[moderation] [fs?] [mm?] KCSAN: data-race in begin_new_exec / cgroup_task_dead
1 view
Skip to first unread message
syzbot
Jan 8, 2026, 8:31:24 PM (2 days ago) Jan 8
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 79b95d74470d Merge tag 'hid-for-linus-2026010801' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1589219a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b319ff1b6a2797ca
dashboard link: https://syzkaller.appspot.com/bug?extid=e35391dc12d61582bcfe
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [bra...@kernel.org ja...@suse.cz ke...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org linu...@kvack.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/93ceeed95bb5/disk-79b95d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/900107cd9fa4/vmlinux-79b95d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bc6cc46e95ff/bzImage-79b95d74.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e35391...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in begin_new_exec / cgroup_task_dead
write to 0xffff888103852630 of 4 bytes by task 9822 on cpu 0:
de_thread fs/exec.c:1007 [inline]
begin_new_exec+0x8eb/0x12a0 fs/exec.c:1123
load_elf_binary+0x6a3/0x1c90 fs/binfmt_elf.c:1010
search_binary_handler fs/exec.c:1669 [inline]
exec_binprm fs/exec.c:1701 [inline]
bprm_execve+0x477/0x9b0 fs/exec.c:1753
do_execveat_common+0x6e6/0x750 fs/exec.c:1859
do_execveat fs/exec.c:1944 [inline]
__do_sys_execveat fs/exec.c:2018 [inline]
__se_sys_execveat fs/exec.c:2012 [inline]
__x64_sys_execveat+0x73/0x90 fs/exec.c:2012
x64_sys_call+0x1c0e/0x3000 arch/x86/include/generated/asm/syscalls_64.h:323
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff888103852630 of 4 bytes by task 9825 on cpu 1:
thread_group_leader include/linux/sched/signal.h:706 [inline]
do_cgroup_task_dead kernel/cgroup/cgroup.c:7004 [inline]
cgroup_task_dead+0x97/0x2b0 kernel/cgroup/cgroup.c:7065
finish_task_switch+0x1b7/0x2a0 kernel/sched/core.c:5152
context_switch kernel/sched/core.c:5259 [inline]
__schedule+0x85f/0xcd0 kernel/sched/core.c:6863
preempt_schedule_common kernel/sched/core.c:7047 [inline]
__cond_resched+0x31/0x60 kernel/sched/core.c:7376
might_resched include/linux/kernel.h:61 [inline]
might_alloc include/linux/sched/mm.h:323 [inline]
slab_pre_alloc_hook mm/slub.c:4904 [inline]
slab_alloc_node mm/slub.c:5239 [inline]
__do_kmalloc_node mm/slub.c:5656 [inline]
__kmalloc_noprof+0xaf/0x5a0 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
lsm_blob_alloc security/security.c:192 [inline]
lsm_bpf_map_alloc security/security.c:314 [inline]
security_bpf_map_create+0x51/0x130 security/security.c:5225
map_create+0xcb5/0xda0 kernel/bpf/syscall.c:1594
__sys_bpf+0x54e/0x7c0 kernel/bpf/syscall.c:6146
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000011 -> 0xffffffff
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9825 Comm: syz.2.2166 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 79b95d74470d Merge tag 'hid-for-linus-2026010801' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1589219a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b319ff1b6a2797ca
dashboard link: https://syzkaller.appspot.com/bug?extid=e35391dc12d61582bcfe
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [bra...@kernel.org ja...@suse.cz ke...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org linu...@kvack.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/93ceeed95bb5/disk-79b95d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/900107cd9fa4/vmlinux-79b95d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bc6cc46e95ff/bzImage-79b95d74.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e35391...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in begin_new_exec / cgroup_task_dead
write to 0xffff888103852630 of 4 bytes by task 9822 on cpu 0:
de_thread fs/exec.c:1007 [inline]
begin_new_exec+0x8eb/0x12a0 fs/exec.c:1123
load_elf_binary+0x6a3/0x1c90 fs/binfmt_elf.c:1010
search_binary_handler fs/exec.c:1669 [inline]
exec_binprm fs/exec.c:1701 [inline]
bprm_execve+0x477/0x9b0 fs/exec.c:1753
do_execveat_common+0x6e6/0x750 fs/exec.c:1859
do_execveat fs/exec.c:1944 [inline]
__do_sys_execveat fs/exec.c:2018 [inline]
__se_sys_execveat fs/exec.c:2012 [inline]
__x64_sys_execveat+0x73/0x90 fs/exec.c:2012
x64_sys_call+0x1c0e/0x3000 arch/x86/include/generated/asm/syscalls_64.h:323
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff888103852630 of 4 bytes by task 9825 on cpu 1:
thread_group_leader include/linux/sched/signal.h:706 [inline]
do_cgroup_task_dead kernel/cgroup/cgroup.c:7004 [inline]
cgroup_task_dead+0x97/0x2b0 kernel/cgroup/cgroup.c:7065
finish_task_switch+0x1b7/0x2a0 kernel/sched/core.c:5152
context_switch kernel/sched/core.c:5259 [inline]
__schedule+0x85f/0xcd0 kernel/sched/core.c:6863
preempt_schedule_common kernel/sched/core.c:7047 [inline]
__cond_resched+0x31/0x60 kernel/sched/core.c:7376
might_resched include/linux/kernel.h:61 [inline]
might_alloc include/linux/sched/mm.h:323 [inline]
slab_pre_alloc_hook mm/slub.c:4904 [inline]
slab_alloc_node mm/slub.c:5239 [inline]
__do_kmalloc_node mm/slub.c:5656 [inline]
__kmalloc_noprof+0xaf/0x5a0 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
lsm_blob_alloc security/security.c:192 [inline]
lsm_bpf_map_alloc security/security.c:314 [inline]
security_bpf_map_create+0x51/0x130 security/security.c:5225
map_create+0xcb5/0xda0 kernel/bpf/syscall.c:1594
__sys_bpf+0x54e/0x7c0 kernel/bpf/syscall.c:6146
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000011 -> 0xffffffff
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9825 Comm: syz.2.2166 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages