CVE-2026-53328 PUBLISHED

sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()

Assigner: Linux
Reserved: 09.06.2026 Published: 01.07.2026 Updated: 01.07.2026

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()

A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtree_control while a sched_ext scheduler is loaded:

WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0 scx_cgroup_move_task+0xa8/0xb0 sched_move_task+0x134/0x290 cpu_cgroup_attach+0x39/0x70 cgroup_migrate_execute+0x37d/0x450 cgroup_update_dfl_csses+0x1e3/0x270 cgroup_subtree_control_write+0x3e7/0x440

scx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu cgroup changes. It can still be NULL when scx_cgroup_move_task() runs, through this sequence:

Step Result

<hr />
  1. cpu enabled on cgroup G cpu css = A
  2. cpu toggled off then on for G A killed, B created (same cgroup)
  3. an exiting task keeps A alive migration skips it, A now stale
  4. +memory migrates G stale A vs current B pulls cpu in
  5. cpu attach runs for all tasks hits a live, cpu-unchanged task
  6. scx_cgroup_move_task() on it cgrp_moving_from NULL -> WARN

The mismatch is that scx_cgroup_can_attach() keys on cgroup identity while migration drives the move on css identity, so a NULL cgrp_moving_from here is a legitimate css-only migration, not a missing prep.

The call is already gated on cgrp_moving_from, so just drop the warning. ops.cgroup_prep_move() and ops.cgroup_move() stay paired.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 8195136669661fdfe54e9a8923c33b31c92fc1da to cdff2eb97be147d2ce52ac1327841068781f25dc (excl.)
  • affected from 8195136669661fdfe54e9a8923c33b31c92fc1da to 0ffcad63b19a1cadb475c9f405a93607fdcd0d7c (excl.)
  • affected from 8195136669661fdfe54e9a8923c33b31c92fc1da to bc75f5951fac4e49d175c4433fc08fb1ec01172f (excl.)
  • affected from 8195136669661fdfe54e9a8923c33b31c92fc1da to 02e545c4297a26dbbc41df81b831e7f605bcd306 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.12 is affected
  • unaffected from 0 to 6.12 (excl.)
  • unaffected from 6.12.94 to 6.12.* (incl.)
  • unaffected from 6.18.36 to 6.18.* (incl.)
  • unaffected from 7.0.13 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References