syzbot

 sign-in | mailing list | source | docs
🐞 Open [1442]
Subsystems
🐞 Fixed [6961]
🐞 Invalid [18148]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in css_set_move_task / memcpy_and_pad (2)

Status: moderation: reported on 2026/01/20 10:41
Subsystems: cgroups
[Documentation on labels]
Reported-by: syzbot+1ee8687806d5edebd5ad@syzkaller.appspotmail.com
First crash: 44d, last: 18d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
289c7d69-5ffc-4fbf-a48b-54cf0f19290f assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in css_set_move_task / memcpy_and_pad (2) 2026/02/25 03:58 2026/02/25 03:58 2026/02/25 04:16 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
2164efd1-9592-45e7-9497-d5274392ba36 assessment-kcsan 💥 KCSAN: data-race in css_set_move_task / memcpy_and_pad (2) 2026/01/23 07:56 2026/01/23 07:56 2026/01/23 07:56 499a21815ec0ab13dbfc80e05fc32aadbc482145 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "16" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/usr/local/google/home/dvyukov/syzkaller/workdir/cache/build/08a402c00dcf920e418ce72eca15117888c80f58" "bzImage" "compile_commands.json"]: exit status 2
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in css_set_move_task / memcpy_and_pad cgroups 6 1 280d 280d 0/29 auto-obsoleted due to no activity on 2025/07/24 11:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in css_set_move_task / memcpy_and_pad

write to 0xffff888104a9bac8 of 8 bytes by task 10991 on cpu 0:
 __list_del include/linux/list.h:203 [inline]
 __list_del_entry include/linux/list.h:226 [inline]
 list_del_init include/linux/list.h:295 [inline]
 css_set_move_task+0x212/0x430 kernel/cgroup/cgroup.c:932
 do_cgroup_task_dead kernel/cgroup/cgroup.c:6998 [inline]
 cgroup_task_dead+0x6f/0x2b0 kernel/cgroup/cgroup.c:7062
 finish_task_switch+0x1b5/0x280 kernel/sched/core.c:5190
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x85a/0xd40 kernel/sched/core.c:6907
 preempt_schedule_common+0x11/0x30 kernel/sched/core.c:7091
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __up_read kernel/locking/rwsem.c:1365 [inline]
 up_read+0x62/0x70 kernel/locking/rwsem.c:1633
 i_mmap_unlock_read include/linux/fs.h:537 [inline]
 __rmap_walk_file+0x290/0x2b0 mm/rmap.c:3017
 try_to_unmap+0x1e3/0x210 mm/rmap.c:-1
 shrink_folio_list+0x11f7/0x2730 mm/vmscan.c:1366
 reclaim_folio_list+0x9f/0x220 mm/vmscan.c:2196
 reclaim_pages+0x21e/0x280 mm/vmscan.c:2233
 madvise_cold_or_pageout_pte_range+0xd6a/0xdc0 mm/madvise.c:561
 walk_pmd_range mm/pagewalk.c:130 [inline]
 walk_pud_range mm/pagewalk.c:224 [inline]
 walk_p4d_range mm/pagewalk.c:262 [inline]
 walk_pgd_range+0xa4a/0x14d0 mm/pagewalk.c:303
 __walk_page_range+0xdd/0x340 mm/pagewalk.c:411
 walk_page_range_vma_unsafe+0x2cd/0x320 mm/pagewalk.c:715
 walk_page_range_vma+0x56/0x70 mm/pagewalk.c:725
 madvise_vma_behavior+0x1d11/0x20c0 mm/madvise.c:-1
 madvise_walk_vmas mm/madvise.c:1719 [inline]
 madvise_do_behavior+0x5de/0xa10 mm/madvise.c:1935
 do_madvise+0x10e/0x190 mm/madvise.c:2028
 __do_sys_madvise mm/madvise.c:2037 [inline]
 __se_sys_madvise mm/madvise.c:2035 [inline]
 __x64_sys_madvise+0x63/0x80 mm/madvise.c:2035
 x64_sys_call+0x1eff/0x3020 arch/x86/include/generated/asm/syscalls_64.h:29
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888104a9b180 of 3264 bytes by task 11192 on cpu 1:
 memcpy_and_pad+0x48/0x80 lib/string_helpers.c:1008
 arch_dup_task_struct+0x2c/0x40 arch/x86/kernel/process.c:108
 dup_task_struct+0x6e/0x940 kernel/fork.c:920
 copy_process+0x37e/0x20c0 kernel/fork.c:2050
 kernel_clone+0x16b/0x5d0 kernel/fork.c:2654
 __do_sys_clone kernel/fork.c:2795 [inline]
 __se_sys_clone kernel/fork.c:2779 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2779
 x64_sys_call+0x1222/0x3020 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 11192 Comm: dhcpcd-run-hook Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/16 00:59 upstream 26a4cfaff82a 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/02/04 18:27 upstream 5fd0a1df5d05 ea10c935 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/02/02 01:17 upstream 9f2693489ef8 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/01/22 19:39 upstream a66191c590b3 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/01/20 10:41 upstream 24d479d26b25 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
* Struck through repros no longer work on HEAD.