syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1330]
Subsystems
🐞 Fixed [7158]
🐞 Invalid [18928]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow

Status: moderation: reported on 2026/05/09 01:09
Subsystems: kernel
Labels: prio:low
[Documentation on labels]
Reported-by: syzbot+e5a59428bbf2722641f7@syzkaller.appspotmail.com
First crash: 37d, last: 5d10h
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
7df98d0f-f7c3-40a9-b4e3-5908bab6af4f assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow 2026/05/21 14:10 2026/05/21 14:10 2026/05/21 14:30 d57425845dbe663f86e1e54a4997e95bd557b624
6643669e-6726-460b-b099-06fdf3db5fd4 assessment-kcsan Benign: ✅ KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow 2026/05/09 07:24 2026/05/09 07:24 2026/05/09 07:27 29233ece713919081e9069c2a18be92526041f39

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow

write to 0xffffffff893ac488 of 304 bytes by interrupt on cpu 1:
 timekeeping_update_from_shadow+0x40d/0x440 kernel/time/timekeeping.c:829
 __timekeeping_advance+0xa5d/0xc10 kernel/time/timekeeping.c:2532
 timekeeping_advance kernel/time/timekeeping.c:2540 [inline]
 update_wall_time+0x21/0x50 kernel/time/timekeeping.c:2550
 tick_do_update_jiffies64+0x169/0x1c0 kernel/time/tick-sched.c:149
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
 _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198
 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
 lruvec_unlock_irqrestore include/linux/memcontrol.h:1492 [inline]
 folio_batch_move_lru+0x246/0x290 mm/swap.c:178
 __folio_batch_add_and_move mm/swap.c:196 [inline]
 folio_add_lru+0x14f/0x1f0 mm/swap.c:517
 folio_add_lru_vma+0x49/0x70 mm/swap.c:536
 map_anon_folio_pte_nopf+0x1c2/0x3d0 mm/memory.c:5317
 map_anon_folio_pte_pf+0x6b/0x160 mm/memory.c:5327
 do_anonymous_page mm/memory.c:5429 [inline]
 do_pte_missing mm/memory.c:4564 [inline]
 handle_pte_fault mm/memory.c:6427 [inline]
 __handle_mm_fault mm/memory.c:6565 [inline]
 handle_mm_fault+0x2db0/0x2e70 mm/memory.c:6734
 do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

read to 0xffffffff893ac498 of 8 bytes by task 8823 on cpu 0:
 timekeeping_cycles_to_ns kernel/time/timekeeping.c:426 [inline]
 timekeeping_get_ns kernel/time/timekeeping.c:449 [inline]
 ktime_get_ts64+0xf0/0x350 kernel/time/timekeeping.c:1110
 do_recvmmsg+0x2ab/0x560 net/socket.c:3074
 __sys_recvmmsg net/socket.c:3131 [inline]
 __do_sys_recvmmsg net/socket.c:3152 [inline]
 __se_sys_recvmmsg net/socket.c:3145 [inline]
 __x64_sys_recvmmsg+0xfb/0x170 net/socket.c:3145
 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000056e1d9834f -> 0x00000056e32934bc

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 8823 Comm: syz.5.806 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/10 07:50 upstream 685441a6d3f1 34dab4be .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
2026/06/09 14:45 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
2026/06/08 02:58 upstream 33d8d8ec31b5 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
2026/06/06 11:52 upstream c10130c234c8 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
2026/05/28 20:02 upstream eb3f4b7426cf 681715f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
2026/05/09 01:09 upstream 917719c412c4 b2988c17 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ktime_get_ts64 / timekeeping_update_from_shadow
* Struck through repros no longer work on HEAD.