Double free in mount codepath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David/Steve/Ronnie,

I hit a "double free or use after free" kasan warning today when I was
running some test.
Attached the warnings.

It looks to me like one of the issues is this:
In cifs_smb3_do_mount, we call deactivate_locked_super when we fail to
get a ref to the root dentry.
deactivate_locked_super calls cifs_umount which frees the fs_context and sb.
Then, we later go on to free these again:
out_super:
        deactivate_locked_super(sb);
out:
        if (cifs_sb) {
                kfree(cifs_sb->prepath);
                smb3_cleanup_fs_context(cifs_sb->ctx);
                kfree(cifs_sb);
        }
        return root;

I don't know if the rest of the warnings are related. Please check.

-- 
Regards,
Shyam

[Thu Feb 10 12:59:06 2022] ==================================================================
[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0

[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G           OE     5.17.0-rc3+ #4
[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019
[Thu Feb 10 12:59:06 2022] Call Trace:
[Thu Feb 10 12:59:06 2022]  <IRQ>
[Thu Feb 10 12:59:06 2022]  dump_stack_lvl+0x5d/0x78
[Thu Feb 10 12:59:06 2022]  print_address_description.constprop.0+0x24/0x150
[Thu Feb 10 12:59:06 2022]  ? rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022]  kasan_report.cold+0x7d/0x117
[Thu Feb 10 12:59:06 2022]  ? rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022]  __asan_load8+0x86/0xa0
[Thu Feb 10 12:59:06 2022]  rcu_cblist_dequeue+0x32/0x60
[Thu Feb 10 12:59:06 2022]  rcu_core+0x547/0xca0
[Thu Feb 10 12:59:06 2022]  ? call_rcu+0x3c0/0x3c0
[Thu Feb 10 12:59:06 2022]  ? __this_cpu_preempt_check+0x13/0x20
[Thu Feb 10 12:59:06 2022]  ? lock_is_held_type+0xea/0x140
[Thu Feb 10 12:59:06 2022]  rcu_core_si+0xe/0x10
[Thu Feb 10 12:59:06 2022]  __do_softirq+0x1d4/0x67b
[Thu Feb 10 12:59:06 2022]  __irq_exit_rcu+0x100/0x150
[Thu Feb 10 12:59:06 2022]  irq_exit_rcu+0xe/0x30
[Thu Feb 10 12:59:06 2022]  sysvec_hyperv_stimer0+0x9d/0xc0
[Thu Feb 10 12:59:06 2022]  </IRQ>
[Thu Feb 10 12:59:06 2022]  <TASK>
[Thu Feb 10 12:59:06 2022]  asm_sysvec_hyperv_stimer0+0x12/0x20
[Thu Feb 10 12:59:06 2022] RIP: 0010:native_safe_halt+0xb/0x10
[Thu Feb 10 12:59:06 2022] Code: 8b 03 a8 08 0f 85 74 ff ff ff e9 15 ff ff ff 0f 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc eb 07 0f 00 2d 17 2e 4a 00 fb f4 <c3> 0f 1f 40 00 eb 07 0f 00 2d 07 2e 4a 00 f4 c3 cc cc cc cc cc 0f
[Thu Feb 10 12:59:06 2022] RSP: 0018:ffff888100977dc0 EFLAGS: 00000202
[Thu Feb 10 12:59:06 2022] RAX: ffffffff847bfef0 RBX: ffff88810095c900 RCX: ffffffff847a3efe
[Thu Feb 10 12:59:06 2022] RDX: 0000000000000000 RSI: ffffffff84cac220 RDI: ffffffff84e86960
[Thu Feb 10 12:59:06 2022] RBP: ffff888100977dc8 R08: 0000000000000001 R09: ffff88878e2c4653
[Thu Feb 10 12:59:06 2022] R10: ffffed10f1c588ca R11: 0000000000000001 R12: ffff88810095c900
[Thu Feb 10 12:59:06 2022] R13: ffffffff866cfb60 R14: 0000000000000000 R15: 0000000000000000
[Thu Feb 10 12:59:06 2022]  ? mwait_idle+0xd0/0xd0
[Thu Feb 10 12:59:06 2022]  ? rcu_eqs_enter.constprop.0+0xbe/0xe0
[Thu Feb 10 12:59:06 2022]  ? default_idle+0xe/0x20
[Thu Feb 10 12:59:06 2022]  arch_cpu_idle+0x15/0x20
[Thu Feb 10 12:59:06 2022]  default_idle_call+0x8b/0xd0
[Thu Feb 10 12:59:06 2022]  do_idle+0x39e/0x440
[Thu Feb 10 12:59:06 2022]  ? arch_cpu_idle_exit+0x40/0x40
[Thu Feb 10 12:59:06 2022]  cpu_startup_entry+0x20/0x30
[Thu Feb 10 12:59:06 2022]  start_secondary+0x205/0x260
[Thu Feb 10 12:59:06 2022]  ? set_cpu_sibling_map+0xdf0/0xdf0
[Thu Feb 10 12:59:06 2022]  ? set_bringup_idt_handler.constprop.0+0x84/0x90
[Thu Feb 10 12:59:06 2022]  ? start_cpu0+0xc/0xc
[Thu Feb 10 12:59:06 2022]  secondary_startup_64_no_verify+0xd5/0xdb
[Thu Feb 10 12:59:06 2022]  </TASK>

