syzbot

 sign-in | mailing list | source | docs
🐞 Open [1472]
Subsystems
🐞 Fixed [6704]
🐞 Invalid [17217]
Missing Backports [217]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in ktime_get_real_seconds / timekeeping_update_from_shadow (3)

Status: moderation: reported on 2025/11/04 20:48
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+442fd7e52f9be4e429ae@syzkaller.appspotmail.com
First crash: 15h20m, last: 15h20m
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ktime_get_real_seconds / timekeeping_update_from_shadow (2) kernel 6 2 104d 122d 0/29 auto-obsoleted due to no activity on 2025/09/18 01:57
upstream KCSAN: data-race in ktime_get_real_seconds / timekeeping_update_from_shadow kernel 6 1 187d 187d 0/29 auto-obsoleted due to no activity on 2025/06/27 01:56

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ktime_get_real_seconds / timekeeping_update_from_shadow

write to 0xffffffff88e8e0c8 of 280 bytes by interrupt on cpu 1:
 timekeeping_update_from_shadow+0x2b4/0x2f0 kernel/time/timekeeping.c:753
 __timekeeping_advance+0xa3d/0xbc0 kernel/time/timekeeping.c:2363
 timekeeping_advance kernel/time/timekeeping.c:2371 [inline]
 update_wall_time+0x24/0x90 kernel/time/timekeeping.c:2381
 tick_do_update_jiffies64+0x169/0x1c0 kernel/time/tick-sched.c:149
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 console_flush_all+0x51b/0x6a0 arch/x86/include/asm/irqflags.h:-1
 __console_flush_and_unlock kernel/printk/printk.c:3258 [inline]
 console_unlock+0xa1/0x2e0 kernel/printk/printk.c:3298
 vprintk_emit+0x3b5/0x580 kernel/printk/printk.c:2423
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2448
 set_capacity_and_notify+0x14c/0x1f0 block/genhd.c:93
 loop_set_size+0x2e/0x70 drivers/block/loop.c:220
 loop_configure+0x828/0x9c0 drivers/block/loop.c:1081
 lo_ioctl+0x1e1/0x12b0 drivers/block/loop.c:1536
 blkdev_ioctl+0x356/0x440 block/ioctl.c:705
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x1816/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e8e100 of 8 bytes by task 5437 on cpu 0:
 ktime_get_real_seconds+0x15/0x30 kernel/time/timekeeping.c:1013
 ext4_update_super+0xe0/0xb70 fs/ext4/super.c:6144
 ext4_commit_super+0x40/0x280 fs/ext4/super.c:6207
 ext4_handle_error+0x451/0x550 fs/ext4/super.c:718
 __ext4_error_inode+0x1e3/0x3f0 fs/ext4/super.c:861
 __ext4_mark_inode_dirty+0xbd/0x3f0 fs/ext4/inode.c:6491
 __ext4_ext_dirty+0xdb/0x1f0 fs/ext4/extents.c:206
 ext4_split_extent_at+0x48c/0x990 fs/ext4/extents.c:3230
 ext4_split_extent+0x1af/0x3b0 fs/ext4/extents.c:3406
 ext4_split_convert_extents fs/ext4/extents.c:3743 [inline]
 ext4_ext_handle_unwritten_extents fs/ext4/extents.c:3915 [inline]
 ext4_ext_map_blocks+0xb58/0x38a0 fs/ext4/extents.c:4274
 ext4_map_create_blocks fs/ext4/inode.c:609 [inline]
 ext4_map_blocks+0x5ee/0xd00 fs/ext4/inode.c:811
 mpage_map_one_extent fs/ext4/inode.c:2374 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2468 [inline]
 ext4_do_writepages+0x15e1/0x2750 fs/ext4/inode.c:2931
 ext4_writepages+0x176/0x300 fs/ext4/inode.c:3025
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2604
 __writeback_single_inode+0x80/0x7c0 fs/fs-writeback.c:1719
 writeback_sb_inodes+0x48f/0xa30 fs/fs-writeback.c:2015
 wb_writeback+0x252/0x5c0 fs/fs-writeback.c:2195
 wb_do_writeback fs/fs-writeback.c:2342 [inline]
 wb_workfn+0x194/0x910 fs/fs-writeback.c:2382
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 worker_thread+0x582/0x770 kernel/workqueue.c:3427
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x122/0x1b0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000077359429 -> 0x000000007735942a

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5437 Comm: kworker/u8:55 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: writeback wb_workfn (flush-7:2)
==================================================================
EXT4-fs error: 18168 callbacks suppressed
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error: 31900 callbacks suppressed
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory
EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #18: comm kworker/u8:55: mark_inode_dirty error
EXT4-fs error (device loop2) in ext4_reserve_inode_write:6313: Out of memory

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/04 20:48 upstream c9cfc122f037 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_real_seconds / timekeeping_update_from_shadow
* Struck through repros no longer work on HEAD.