syzbot

 sign-in | mailing list | source | docs
🐞 Open [1456]
Subsystems
🐞 Fixed [6867]
🐞 Invalid [17835]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in begin_new_exec / cgroup_task_dead

Status: moderation: reported on 2026/01/09 01:31
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+e35391dc12d61582bcfe@syzkaller.appspotmail.com
First crash: 10d, last: 10d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in begin_new_exec / cgroup_task_dead

write to 0xffff888103852630 of 4 bytes by task 9822 on cpu 0:
 de_thread fs/exec.c:1007 [inline]
 begin_new_exec+0x8eb/0x12a0 fs/exec.c:1123
 load_elf_binary+0x6a3/0x1c90 fs/binfmt_elf.c:1010
 search_binary_handler fs/exec.c:1669 [inline]
 exec_binprm fs/exec.c:1701 [inline]
 bprm_execve+0x477/0x9b0 fs/exec.c:1753
 do_execveat_common+0x6e6/0x750 fs/exec.c:1859
 do_execveat fs/exec.c:1944 [inline]
 __do_sys_execveat fs/exec.c:2018 [inline]
 __se_sys_execveat fs/exec.c:2012 [inline]
 __x64_sys_execveat+0x73/0x90 fs/exec.c:2012
 x64_sys_call+0x1c0e/0x3000 arch/x86/include/generated/asm/syscalls_64.h:323
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888103852630 of 4 bytes by task 9825 on cpu 1:
 thread_group_leader include/linux/sched/signal.h:706 [inline]
 do_cgroup_task_dead kernel/cgroup/cgroup.c:7004 [inline]
 cgroup_task_dead+0x97/0x2b0 kernel/cgroup/cgroup.c:7065
 finish_task_switch+0x1b7/0x2a0 kernel/sched/core.c:5152
 context_switch kernel/sched/core.c:5259 [inline]
 __schedule+0x85f/0xcd0 kernel/sched/core.c:6863
 preempt_schedule_common kernel/sched/core.c:7047 [inline]
 __cond_resched+0x31/0x60 kernel/sched/core.c:7376
 might_resched include/linux/kernel.h:61 [inline]
 might_alloc include/linux/sched/mm.h:323 [inline]
 slab_pre_alloc_hook mm/slub.c:4904 [inline]
 slab_alloc_node mm/slub.c:5239 [inline]
 __do_kmalloc_node mm/slub.c:5656 [inline]
 __kmalloc_noprof+0xaf/0x5a0 mm/slub.c:5669
 kmalloc_noprof include/linux/slab.h:961 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 lsm_blob_alloc security/security.c:192 [inline]
 lsm_bpf_map_alloc security/security.c:314 [inline]
 security_bpf_map_create+0x51/0x130 security/security.c:5225
 map_create+0xcb5/0xda0 kernel/bpf/syscall.c:1594
 __sys_bpf+0x54e/0x7c0 kernel/bpf/syscall.c:6146
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
 x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000011 -> 0xffffffff

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9825 Comm: syz.2.2166 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/09 01:31 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in begin_new_exec / cgroup_task_dead
* Struck through repros no longer work on HEAD.