On Wed, 2023-05-24 at 17:03 +0530, Shyam Prasad N wrote: > I'm seeing this use-after-free in the latest mainline kernel. > But I cannot make much sense out of it. > It complains that the buffer was freed before cifsd could finish. I > cannot see how that can happen. > > Worried about this as we've been seeing some possible corruptions > during some internal stress testing in Microsoft. That's the reason I > was running a KASAN enabled kernel. > > Any clues? > > BUG: KASAN: slab-use-after-free in smb2_is_network_name_deleted+0x2a/0x180 [cifs] > Read of size 4 at addr ffff888111638008 by task cifsd/563833 > > CPU: 0 PID: 563833 Comm: cifsd Not tainted 6.4.0-rc3-wkasan #5 > Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 12/07/2018 > Call Trace: > <TASK> > smb2_is_network_name_deleted+0x2a/0x180 [cifs] > cifs_demultiplex_thread+0xcfc/0x17a0 [cifs] This stack trace looks very similar to the KASAN splat addressed by this patch set from Zhang Xiaoxu: https://lore.kernel.org/linux-cifs/20221116031136.3967579-2-zhangxiaoxu5@xxxxxxxxxx/ That patch set received a Reviewed-by from Paulo but AFAICS it was never merged? It unfortunately no longer applies to current mainline since the files have moved.
