KASAN: slab-use-after-free Read in d_alloc

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
5c457ab3-b87b-4a8e-9e7b-cd1381abb4d4	moderation		💥	KASAN: slab-use-after-free Read in d_alloc_parallel	2026/06/16 00:01	2026/06/16 00:01	2026/06/16 00:04	50bb0618cd2f9cd819534368fff82367c1681dab	failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/d515f8819783b276bb... truncated to first 200 bytes; open job for full error
adb89f1c-bea9-4c0f-980c-c4aada301775	assessment-security	DenialOfService: ✅ Exploitable: ✅ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌	❓	KASAN: slab-use-after-free Read in d_alloc_parallel	2026/06/13 00:03	2026/06/13 00:03	2026/06/13 00:59	1d2f35898f2e0325486423250d5303b6bc05adcd

================================================================== BUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60 kernel/locking/spinlock.c:166 Read of size 1 at addr ffff888023386440 by task kworker/u8:2/1528 CPU: 0 UID: 0 PID: 1528 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: <TASK> dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description+0x55/0x1e0 mm/kasan/report.c:378 print_report+0x58/0x70 mm/kasan/report.c:482 kasan_report+0x117/0x150 mm/kasan/report.c:595 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:574 kasan_check_byte include/linux/kasan.h:402 [inline] lock_acquire+0x84/0x350 kernel/locking/lockdep.c:5844 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] _raw_spin_lock_irqsave+0x40/0x60 kernel/locking/spinlock.c:166 rt_mutex_slowunlock+0xbf/0x8b0 kernel/locking/rtmutex.c:1430 spin_unlock include/linux/spinlock_rt.h:109 [inline] d_alloc_parallel+0x103d/0x1630 fs/dcache.c:2826 __lookup_slow+0x82/0x2f0 fs/namei.c:1904 lookup_slow+0x53/0x70 fs/namei.c:1936 walk_component fs/namei.c:2282 [inline] link_path_walk+0xd1e/0x18d0 fs/namei.c:2656 path_openat+0x22c/0x37e0 fs/namei.c:4855 do_file_open+0x23e/0x4a0 fs/namei.c:4888 do_open_execat+0x12b/0x590 fs/exec.c:785 alloc_bprm+0x28/0x660 fs/exec.c:1431 class_bprm_constructor fs/exec.c:1496 [inline] kernel_execve+0x87/0x930 fs/exec.c:1889 call_usermodehelper_exec_async+0x212/0x360 kernel/umh.c:109 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Allocated by task 1527: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4614 [inline] slab_alloc_node mm/slub.c:4941 [inline] kmem_cache_alloc_lru_noprof+0x354/0x6b0 mm/slub.c:4974 __d_alloc+0x37/0x6f0 fs/dcache.c:1902 d_alloc_parallel+0xe3/0x1630 fs/dcache.c:2761 __lookup_slow+0x82/0x2f0 fs/namei.c:1904 lookup_slow+0x53/0x70 fs/namei.c:1936 walk_component fs/namei.c:2282 [inline] link_path_walk+0xd1e/0x18d0 fs/namei.c:2656 path_openat+0x22c/0x37e0 fs/namei.c:4855 do_file_open+0x23e/0x4a0 fs/namei.c:4888 do_open_execat+0x12b/0x590 fs/exec.c:785 alloc_bprm+0x28/0x660 fs/exec.c:1431 class_bprm_constructor fs/exec.c:1496 [inline] kernel_execve+0x87/0x930 fs/exec.c:1889 call_usermodehelper_exec_async+0x212/0x360 kernel/umh.c:109 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Freed by task 29: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2699 [inline] slab_free mm/slub.c:6400 [inline] kmem_cache_free+0x187/0x6c0 mm/slub.c:6527 rcu_do_batch kernel/rcu/tree.c:2645 [inline] rcu_core kernel/rcu/tree.c:2897 [inline] rcu_cpu_kthread+0x99e/0x1470 kernel/rcu/tree.c:2985 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Last potentially related work creation: kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556 __call_rcu_common kernel/rcu/tree.c:3159 [inline] call_rcu+0xee/0x890 kernel/rcu/tree.c:3279 dentry_kill+0x4ed/0x890 fs/dcache.c:845 finish_dput+0x1a/0x260 fs/dcache.c:1001 handle_mounts fs/namei.c:1753 [inline] step_into_slowpath+0x487/0x7e0 fs/namei.c:2104 step_into fs/namei.c:2152 [inline] walk_component fs/namei.c:2288 [inline] link_path_walk+0xd50/0x18d0 fs/namei.c:2656 path_openat+0x22c/0x37e0 fs/namei.c:4855 do_file_open+0x23e/0x4a0 fs/namei.c:4888 do_open_execat+0x12b/0x590 fs/exec.c:785 alloc_bprm+0x28/0x660 fs/exec.c:1431 class_bprm_constructor fs/exec.c:1496 [inline] kernel_execve+0x87/0x930 fs/exec.c:1889 call_usermodehelper_exec_async+0x212/0x360 kernel/umh.c:109 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address belongs to the object at ffff888023386370 which belongs to the cache dentry of size 376 The buggy address is located 208 bytes inside of freed 376-byte region [ffff888023386370, ffff8880233864e8) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888023387130 pfn:0x23386 head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x80000000000240(workingset|head|node=0|zone=1) page_type: f5(slab) raw: 0080000000000240 ffff88801c2d3500 ffffea00008ce090 ffffea00008ce290 raw: ffff888023387130 000000080012000a 00000000f5000000 0000000000000000 head: 0080000000000240 ffff88801c2d3500 ffffea00008ce090 ffffea00008ce290 head: ffff888023387130 000000080012000a 00000000f5000000 0000000000000000 head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1486, tgid 1486 (kworker/u8:3), ts 13722633445, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f9/0x250 mm/page_alloc.c:1859 prep_new_page mm/page_alloc.c:1867 [inline] get_page_from_freelist+0x265c/0x26e0 mm/page_alloc.c:3946 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5304 alloc_slab_page mm/slub.c:3288 [inline] allocate_slab+0x76/0x5d0 mm/slub.c:3406 new_slab mm/slub.c:3452 [inline] refill_objects+0x2d9/0x350 mm/slub.c:7333 refill_sheaf mm/slub.c:2826 [inline] __pcs_replace_empty_main+0x331/0x690 mm/slub.c:4698 alloc_from_pcs mm/slub.c:4796 [inline] slab_alloc_node mm/slub.c:4929 [inline] kmem_cache_alloc_lru_noprof+0x46b/0x6b0 mm/slub.c:4974 __d_alloc+0x37/0x6f0 fs/dcache.c:1902 d_alloc_parallel+0xe3/0x1630 fs/dcache.c:2761 __lookup_slow+0x82/0x2f0 fs/namei.c:1904 lookup_slow+0x53/0x70 fs/namei.c:1936 walk_component fs/namei.c:2282 [inline] link_path_walk+0xd1e/0x18d0 fs/namei.c:2656 path_openat+0x22c/0x37e0 fs/namei.c:4855 do_file_open+0x23e/0x4a0 fs/namei.c:4888 do_open_execat+0x12b/0x590 fs/exec.c:785 alloc_bprm+0x28/0x660 fs/exec.c:1431 page_owner free stack trace missing Memory state around the buggy address: ffff888023386300: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb ffff888023386380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888023386400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888023386480: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc ffff888023386500: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb ==================================================================

