From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f78.google.com (mail-oo1-f78.google.com [209.85.161.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6DC938425B for ; Mon, 16 Mar 2026 10:22:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.78 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773656569; cv=none; b=PzY+vFX4iJqtjTJP33Btkd8O00GMeRFVs+Jevs35oAQsRV7q2mWbgExK138MHhpQrjOAGmFgzBRkivYYvvGt/wGCH3Ss6wo4myavZJbh74faIZZyCh/04zXayqfCa/riBcg2LLvyip/ivNC64aGGWZqsCcaI5qQJeHGlO2zo+p4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773656569; c=relaxed/simple; bh=nHVauLVVnHbwUssP1/XhpZ7fso8vr22Pxl9yNVS3v1s=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=kg2XTNXYVTEyQ6dVQr92EwcaYecY8/HcS7q2xxMHwnOXlAE5IV1D/caG7P9uO7bJsfy0IY4jc3xtFYe6CXXjzoi596CyIEDxSb36dq8Hj8p7wBgRgvYS/NFC9AyIuR/UsWEemL4lI47M2rHF0xpJ1sQkdHFRRdlNRwQKBF38EnE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f78.google.com with SMTP id 006d021491bc7-67bd1b31789so38426308eaf.0 for ; Mon, 16 Mar 2026 03:22:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773656567; x=1774261367; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hH3c+Gp4ivLrCpLOJPCjZZpSkkhRXUH4jhppXYc5kC4=; b=ZNpSQL3LfBrpkeHgDeWOFlfEMYMBJXgFNYm+v7jdUKkmZbXpDIP4Oly6qi9lowwnD2 r9yXmkcihDO2KjBjPWC/WB6ufov5ex0xq2fTyrKVAlqrC4z7P6rZ3X01OzChs8sfIGmr +SLjDRvNojC82F+qXtgr0JzyF2eSDH0H3oigY7Gl48Sa1SYZBwL7MPJ+666PYDx19vZa B29CNkw9Hm8k2DjqrETuYXSS723YZLNcN9JDbOXr2Xl1lJdoA11m1WJjpUIkL5tortLX FFnuWXeOIc4mXm84urpqJpaP+N9F7cYhTqDRngcG42HFMT38sTWBTIZmKfOp2LHZEbGR 5l2A== X-Forwarded-Encrypted: i=1; AJvYcCXewfmYmUvBHmLBWngR1Mabd6FEySwrXAi8gjhh7bW4POxMq1uor56t4e+Wmx38Ev+FIIKU0CMDPBTz1vM=@vger.kernel.org X-Gm-Message-State: AOJu0YwUSK4ao9uOy967RAMP9peTaCRw9FtZY6r3A6weyYX/SiEqNMyH tCTNAvTX3E4xNIm4vzR3t/TsZ++6pGySz6bAo5sOXPTVE1g5+qcRCSTK+KCsFetFWhrJ5EzLJnW cQKLXelG6JtqDnZgVKgzu1Ubgz7vkpjZgiwx9kimgnTAlvodWB0q2j9Ks60s= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:98f:b0:67a:405:7ffc with SMTP id 006d021491bc7-67bda983ab1mr8550309eaf.5.1773656566684; Mon, 16 Mar 2026 03:22:46 -0700 (PDT) Date: Mon, 16 Mar 2026 03:22:46 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69b7d9f6.050a0220.248e02.0112.GAE@google.com> Subject: [syzbot] [mm?] KMSAN: uninit-value in copy_from_kernel_nofault From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, david@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ljs@kernel.org, mhocko@suse.com, rppt@kernel.org, surenb@google.com, syzkaller-bugs@googlegroups.com, vbabka@kernel.org Content-Type: text/plain; charset="UTF-8" Hello, syzbot found the following issue on: HEAD commit: 80234b5ab240 Merge tag 'rproc-v7.0-fixes' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1474cd52580000 kernel config: https://syzkaller.appspot.com/x/.config?x=242f02fcd3fbc8f3 dashboard link: https://syzkaller.appspot.com/bug?extid=c18de0ad13d62f18469d compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/a0d037332dff/disk-80234b5a.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/0a1f7f8b54f8/vmlinux-80234b5a.xz kernel image: https://storage.googleapis.com/syzbot-assets/83eb68ee6421/bzImage-80234b5a.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c18de0ad13d62f18469d@syzkaller.appspotmail.com ===================================================== BUG: KMSAN: uninit-value in copy_from_kernel_nofault+0x15f/0x570 mm/maccess.c:41 copy_from_kernel_nofault+0x15f/0x570 mm/maccess.c:41 prepend_copy fs/d_path.c:50 [inline] prepend fs/d_path.c:76 [inline] prepend_name fs/d_path.c:101 [inline] __prepend_path fs/d_path.c:133 [inline] prepend_path+0x64e/0x1090 fs/d_path.c:172 d_absolute_path+0x11b/0x240 fs/d_path.c:234 tomoyo_get_absolute_path security/tomoyo/realpath.c:101 [inline] tomoyo_realpath_from_path+0x4bd/0x9f0 security/tomoyo/realpath.c:271 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x249/0x9a0 security/tomoyo/file.c:827 tomoyo_inode_getattr+0x35/0x40 security/tomoyo/tomoyo.c:123 security_inode_getattr+0x16e/0x590 security/security.c:1869 vfs_getattr fs/stat.c:259 [inline] vfs_fstat fs/stat.c:281 [inline] __do_sys_newfstat fs/stat.c:551 [inline] __se_sys_newfstat+0xd5/0xa60 fs/stat.c:546 __x64_sys_newfstat+0x78/0xb0 fs/stat.c:546 x64_sys_call+0x2f28/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:6 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: copy_name fs/dcache.c:2861 [inline] __d_move+0xf72/0x2aa0 fs/dcache.c:2930 d_move+0x71/0xf0 fs/dcache.c:2977 vfs_rename+0x2510/0x2650 fs/namei.c:6041 filename_renameat2+0xb7f/0x1260 fs/namei.c:6144 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4549 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x382/0x1280 mm/slub.c:4888 __d_alloc+0x55/0xa00 fs/dcache.c:1740 d_alloc+0x57/0x300 fs/dcache.c:1819 lookup_one_qstr_excl+0x1a1/0x7b0 fs/namei.c:1801 __start_renaming+0x38e/0x870 fs/namei.c:3862 filename_renameat2+0x735/0x1260 fs/namei.c:6119 __do_sys_rename fs/namei.c:6188 [inline] __se_sys_rename+0xc5/0x5d0 fs/namei.c:6184 __x64_sys_rename+0x78/0xb0 fs/namei.c:6184 x64_sys_call+0x329/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:83 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 5-7 of 8 are uninitialized Memory access of size 8 starts at ffff888014109578 CPU: 0 UID: 0 PID: 5966 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 ===================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup