================================================================== BUG: KCSAN: data-race in rtc_dev_poll / rtc_pie_update_irq read-write to 0xffff88810352d388 of 8 bytes by interrupt on cpu 1: rtc_handle_legacy_irq drivers/rtc/interface.c:624 [inline] rtc_pie_update_irq+0x93/0xf0 drivers/rtc/interface.c:672 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x20c/0x5a0 kernel/time/hrtimer.c:1825 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline] __sysvec_apic_timer_interrupt+0x5c/0x1d0 arch/x86/kernel/apic/apic.c:1056 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 ___neigh_lookup_noref include/net/neighbour.h:315 [inline] __ipv6_neigh_lookup_noref include/net/ndisc.h:359 [inline] ip6_finish_output2+0x514/0xd30 net/ipv6/ip6_output.c:128 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x3a4/0x540 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0xfd/0x240 net/ipv6/ip6_output.c:248 dst_output include/net/dst.h:461 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] ndisc_send_skb+0x4cf/0x710 net/ipv6/ndisc.c:512 ndisc_send_rs+0x2e7/0x360 net/ipv6/ndisc.c:722 addrconf_rs_timer+0x1e5/0x310 net/ipv6/addrconf.c:4037 call_timer_fn+0x3b/0x2c0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x415/0x610 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0x31/0x70 kernel/time/timer.c:2403 handle_softirqs+0xba/0x290 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 is_atomic kernel/kcsan/core.c:249 [inline] should_watch kernel/kcsan/core.c:277 [inline] check_access kernel/kcsan/core.c:752 [inline] __tsan_read8+0xe9/0x190 kernel/kcsan/core.c:1025 copy_pte_range mm/memory.c:1141 [inline] copy_pmd_range mm/memory.c:1261 [inline] copy_pud_range mm/memory.c:1298 [inline] copy_p4d_range mm/memory.c:1322 [inline] copy_page_range+0xb0c/0x3c20 mm/memory.c:1410 dup_mmap+0x885/0xf20 mm/mmap.c:1834 dup_mm kernel/fork.c:1485 [inline] copy_mm+0x11a/0x370 kernel/fork.c:1537 copy_process+0xd08/0x2000 kernel/fork.c:2175 kernel_clone+0x16c/0x5c0 kernel/fork.c:2605 __do_sys_clone kernel/fork.c:2748 [inline] __se_sys_clone kernel/fork.c:2732 [inline] __x64_sys_clone+0xe6/0x120 kernel/fork.c:2732 x64_sys_call+0x119c/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88810352d388 of 8 bytes by task 4561 on cpu 0: rtc_dev_poll+0x78/0xb0 drivers/rtc/dev.c:198 vfs_poll include/linux/poll.h:82 [inline] io_file_supports_nowait io_uring/rw.c:46 [inline] __io_read+0x2e4/0xc20 io_uring/rw.c:927 io_read+0x1c/0x60 io_uring/rw.c:1020 __io_issue_sqe+0xfb/0x2e0 io_uring/io_uring.c:1773 io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1796 io_queue_sqe io_uring/io_uring.c:2025 [inline] io_req_task_submit+0x6b/0xd0 io_uring/io_uring.c:1415 io_handle_tw_list+0x190/0x1c0 io_uring/io_uring.c:1102 tctx_task_work_run+0x6d/0x1a0 io_uring/io_uring.c:1167 tctx_task_work+0x3f/0x80 io_uring/io_uring.c:1185 task_work_run+0x131/0x1a0 kernel/task_work.c:227 get_signal+0xe13/0xf70 kernel/signal.c:2807 arch_do_signal_or_restart+0x96/0x480 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x7a/0x100 kernel/entry/common.c:40 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x1d6/0x200 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000000271c0 -> 0x00000000000272c0 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 4561 Comm: syz.3.309 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 ==================================================================