[Thu Feb 10 12:59:06 2022] Allocated by task 58179:
[Thu Feb 10 12:59:06 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:06 2022]  __kasan_kmalloc+0xae/0xe0
[Thu Feb 10 12:59:06 2022]  kmem_cache_alloc_trace+0x20c/0x3f0
[Thu Feb 10 12:59:06 2022]  cifs_smb3_do_mount+0xb3/0xbe0 [cifs]
[Thu Feb 10 12:59:06 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:06 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:06 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:06 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:06 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:06 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:06 2022] Freed by task 58179:
[Thu Feb 10 12:59:06 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:06 2022]  kasan_set_track+0x25/0x30
[Thu Feb 10 12:59:06 2022]  kasan_set_free_info+0x24/0x40
[Thu Feb 10 12:59:06 2022]  ____kasan_slab_free+0x137/0x170
[Thu Feb 10 12:59:06 2022]  __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:06 2022]  slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:06 2022]  kfree+0xcd/0x520
[Thu Feb 10 12:59:06 2022]  cifs_smb3_do_mount+0x149/0xbe0 [cifs]
[Thu Feb 10 12:59:06 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:06 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:06 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:06 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:06 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:06 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:06 2022] Last potentially related work creation:
[Thu Feb 10 12:59:06 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:06 2022]  __kasan_record_aux_stack+0xb6/0xc0
[Thu Feb 10 12:59:06 2022]  kasan_record_aux_stack_noalloc+0xb/0x10
[Thu Feb 10 12:59:06 2022]  call_rcu+0x76/0x3c0
[Thu Feb 10 12:59:06 2022]  cifs_umount+0xce/0xe0 [cifs]
[Thu Feb 10 12:59:06 2022]  cifs_kill_sb+0xc8/0xe0 [cifs]
[Thu Feb 10 12:59:06 2022]  deactivate_locked_super+0x5d/0xd0
[Thu Feb 10 12:59:06 2022]  cifs_smb3_do_mount+0xab9/0xbe0 [cifs]
[Thu Feb 10 12:59:06 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:06 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:06 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:06 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:06 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:06 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:06 2022] The buggy address belongs to the object at ffff888364f4d000
                            which belongs to the cache kmalloc-512 of size 512
[Thu Feb 10 12:59:06 2022] The buggy address is located 272 bytes inside of
                            512-byte region [ffff888364f4d000, ffff888364f4d200)
[Thu Feb 10 12:59:06 2022] The buggy address belongs to the page:
[Thu Feb 10 12:59:06 2022] page:00000000a3684e72 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888364f4f800 pfn:0x364f4c
[Thu Feb 10 12:59:06 2022] head:00000000a3684e72 order:2 compound_mapcount:0 compound_pincount:0
[Thu Feb 10 12:59:06 2022] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[Thu Feb 10 12:59:06 2022] raw: 0017ffffc0010200 ffffea0004bdbf08 ffffea0004cb2808 ffff888100041c80
[Thu Feb 10 12:59:06 2022] raw: ffff888364f4f800 000000000010000b 00000001ffffffff 0000000000000000
[Thu Feb 10 12:59:06 2022] page dumped because: kasan: bad access detected

