncated---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53329"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T17:15:39Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: fix data race with the pwq-\u003estats[] increment\n\nKCSAN has discovered a data race in kernel/workqueue.c:2598:\n\n[ 1863.554079] ==================================================================\n[ 1863.554118] BUG: KCSAN: data-race in process_one_work / process_one_work\n\n[ 1863.554142] write to 0xffff963d99d79998 of 8 bytes by task 5394 on cpu 27:\n[ 1863.554154] process_one_work (kernel/workqueue.c:2598)\n[ 1863.554166] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752)\n[ 1863.554177] kthread (kernel/kthread.c:389)\n[ 1863.554186] ret_from_fork (arch/x86/kernel/process.c:145)\n[ 1863.554197] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)\n\n[ 1863.554213] read to 0xffff963d99d79998 of 8 bytes by task 5450 on cpu 12:\n[ 1863.554224] process_one_work (kernel/workqueue.c:2598)\n[ 1863.554235] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752)\n[ 1863.554247] kthread (kernel/kthread.c:389)\n[ 1863.554255] ret_from_fork (arch/x86/kernel/process.c:145)\n[ 1863.554266] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)\n\n[ 1863.554280] value changed: 0x0000000000001766 -\u003e 0x000000000000176a\n\n[ 1863.554295] Reported by Kernel Concurrency Sanitizer on:\n[ 1863.554303] CPU: 12 PID: 5450 Comm: kworker/u64:1 Tainted: G             L     6.5.0-rc6+ #44\n[ 1863.554314] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023\n[ 1863.554322] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n[ 1863.554941] ==================================================================\n\n    lockdep_invariant_state(true);\n\u2192   pwq-\u003estats[PWQ_STAT_STARTED]++;\n    trace_workqueue_execute_start(work);\n    worker-\u003ecurrent_func(work);\n\nMoving pwq-\u003estats[PWQ_STAT_STARTED]++; before the line\n\n    raw_spin_unlock_irq(\u0026pool-\u003elock);\n\nresolves the data race without performance penalty.\n\nKCSAN detected at least one additional data race:\n\n[  157.834751] ==================================================================\n[  157.834770] BUG: KCSAN: data-race in process_one_work / process_one_work\n\n[  157.834793] write to 0xffff9934453f77a0 of 8 bytes by task 468 on cpu 29:\n[  157.834804] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606)\n[  157.834815] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752)\n[  157.834826] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389)\n[  157.834834] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145)\n[  157.834845] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)\n\n[  157.834859] read to 0xffff9934453f77a0 of 8 bytes by task 214 on cpu 7:\n[  157.834868] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606)\n[  157.834879] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752)\n[  157.834890] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389)\n[  157.834897] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145)\n[  157.834907] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)\n\n[  157.834920] value changed: 0x000000000000052a -\u003e 0x0000000000000532\n\n[  157.834933] Reported by Kernel Concurrency Sanitizer on:\n[  157.834941] CPU: 7 PID: 214 Comm: kworker/u64:2 Tainted: G             L     6.5.0-rc7-kcsan-00169-g81eaf55a60fc #4\n[  157.834951] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023\n[  157.834958] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n[  157.835567] ==================================================================\n\nin code:\n\n        trace_workqueue_execute_end(work, worker-\u003ecurrent_func);\n\u2192       pwq-\u003estats[PWQ_STAT_COM\n---truncated---",
  "id": "GHSA-8v8f-6c96-795r",
  "modified": "2025-09-16T18:31:27Z",
  "published": "2025-09-16T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce55024f28589b0012fa2c6b5748ec5a180b7fbe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe48ba7daefe75bbbefa2426deddc05f2d530d2d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.