syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1342]
Subsystems
🐞 Fixed [7091]
🐞 Invalid [18729]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in __d_lookup_rcu

Status: moderation: reported on 2026/05/16 19:48
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+7ff3adde89dd795ad4c4@syzkaller.appspotmail.com
First crash: 4d15h, last: 4d15h
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in __d_lookup_rcu fs 8 syz 1 454d 454d 0/29 auto-obsoleted due to no activity on 2025/05/27 13:04

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in dentry_string_cmp fs/dcache.c:291 [inline]
BUG: KMSAN: uninit-value in dentry_cmp fs/dcache.c:322 [inline]
BUG: KMSAN: uninit-value in __d_lookup_rcu+0x37d/0x5e0 fs/dcache.c:2424
 dentry_string_cmp fs/dcache.c:291 [inline]
 dentry_cmp fs/dcache.c:322 [inline]
 __d_lookup_rcu+0x37d/0x5e0 fs/dcache.c:2424
 lookup_fast+0x186/0xa40 fs/namei.c:1849
 lookup_fast_for_open fs/namei.c:4548 [inline]
 open_last_lookups fs/namei.c:4582 [inline]
 path_openat+0xa07/0x64c0 fs/namei.c:4855
 do_file_open+0x2aa/0x680 fs/namei.c:4887
 do_sys_openat2+0x163/0x370 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1381
 x64_sys_call+0x2445/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

<Zero or more stacks not recorded to save memory>

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_name fs/dcache.c:2928 [inline]
 __d_move+0xf72/0x2aa0 fs/dcache.c:2997
 d_move+0x71/0xf0 fs/dcache.c:3044
 vfs_rename+0x2510/0x2650 fs/namei.c:6069
 filename_renameat2+0xb7f/0x1260 fs/namei.c:6172
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4576 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 kmem_cache_alloc_lru_noprof+0x37a/0x1260 mm/slub.c:4917
 __d_alloc+0x55/0xa00 fs/dcache.c:1807
 d_alloc+0x57/0x300 fs/dcache.c:1886
 lookup_one_qstr_excl+0x19d/0x7b0 fs/namei.c:1801
 __start_renaming+0x38e/0x870 fs/namei.c:3890
 filename_renameat2+0x735/0x1260 fs/namei.c:6147
 __do_sys_rename fs/namei.c:6216 [inline]
 __se_sys_rename+0xc5/0x5d0 fs/namei.c:6212
 __x64_sys_rename+0x78/0xb0 fs/namei.c:6212
 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 5899 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/12 19:44 upstream 50897c955902 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __d_lookup_rcu
* Struck through repros no longer work on HEAD.