[Thu Feb 10 12:59:06 2022] Memory state around the buggy address:
[Thu Feb 10 12:59:06 2022]  ffff888364f4d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:06 2022]  ffff888364f4d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:06 2022] >ffff888364f4d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:06 2022]                          ^
[Thu Feb 10 12:59:06 2022]  ffff888364f4d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:06 2022]  ffff888364f4d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[Thu Feb 10 12:59:06 2022] ==================================================================
[Thu Feb 10 12:59:06 2022] Disabling lock debugging due to kernel taint
[Thu Feb 10 12:59:06 2022] ==================================================================
[Thu Feb 10 12:59:06 2022] BUG: KASAN: double-free or invalid-free in kfree+0xcd/0x520

[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B      OE     5.17.0-rc3+ #4
[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019
[Thu Feb 10 12:59:06 2022] Call Trace:
[Thu Feb 10 12:59:06 2022]  <IRQ>
[Thu Feb 10 12:59:06 2022]  dump_stack_lvl+0x5d/0x78
[Thu Feb 10 12:59:06 2022]  print_address_description.constprop.0+0x24/0x150
[Thu Feb 10 12:59:06 2022]  ? kfree+0xcd/0x520
[Thu Feb 10 12:59:06 2022]  kasan_report_invalid_free+0x56/0x80
[Thu Feb 10 12:59:06 2022]  ? kfree+0xcd/0x520
[Thu Feb 10 12:59:06 2022]  ____kasan_slab_free+0x158/0x170
[Thu Feb 10 12:59:06 2022]  __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:06 2022]  slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:06 2022]  ? smb3_cleanup_fs_context+0x20/0x30 [cifs]
[Thu Feb 10 12:59:06 2022]  kfree+0xcd/0x520
[Thu Feb 10 12:59:06 2022]  smb3_cleanup_fs_context+0x20/0x30 [cifs]
[Thu Feb 10 12:59:06 2022]  delayed_free+0x46/0x60 [cifs]
[Thu Feb 10 12:59:06 2022]  rcu_core+0x597/0xca0
[Thu Feb 10 12:59:06 2022]  ? rcu_core+0x553/0xca0
[Thu Feb 10 12:59:06 2022]  ? call_rcu+0x3c0/0x3c0
[Thu Feb 10 12:59:06 2022]  ? __this_cpu_preempt_check+0x13/0x20
[Thu Feb 10 12:59:06 2022]  ? lock_is_held_type+0xea/0x140
[Thu Feb 10 12:59:06 2022]  rcu_core_si+0xe/0x10
[Thu Feb 10 12:59:06 2022]  __do_softirq+0x1d4/0x67b
[Thu Feb 10 12:59:06 2022]  __irq_exit_rcu+0x100/0x150
[Thu Feb 10 12:59:06 2022]  irq_exit_rcu+0xe/0x30
[Thu Feb 10 12:59:06 2022]  sysvec_hyperv_stimer0+0x9d/0xc0
[Thu Feb 10 12:59:06 2022]  </IRQ>
[Thu Feb 10 12:59:06 2022]  <TASK>
[Thu Feb 10 12:59:06 2022]  asm_sysvec_hyperv_stimer0+0x12/0x20
[Thu Feb 10 12:59:06 2022] RIP: 0010:native_safe_halt+0xb/0x10
[Thu Feb 10 12:59:06 2022] Code: 8b 03 a8 08 0f 85 74 ff ff ff e9 15 ff ff ff 0f 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc eb 07 0f 00 2d 17 2e 4a 00 fb f4 <c3> 0f 1f 40 00 eb 07 0f 00 2d 07 2e 4a 00 f4 c3 cc cc cc cc cc 0f
[Thu Feb 10 12:59:07 2022] RSP: 0018:ffff888100977dc0 EFLAGS: 00000202
[Thu Feb 10 12:59:07 2022] RAX: ffffffff847bfef0 RBX: ffff88810095c900 RCX: ffffffff847a3efe
[Thu Feb 10 12:59:07 2022] RDX: 0000000000000000 RSI: ffffffff84cac220 RDI: ffffffff84e86960
[Thu Feb 10 12:59:07 2022] RBP: ffff888100977dc8 R08: 0000000000000001 R09: ffff88878e2c4653
[Thu Feb 10 12:59:07 2022] R10: ffffed10f1c588ca R11: 0000000000000001 R12: ffff88810095c900
[Thu Feb 10 12:59:07 2022] R13: ffffffff866cfb60 R14: 0000000000000000 R15: 0000000000000000
[Thu Feb 10 12:59:07 2022]  ? mwait_idle+0xd0/0xd0
[Thu Feb 10 12:59:07 2022]  ? rcu_eqs_enter.constprop.0+0xbe/0xe0
[Thu Feb 10 12:59:07 2022]  ? default_idle+0xe/0x20
[Thu Feb 10 12:59:07 2022]  arch_cpu_idle+0x15/0x20
[Thu Feb 10 12:59:07 2022]  default_idle_call+0x8b/0xd0
[Thu Feb 10 12:59:07 2022]  do_idle+0x39e/0x440
[Thu Feb 10 12:59:07 2022]  ? arch_cpu_idle_exit+0x40/0x40
[Thu Feb 10 12:59:07 2022]  cpu_startup_entry+0x20/0x30
[Thu Feb 10 12:59:07 2022]  start_secondary+0x205/0x260
[Thu Feb 10 12:59:07 2022]  ? set_cpu_sibling_map+0xdf0/0xdf0
[Thu Feb 10 12:59:07 2022]  ? set_bringup_idt_handler.constprop.0+0x84/0x90
[Thu Feb 10 12:59:07 2022]  ? start_cpu0+0xc/0xc
[Thu Feb 10 12:59:07 2022]  secondary_startup_64_no_verify+0xd5/0xdb
[Thu Feb 10 12:59:07 2022]  </TASK>

