syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7064]
🐞 Invalid [18539]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in css_set_move_task / memcpy_and_pad (2)

Status: moderation: reported on 2026/01/20 10:41
Subsystems: cgroups
[Documentation on labels]
Reported-by: syzbot+1ee8687806d5edebd5ad@syzkaller.appspotmail.com
First crash: 90d, last: 18d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
289c7d69-5ffc-4fbf-a48b-54cf0f19290f assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in css_set_move_task / memcpy_and_pad (2) 2026/02/25 03:58 2026/02/25 03:58 2026/02/25 04:16 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
2164efd1-9592-45e7-9497-d5274392ba36 assessment-kcsan 💥 KCSAN: data-race in css_set_move_task / memcpy_and_pad (2) 2026/01/23 07:56 2026/01/23 07:56 2026/01/23 07:56 499a21815ec0ab13dbfc80e05fc32aadbc482145 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "16" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/usr/local/google/home/dvyukov/syzkaller/workdir/cache/build/08a402c00dcf920e418ce72eca15117888c80f58" "bzImage" "compile_commands.json"]: exit status 2
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in css_set_move_task / memcpy_and_pad cgroups 6 1 326d 326d 0/29 auto-obsoleted due to no activity on 2025/07/24 11:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in css_set_move_task / memcpy_and_pad

write to 0xffff8881042fbbc8 of 8 bytes by task 17 on cpu 1:
 __list_del include/linux/list.h:203 [inline]
 __list_del_entry include/linux/list.h:226 [inline]
 list_del_init include/linux/list.h:295 [inline]
 css_set_move_task+0x212/0x430 kernel/cgroup/cgroup.c:932
 do_cgroup_task_dead kernel/cgroup/cgroup.c:7082 [inline]
 cgroup_task_dead+0x74/0x340 kernel/cgroup/cgroup.c:7151
 finish_task_switch+0x1b5/0x280 kernel/sched/core.c:5193
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x93c/0xd40 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0x5e/0xd0 kernel/sched/core.c:7008
 schedule_timeout+0xca/0x180 kernel/time/sleep_timeout.c:99
 synchronize_rcu_expedited_wait_once kernel/rcu/tree_exp.h:545 [inline]
 synchronize_rcu_expedited_wait kernel/rcu/tree_exp.h:663 [inline]
 rcu_exp_wait_wake kernel/rcu/tree_exp.h:692 [inline]
 rcu_exp_sel_wait_wake+0x590/0xbe0 kernel/rcu/tree_exp.h:726
 wait_rcu_exp_gp+0x1e/0x30 kernel/rcu/tree_exp.h:492
 kthread_worker_fn+0x262/0x540 kernel/kthread.c:1025
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff8881042fb240 of 3328 bytes by task 4512 on cpu 0:
 memcpy_and_pad+0x48/0x80 lib/string_helpers.c:1008
 arch_dup_task_struct+0x2c/0x40 arch/x86/kernel/process.c:108
 dup_task_struct+0x6e/0x950 kernel/fork.c:920
 copy_process+0x37e/0x20b0 kernel/fork.c:2050
 kernel_clone+0x16b/0x5d0 kernel/fork.c:2653
 __do_sys_clone kernel/fork.c:2794 [inline]
 __se_sys_clone kernel/fork.c:2778 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2778
 x64_sys_call+0x1222/0x3020 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4512 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/02 13:33 upstream 9147566d8016 91bc79b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/02/16 00:59 upstream 26a4cfaff82a 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/02/04 18:27 upstream 5fd0a1df5d05 ea10c935 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/02/02 01:17 upstream 9f2693489ef8 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/01/22 19:39 upstream a66191c590b3 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
2026/01/20 10:41 upstream 24d479d26b25 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in css_set_move_task / memcpy_and_pad
* Struck through repros no longer work on HEAD.