syzbot

 sign-in | mailing list | source | docs
🐞 Open [1495]
Subsystems
🐞 Fixed [6673]
🐞 Invalid [17104]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (3)

Status: auto-obsoleted due to no activity on 2024/06/01 19:35
Subsystems: rtc
[Documentation on labels]
Reported-by: syzbot+c28e88b867407184ed12@syzkaller.appspotmail.com
First crash: 544d, last: 544d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (2) rtc 6 1 1380d 1380d 0/29 auto-closed as invalid on 2022/02/16 06:16
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (5) rtc 6 43 26d 324d 0/29 moderation: reported on 2024/12/03 07:27
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq (4) rtc 6 1 476d 476d 0/29 auto-obsoleted due to no activity on 2024/08/09 01:42
upstream KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq rtc 6 1 1504d 1504d 0/29 auto-closed as invalid on 2021/10/16 01:04

Sample crash report:
==================================================================
BUG: KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq

read-write to 0xffff8881029f3b88 of 8 bytes by interrupt on cpu 1:
 rtc_handle_legacy_irq drivers/rtc/interface.c:623 [inline]
 rtc_pie_update_irq+0x95/0xf0 drivers/rtc/interface.c:671
 __run_hrtimer kernel/time/hrtimer.c:1692 [inline]
 __hrtimer_run_queues+0x214/0x5e0 kernel/time/hrtimer.c:1756
 hrtimer_interrupt+0x210/0x7b0 kernel/time/hrtimer.c:1818
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 blk_account_io_done+0x270/0x350 block/blk-mq.c:1002
 __blk_mq_end_request_acct block/blk-mq.c:1032 [inline]
 __blk_mq_end_request+0x1de/0x390 block/blk-mq.c:1038
 scsi_end_request+0x299/0x4d0 drivers/scsi/scsi_lib.c:665
 scsi_io_completion+0x9f/0x200 drivers/scsi/scsi_lib.c:1068
 scsi_finish_command+0x1be/0x1d0 drivers/scsi/scsi.c:198
 scsi_complete+0x19a/0x1d0 drivers/scsi/scsi_lib.c:1530
 blk_complete_reqs block/blk-mq.c:1129 [inline]
 blk_done_softirq+0x74/0xb0 block/blk-mq.c:1134
 __do_softirq+0xc8/0x285 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:633 [inline]
 irq_exit_rcu+0x3c/0x90 kernel/softirq.c:645
 common_interrupt+0x81/0x90 arch/x86/kernel/irq.c:247
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
 kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
 crc32_body lib/crc32.c:110 [inline]
 crc32_le_generic lib/crc32.c:179 [inline]
 __crc32c_le_base+0x10e/0x520 lib/crc32.c:201
 chksum_update+0x32/0x50 crypto/crc32c_generic.c:88
 crypto_shash_update+0x4a/0x60 crypto/shash.c:70
 ext4_chksum fs/ext4/ext4.h:2476 [inline]
 ext4_dirblock_csum fs/ext4/namei.c:382 [inline]
 ext4_dirblock_csum_set fs/ext4/namei.c:430 [inline]
 ext4_handle_dirty_dirblock+0x271/0x350 fs/ext4/namei.c:438
 add_dirent_to_buf+0x342/0x440 fs/ext4/namei.c:2214
 ext4_add_entry+0x3a6/0x1ec0 fs/ext4/namei.c:2444
 ext4_mkdir+0x36f/0x740 fs/ext4/namei.c:3028
 vfs_mkdir+0x1f7/0x300 fs/namei.c:4123
 do_mkdirat+0x12f/0x2a0 fs/namei.c:4146
 __do_sys_mkdir fs/namei.c:4166 [inline]
 __se_sys_mkdir fs/namei.c:4164 [inline]
 __x64_sys_mkdir+0x44/0x50 fs/namei.c:4164
 x64_sys_call+0x10aa/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:84
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881029f3b88 of 8 bytes by task 21068 on cpu 0:
 rtc_dev_poll+0x7c/0xb0 drivers/rtc/dev.c:198
 vfs_poll include/linux/poll.h:84 [inline]
 __io_arm_poll_handler+0x229/0xf30 io_uring/poll.c:622
 io_poll_add+0xb9/0x140 io_uring/poll.c:983
 io_issue_sqe+0x153/0x600 io_uring/io_uring.c:1897
 io_queue_sqe io_uring/io_uring.c:2111 [inline]
 io_req_task_submit+0xb0/0x110 io_uring/io_uring.c:1510
 io_poll_task_func+0x760/0x910
 io_handle_tw_list+0x114/0x240 io_uring/io_uring.c:1198
 tctx_task_work_run+0x6c/0x1b0 io_uring/io_uring.c:1270
 tctx_task_work+0x40/0x80 io_uring/io_uring.c:1288
 task_work_run+0x13a/0x1a0 kernel/task_work.c:180
 get_signal+0xeee/0x1080 kernel/signal.c:2683
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xda/0x1d0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x000000000005fbc0 -> 0x000000000005fcc0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 21068 Comm: syz-executor.2 Not tainted 6.9.0-rc5-syzkaller-00329-g5d12ed4bea43 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/27 19:34 upstream 5d12ed4bea43 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq
* Struck through repros no longer work on HEAD.