[Thu Feb 10 12:59:07 2022] Allocated by task 58179:
[Thu Feb 10 12:59:07 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022]  __kasan_kmalloc+0xae/0xe0
[Thu Feb 10 12:59:07 2022]  kmem_cache_alloc_trace+0x20c/0x3f0
[Thu Feb 10 12:59:07 2022]  cifs_smb3_do_mount+0xe6/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:07 2022] Freed by task 58179:
[Thu Feb 10 12:59:07 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022]  kasan_set_track+0x25/0x30
[Thu Feb 10 12:59:07 2022]  kasan_set_free_info+0x24/0x40
[Thu Feb 10 12:59:07 2022]  ____kasan_slab_free+0x137/0x170
[Thu Feb 10 12:59:07 2022]  __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:07 2022]  slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:07 2022]  kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022]  smb3_cleanup_fs_context+0x20/0x30 [cifs]
[Thu Feb 10 12:59:07 2022]  cifs_smb3_do_mount+0x141/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:07 2022] The buggy address belongs to the object at ffff8881402f3000
                            which belongs to the cache kmalloc-1k of size 1024
[Thu Feb 10 12:59:07 2022] The buggy address is located 0 bytes inside of
                            1024-byte region [ffff8881402f3000, ffff8881402f3400)
[Thu Feb 10 12:59:07 2022] The buggy address belongs to the page:
[Thu Feb 10 12:59:07 2022] page:0000000021c2f4ff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1402f0
[Thu Feb 10 12:59:07 2022] head:0000000021c2f4ff order:3 compound_mapcount:0 compound_pincount:0
[Thu Feb 10 12:59:07 2022] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[Thu Feb 10 12:59:07 2022] raw: 0017ffffc0010200 ffffea0004776800 dead000000000003 ffff888100041dc0
[Thu Feb 10 12:59:07 2022] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[Thu Feb 10 12:59:07 2022] page dumped because: kasan: bad access detected

[Thu Feb 10 12:59:07 2022] Memory state around the buggy address:
[Thu Feb 10 12:59:07 2022]  ffff8881402f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[Thu Feb 10 12:59:07 2022]  ffff8881402f2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[Thu Feb 10 12:59:07 2022] >ffff8881402f3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022]                    ^
[Thu Feb 10 12:59:07 2022]  ffff8881402f3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022]  ffff8881402f3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022] ==================================================================
[Thu Feb 10 12:59:07 2022] ==================================================================
[Thu Feb 10 12:59:07 2022] BUG: KASAN: double-free or invalid-free in kfree+0xcd/0x520