Crashes (44):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/06/16 08:34	linux-next	ec039126b7fa	50bb0618	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 22:42	linux-next	ec039126b7fa	50bb0618	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 21:28	linux-next	ec039126b7fa	50bb0618	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 13:44	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 11:46	linux-next	c425609d6ac4	1d2f3589	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 09:26	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 07:20	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 07:08	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/15 05:13	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 19:30	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 11:51	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 06:14	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 05:09	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 00:53	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/14 00:44	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/13 23:44	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/13 20:05	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/13 16:37	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/13 07:37	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 23:47	linux-next	c425609d6ac4	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 19:45	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 19:11	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 17:39	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 17:22	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 14:40	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 13:55	linux-next	ec039126b7fa	1d2f3589	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 12:01	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 10:55	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 08:19	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 07:25	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 04:09	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/12 02:22	linux-next	ec039126b7fa	e93da63e	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 22:22	linux-next	ec039126b7fa	d93a6ab6	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 21:32	linux-next	ec039126b7fa	d93a6ab6	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 20:41	linux-next	ec039126b7fa	d93a6ab6	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 13:39	linux-next	abe651837cb3	d93a6ab6	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 08:14	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 07:44	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 06:02	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 05:23	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 04:58	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 04:46	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 00:56	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in d_alloc_parallel
2026/06/11 00:53	linux-next	abe651837cb3	b754d2d8	.config	console log	report		[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in d_alloc_parallel

Crashes (44):

Assets (help?)

2026/06/16 08:34

linux-next