syzbot

 sign-in | mailing list | source | docs
🐞 Open [1457]
Subsystems
🐞 Fixed [6865]
🐞 Invalid [17817]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (6)

Status: moderation: reported on 2026/01/18 01:30
Subsystems: rtc
[Documentation on labels]
Reported-by: syzbot+2d4127acca35ed7b31ad@syzkaller.appspotmail.com
First crash: 11h40m, last: 11h40m
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (2) rtc 6 1 1467d 1467d 0/29 auto-closed as invalid on 2022/02/16 06:16
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (5) rtc 6 45 61d 411d 0/29 auto-obsoleted due to no activity on 2026/01/13 07:07
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (4) rtc 6 1 562d 562d 0/29 auto-obsoleted due to no activity on 2024/08/09 01:42
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq rtc 6 1 1590d 1590d 0/29 auto-closed as invalid on 2021/10/16 01:04
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (3) rtc 6 1 630d 630d 0/29 auto-obsoleted due to no activity on 2024/06/01 19:35

Sample crash report:
==================================================================
BUG: KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq

read-write to 0xffff88810365fb88 of 8 bytes by interrupt on cpu 1:
 rtc_handle_legacy_irq drivers/rtc/interface.c:651 [inline]
 rtc_pie_update_irq+0x7b/0xd0 drivers/rtc/interface.c:699
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x590 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irq+0x2f/0x50 kernel/locking/spinlock.c:202
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0xc18/0xf60 kernel/signal.c:3037
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x1d3/0x2a0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810365fb88 of 8 bytes by task 3598 on cpu 0:
 rtc_dev_poll+0x78/0xb0 drivers/rtc/dev.c:198
 vfs_poll include/linux/poll.h:82 [inline]
 __io_arm_poll_handler+0x1ee/0xb60 io_uring/poll.c:581
 io_arm_apoll+0x2eb/0x410 io_uring/poll.c:689
 io_arm_poll_handler+0x131/0x160 io_uring/poll.c:718
 io_queue_async+0x25d/0x2d0 io_uring/io_uring.c:2024
 io_queue_sqe io_uring/io_uring.c:2050 [inline]
 io_req_task_submit+0x9b/0xa0 io_uring/io_uring.c:1435
 __io_run_local_work_loop io_uring/io_uring.c:1345 [inline]
 __io_run_local_work+0x1f8/0x580 io_uring/io_uring.c:1370
 io_run_local_work io_uring/io_uring.c:1411 [inline]
 io_cqring_wait io_uring/io_uring.c:2718 [inline]
 __do_sys_io_uring_enter io_uring/io_uring.c:3324 [inline]
 __se_sys_io_uring_enter+0x159d/0x1c70 io_uring/io_uring.c:3224
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3224
 x64_sys_call+0x27e4/0x3000 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000000205c0 -> 0x00000000000206c0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3598 Comm: syz.1.24 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/18 01:29 upstream d3eeb99bbc99 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq
* Struck through repros no longer work on HEAD.