[Thu Feb 10 12:59:07 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B      OE     5.17.0-rc3+ #4
[Thu Feb 10 12:59:07 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019
[Thu Feb 10 12:59:07 2022] Call Trace:
[Thu Feb 10 12:59:07 2022]  <IRQ>
[Thu Feb 10 12:59:07 2022]  dump_stack_lvl+0x5d/0x78
[Thu Feb 10 12:59:07 2022]  print_address_description.constprop.0+0x24/0x150
[Thu Feb 10 12:59:07 2022]  ? kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022]  kasan_report_invalid_free+0x56/0x80
[Thu Feb 10 12:59:07 2022]  ? kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022]  ____kasan_slab_free+0x158/0x170
[Thu Feb 10 12:59:07 2022]  __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:07 2022]  slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:07 2022]  ? delayed_free+0x4e/0x60 [cifs]
[Thu Feb 10 12:59:07 2022]  kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022]  delayed_free+0x4e/0x60 [cifs]
[Thu Feb 10 12:59:07 2022]  rcu_core+0x597/0xca0
[Thu Feb 10 12:59:07 2022]  ? rcu_core+0x553/0xca0
[Thu Feb 10 12:59:07 2022]  ? call_rcu+0x3c0/0x3c0
[Thu Feb 10 12:59:07 2022]  ? __this_cpu_preempt_check+0x13/0x20
[Thu Feb 10 12:59:07 2022]  ? lock_is_held_type+0xea/0x140
[Thu Feb 10 12:59:07 2022]  rcu_core_si+0xe/0x10
[Thu Feb 10 12:59:07 2022]  __do_softirq+0x1d4/0x67b
[Thu Feb 10 12:59:07 2022]  __irq_exit_rcu+0x100/0x150
[Thu Feb 10 12:59:07 2022]  irq_exit_rcu+0xe/0x30
[Thu Feb 10 12:59:07 2022]  sysvec_hyperv_stimer0+0x9d/0xc0
[Thu Feb 10 12:59:07 2022]  </IRQ>
[Thu Feb 10 12:59:07 2022]  <TASK>
[Thu Feb 10 12:59:07 2022]  asm_sysvec_hyperv_stimer0+0x12/0x20
[Thu Feb 10 12:59:07 2022] RIP: 0010:native_safe_halt+0xb/0x10
[Thu Feb 10 12:59:07 2022] Code: 8b 03 a8 08 0f 85 74 ff ff ff e9 15 ff ff ff 0f 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc eb 07 0f 00 2d 17 2e 4a 00 fb f4 <c3> 0f 1f 40 00 eb 07 0f 00 2d 07 2e 4a 00 f4 c3 cc cc cc cc cc 0f
[Thu Feb 10 12:59:07 2022] RSP: 0018:ffff888100977dc0 EFLAGS: 00000202
[Thu Feb 10 12:59:07 2022] RAX: ffffffff847bfef0 RBX: ffff88810095c900 RCX: ffffffff847a3efe
[Thu Feb 10 12:59:07 2022] RDX: 0000000000000000 RSI: ffffffff84cac220 RDI: ffffffff84e86960
[Thu Feb 10 12:59:07 2022] RBP: ffff888100977dc8 R08: 0000000000000001 R09: ffff88878e2c4653
[Thu Feb 10 12:59:07 2022] R10: ffffed10f1c588ca R11: 0000000000000001 R12: ffff88810095c900
[Thu Feb 10 12:59:07 2022] R13: ffffffff866cfb60 R14: 0000000000000000 R15: 0000000000000000
[Thu Feb 10 12:59:07 2022]  ? mwait_idle+0xd0/0xd0
[Thu Feb 10 12:59:07 2022]  ? rcu_eqs_enter.constprop.0+0xbe/0xe0
[Thu Feb 10 12:59:07 2022]  ? default_idle+0xe/0x20
[Thu Feb 10 12:59:07 2022]  arch_cpu_idle+0x15/0x20
[Thu Feb 10 12:59:07 2022]  default_idle_call+0x8b/0xd0
[Thu Feb 10 12:59:07 2022]  do_idle+0x39e/0x440
[Thu Feb 10 12:59:07 2022]  ? arch_cpu_idle_exit+0x40/0x40
[Thu Feb 10 12:59:07 2022]  cpu_startup_entry+0x20/0x30
[Thu Feb 10 12:59:07 2022]  start_secondary+0x205/0x260
[Thu Feb 10 12:59:07 2022]  ? set_cpu_sibling_map+0xdf0/0xdf0
[Thu Feb 10 12:59:07 2022]  ? set_bringup_idt_handler.constprop.0+0x84/0x90
[Thu Feb 10 12:59:07 2022]  ? start_cpu0+0xc/0xc
[Thu Feb 10 12:59:07 2022]  secondary_startup_64_no_verify+0xd5/0xdb
[Thu Feb 10 12:59:07 2022]  </TASK>

