KMSAN: uninit-value in __d_lookup

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
801068dc-112c-4fbc-bd3e-d921161b7779	assessment-security	DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌	❓	KMSAN: uninit-value in __d_lookup_rcu	2026/05/30 02:36	2026/05/30 02:36	2026/05/30 03:31	6b4a844333e83556da95d61d7f207e7ef5cd4bc6

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: unable to handle kernel paging request in __d_lookup_rcu fs	8	syz			1	494d	493d	0/29	auto-obsoleted due to no activity on 2025/05/27 13:04

Kernel

Title

Rank 🛈

upstream

BUG: unable to handle kernel paging request in __d_lookup_rcu fs

syz

494d

493d

0/29

auto-obsoleted due to no activity on 2025/05/27 13:04

===================================================== BUG: KMSAN: uninit-value in dentry_string_cmp fs/dcache.c:291 [inline] BUG: KMSAN: uninit-value in dentry_cmp fs/dcache.c:322 [inline] BUG: KMSAN: uninit-value in __d_lookup_rcu+0x37d/0x5e0 fs/dcache.c:2522 dentry_string_cmp fs/dcache.c:291 [inline] dentry_cmp fs/dcache.c:322 [inline] __d_lookup_rcu+0x37d/0x5e0 fs/dcache.c:2522 lookup_fast+0x194/0xa40 fs/namei.c:1854 lookup_fast_for_open fs/namei.c:4545 [inline] open_last_lookups fs/namei.c:4579 [inline] path_openat+0x9ef/0x6540 fs/namei.c:4856 do_file_open+0x2aa/0x680 fs/namei.c:4888 do_sys_openat2+0x17c/0x390 fs/open.c:1395 do_sys_open fs/open.c:1401 [inline] __do_sys_openat fs/open.c:1417 [inline] __se_sys_openat fs/open.c:1412 [inline] __x64_sys_openat+0x240/0x300 fs/open.c:1412 x64_sys_call+0x2445/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:258 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f <Zero or more stacks not recorded to save memory> Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:3031 [inline] __d_move+0xd29/0x21f0 fs/dcache.c:3099 d_move+0x71/0xf0 fs/dcache.c:3147 vfs_rename+0x2619/0x2770 fs/namei.c:6085 filename_renameat2+0xa59/0x1230 fs/namei.c:6188 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4617 [inline] slab_alloc_node mm/slub.c:4939 [inline] kmem_cache_alloc_lru_noprof+0x376/0x1230 mm/slub.c:4958 __d_alloc+0x52/0x9f0 fs/dcache.c:1902 d_alloc+0x57/0x300 fs/dcache.c:1981 lookup_one_qstr_excl+0x19d/0x7a0 fs/namei.c:1806 __start_renaming+0x341/0x850 fs/namei.c:3888 filename_renameat2+0x625/0x1230 fs/namei.c:6163 __do_sys_rename fs/namei.c:6232 [inline] __se_sys_rename+0xc5/0x5c0 fs/namei.c:6228 __x64_sys_rename+0x78/0xb0 fs/namei.c:6228 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 5803 Comm: udevd Tainted: G W syzkaller #0 PREEMPT(lazy) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 =====================================================

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/06/23 12:12	upstream	9ecfb2f7287a	4b1d8f01	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in __d_lookup_rcu
2026/05/12 19:44	upstream	50897c955902	d5b1a17d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386-root	KMSAN: uninit-value in __d_lookup_rcu

Crashes (2):

Assets (help?)