[Thu Feb 10 12:59:07 2022] Allocated by task 58179:
[Thu Feb 10 12:59:07 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022]  __kasan_kmalloc+0xae/0xe0
[Thu Feb 10 12:59:07 2022]  kmem_cache_alloc_trace+0x20c/0x3f0
[Thu Feb 10 12:59:07 2022]  cifs_smb3_do_mount+0xb3/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:07 2022] Freed by task 58179:
[Thu Feb 10 12:59:07 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022]  kasan_set_track+0x25/0x30
[Thu Feb 10 12:59:07 2022]  kasan_set_free_info+0x24/0x40
[Thu Feb 10 12:59:07 2022]  ____kasan_slab_free+0x137/0x170
[Thu Feb 10 12:59:07 2022]  __kasan_slab_free+0x12/0x20
[Thu Feb 10 12:59:07 2022]  slab_free_freelist_hook+0xb3/0x1d0
[Thu Feb 10 12:59:07 2022]  kfree+0xcd/0x520
[Thu Feb 10 12:59:07 2022]  cifs_smb3_do_mount+0x149/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:07 2022] Last potentially related work creation:
[Thu Feb 10 12:59:07 2022]  kasan_save_stack+0x26/0x50
[Thu Feb 10 12:59:07 2022]  __kasan_record_aux_stack+0xb6/0xc0
[Thu Feb 10 12:59:07 2022]  kasan_record_aux_stack_noalloc+0xb/0x10
[Thu Feb 10 12:59:07 2022]  call_rcu+0x76/0x3c0
[Thu Feb 10 12:59:07 2022]  cifs_umount+0xce/0xe0 [cifs]
[Thu Feb 10 12:59:07 2022]  cifs_kill_sb+0xc8/0xe0 [cifs]
[Thu Feb 10 12:59:07 2022]  deactivate_locked_super+0x5d/0xd0
[Thu Feb 10 12:59:07 2022]  cifs_smb3_do_mount+0xab9/0xbe0 [cifs]
[Thu Feb 10 12:59:07 2022]  smb3_get_tree+0x1a0/0x2e0 [cifs]
[Thu Feb 10 12:59:07 2022]  vfs_get_tree+0x52/0x140
[Thu Feb 10 12:59:07 2022]  path_mount+0x635/0x10c0
[Thu Feb 10 12:59:07 2022]  __x64_sys_mount+0x1bf/0x210
[Thu Feb 10 12:59:07 2022]  do_syscall_64+0x5c/0xc0
[Thu Feb 10 12:59:07 2022]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[Thu Feb 10 12:59:07 2022] The buggy address belongs to the object at ffff888364f4d000
                            which belongs to the cache kmalloc-512 of size 512
[Thu Feb 10 12:59:07 2022] The buggy address is located 0 bytes inside of
                            512-byte region [ffff888364f4d000, ffff888364f4d200)
[Thu Feb 10 12:59:07 2022] The buggy address belongs to the page:
[Thu Feb 10 12:59:07 2022] page:00000000a3684e72 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888364f4f800 pfn:0x364f4c
[Thu Feb 10 12:59:07 2022] head:00000000a3684e72 order:2 compound_mapcount:0 compound_pincount:0
[Thu Feb 10 12:59:07 2022] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[Thu Feb 10 12:59:07 2022] raw: 0017ffffc0010200 ffffea000594f608 ffffea0004cb2808 ffff888100041c80
[Thu Feb 10 12:59:07 2022] raw: ffff888364f4f800 000000000010000b 00000001ffffffff 0000000000000000
[Thu Feb 10 12:59:07 2022] page dumped because: kasan: bad access detected

[Thu Feb 10 12:59:07 2022] Memory state around the buggy address:
[Thu Feb 10 12:59:07 2022]  ffff888364f4cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[Thu Feb 10 12:59:07 2022]  ffff888364f4cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[Thu Feb 10 12:59:07 2022] >ffff888364f4d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022]                    ^
[Thu Feb 10 12:59:07 2022]  ffff888364f4d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022]  ffff888364f4d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[Thu Feb 10 12:59:07 2022] ==================================================================
[Thu Feb 10 12:59:31 2022] CIFS: Attempting to mount \\192.168.10.1\Shared
[Thu Feb 10 12:59:31 2022] CIFS: VFS: generate_smb3signingkey: dumping generated AES session keys
[Thu Feb 10 12:59:31 2022] CIFS: VFS: Session Id    19 00 00 08 00 fc 00 00
[Thu Feb 10 12:59:31 2022] CIFS: VFS: Cipher type   2
[Thu Feb 10 12:59:31 2022] CIFS: VFS: Session Key   03 4a 92 a6 76 01 e2 1f 5a 2f 8d 24 04 6b 1d cf
[Thu Feb 10 12:59:31 2022] CIFS: VFS: Signing Key   8d d8 7f 47 9b de 6b 41 92 fd 4b 0a 75 83 42 ce
[Thu Feb 10 12:59:31 2022] CIFS: VFS: ServerIn Key  15 82 d8 f8 b5 58 02 9a 65 e6 74 f5 91 5f c0 d1
[Thu Feb 10 12:59:31 2022] CIFS: VFS: ServerOut Key 47 42 dd 2f 38 2b 30 85 24 ee ad 58 7f 66 4d e7
[Thu Feb 10 12:59:31 2022] CIFS: VFS: Error connecting to socket. Aborting operation.
[Thu Feb 10 12:59:38 2022] CIFS: VFS: generate_smb3signingkey: dumping generated AES session keys
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Id    19 00 00 08 00 fc 00 00
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Cipher type   2
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Key   f4 e2 47 26 d8 14 75 e7 9d 2c 76 ea e0 47 98 d6
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Signing Key   8d d8 7f 47 9b de 6b 41 92 fd 4b 0a 75 83 42 ce
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerIn Key  15 82 d8 f8 b5 58 02 9a 65 e6 74 f5 91 5f c0 d1
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerOut Key 47 42 dd 2f 38 2b 30 85 24 ee ad 58 7f 66 4d e7
[Thu Feb 10 12:59:38 2022] CIFS: VFS: generate_smb3signingkey: dumping generated AES session keys
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Id    19 00 00 08 00 fc 00 00
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Cipher type   2
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Key   4c 64 1d 53 fb ad 64 15 c9 86 fa 99 6a 41 7d 95
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Signing Key   8d d8 7f 47 9b de 6b 41 92 fd 4b 0a 75 83 42 ce
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerIn Key  15 82 d8 f8 b5 58 02 9a 65 e6 74 f5 91 5f c0 d1
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerOut Key 47 42 dd 2f 38 2b 30 85 24 ee ad 58 7f 66 4d e7
[Thu Feb 10 12:59:38 2022] CIFS: VFS: generate_smb3signingkey: dumping generated AES session keys
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Id    19 00 00 08 00 fc 00 00
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Cipher type   2
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Session Key   3c d0 09 a6 50 5c fa af b0 0f 18 db 79 89 ee cc
[Thu Feb 10 12:59:38 2022] CIFS: VFS: Signing Key   8d d8 7f 47 9b de 6b 41 92 fd 4b 0a 75 83 42 ce
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerIn Key  15 82 d8 f8 b5 58 02 9a 65 e6 74 f5 91 5f c0 d1
[Thu Feb 10 12:59:38 2022] CIFS: VFS: ServerOut Key 47 42 dd 2f 38 2b 30 85 24 ee ad 58 7f 66 4d e7
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux