[ 170.582073] CIFS: Attempting to mount //samba-dc1/test [ 170.641149] CIFS: VFS: successfully opened new channel on iface:192.168.2.186 [ 170.660701] CIFS: VFS: successfully opened new channel on iface:192.168.2.185 [ 170.680007] CIFS: VFS: successfully opened new channel on iface:192.168.2.184 [ 170.915049] kmemleak: Automatic memory scanning thread ended [ 174.444370] CIFS: Attempting to mount //samba-dc1/scratch [ 174.486055] rm (1190) used greatest stack depth: 21264 bytes left [ 174.547274] CIFS: Attempting to mount //samba-dc1/scratch [ 174.671277] run fstests generic/323 at 2025-02-28 12:44:35 [ 176.062894] ================================================================== [ 176.063173] BUG: KASAN: double-free in ghash_setkey+0x9b/0x130 [ 176.063364] Free of addr ffff8881066c1000 by task aio-last-ref-he/1384 [ 176.063600] CPU: 1 UID: 0 PID: 1384 Comm: aio-last-ref-he Not tainted 6.14.0-rc4 #1 [ 176.063603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 [ 176.063604] Call Trace: [ 176.063605] [ 176.063606] dump_stack_lvl+0x5d/0x80 [ 176.063610] print_report+0x156/0x528 [ 176.063613] ? __virt_addr_valid+0x145/0x310 [ 176.063615] ? __phys_addr+0x46/0x90 [ 176.063617] ? ghash_setkey+0x9b/0x130 [ 176.063619] kasan_report_invalid_free+0xaa/0x170 [ 176.063623] ? ghash_setkey+0x9b/0x130 [ 176.063626] ? ghash_setkey+0x9b/0x130 [ 176.063628] check_slab_allocation+0xe8/0x110 [ 176.063630] kfree+0xc8/0x3d0 [ 176.063633] ? __phys_addr+0x46/0x90 [ 176.063634] ? ghash_setkey+0x9b/0x130 [ 176.063636] ghash_setkey+0x9b/0x130 [ 176.063639] ? __pfx_ghash_setkey+0x10/0x10 [ 176.063641] ? lockdep_init_map_type+0xec/0x370 [ 176.063644] crypto_shash_setkey+0x44/0xa0 [ 176.063648] crypto_ahash_setkey+0x43/0x120 [ 176.063651] crypto_gcm_setkey+0x212/0x270 [ 176.063654] crypto_aead_setkey+0x5e/0x130 [ 176.063658] crypt_message+0x258/0xec0 [cifs] [ 176.063762] ? __asan_memset+0x23/0x50 [ 176.063766] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 176.063870] ? hlock_class+0x32/0xb0 [ 176.063872] ? mark_lock+0xb0/0x6a0 [ 176.063874] smb3_init_transform_rq+0x352/0x3f0 [cifs] [ 176.063974] ? __pfx_mark_lock+0x10/0x10 [ 176.063976] ? lock_acquire+0x14b/0x3e0 [ 176.063979] smb_send_rqst+0x144/0x230 [cifs] [ 176.064118] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] [ 176.064217] ? __pfx_lock_release+0x10/0x10 [ 176.064220] ? __pfx_lock_acquired+0x10/0x10 [ 176.064222] ? rcu_read_lock_any_held+0x45/0xa0 [ 176.064225] ? __lock_acquire+0x92c/0x2370 [ 176.064234] cifs_call_async+0x2c0/0x590 [cifs] [ 176.064338] ? __pfx_smb3_handle_read_data+0x10/0x10 [cifs] [ 176.064439] ? __pfx_cifs_call_async+0x10/0x10 [cifs] [ 176.064539] ? __pfx_smb2_new_read_req.constprop.0+0x10/0x10 [cifs] [ 176.064639] ? smb2_adjust_credits+0x5e/0x740 [cifs] [ 176.064740] smb2_async_readv+0x428/0x650 [cifs] [ 176.064841] ? __pfx_smb2_async_readv+0x10/0x10 [cifs] [ 176.064941] ? trace_event_buffer_reserve+0x10f/0x140 [ 176.064947] ? smb2_adjust_credits+0x224/0x740 [cifs] [ 176.065047] cifs_issue_read+0x14c/0x280 [cifs] [ 176.065145] ? iov_iter_advance+0x161/0x260 [ 176.065148] netfs_unbuffered_read_iter_locked+0x612/0x9f0 [ 176.065151] ? __pfx_aio_complete_rw+0x10/0x10 [ 176.065154] netfs_unbuffered_read_iter+0x6b/0x90 [ 176.065157] aio_read+0x213/0x340 [ 176.065160] ? __pfx_aio_read+0x10/0x10 [ 176.065163] ? __might_fault+0x67/0xb0 [ 176.065169] ? io_submit_one+0x338/0xea0 [ 176.065171] io_submit_one+0x338/0xea0 [ 176.065174] ? __pfx_io_submit_one+0x10/0x10 [ 176.065176] ? find_held_lock+0x8a/0xa0 [ 176.065178] ? hlock_class+0x32/0xb0 [ 176.065180] ? lock_release+0x203/0x5d0 [ 176.065184] ? __x64_sys_io_submit+0x116/0x240 [ 176.065186] __x64_sys_io_submit+0x116/0x240 [ 176.065188] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 176.065191] ? mark_held_locks+0x1a/0x90 [ 176.065192] ? mark_held_locks+0x1a/0x90 [ 176.065194] ? mark_held_locks+0x1a/0x90 [ 176.065197] do_syscall_64+0xbb/0x1d0 [ 176.065200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.065202] RIP: 0033:0x7f47789fbf1d [ 176.065204] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 5e 0f 00 f7 d8 64 89 01 48 [ 176.065206] RSP: 002b:00007f47781037b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 176.065209] RAX: ffffffffffffffda RBX: 00007f4778104648 RCX: 00007f47789fbf1d [ 176.065210] RDX: 00007f4778103890 RSI: 0000000000000001 RDI: 00007f4778b14000 [ 176.065212] RBP: 00007f47781037f0 R08: 00007f4768001000 R09: 00007f4768001000 [ 176.065213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4778b14000 [ 176.065214] R13: 0000000000000000 R14: 0000000000000001 R15: 00007f4778103890 [ 176.065217] [ 176.075853] Allocated by task 1384 on cpu 1 at 176.061583s: [ 176.076010] kasan_save_stack+0x30/0x50 [ 176.076121] kasan_save_track+0x17/0x60 [ 176.076231] __kasan_kmalloc+0x8f/0xa0 [ 176.076341] gf128mul_init_4k_lle+0x3f/0x230 [ 176.076465] ghash_setkey+0xb8/0x130 [ 176.076569] crypto_shash_setkey+0x44/0xa0 [ 176.076686] crypto_ahash_setkey+0x43/0x120 [ 176.076805] crypto_gcm_setkey+0x212/0x270 [ 176.076923] crypto_aead_setkey+0x5e/0x130 [ 176.077040] crypt_message+0x258/0xec0 [cifs] [ 176.077270] smb3_init_transform_rq+0x352/0x3f0 [cifs] [ 176.077514] smb_send_rqst+0x144/0x230 [cifs] [ 176.077737] cifs_call_async+0x2c0/0x590 [cifs] [ 176.077961] smb2_async_readv+0x428/0x650 [cifs] [ 176.078193] cifs_issue_read+0x14c/0x280 [cifs] [ 176.078423] netfs_unbuffered_read_iter_locked+0x612/0x9f0 [ 176.078577] netfs_unbuffered_read_iter+0x6b/0x90 [ 176.078710] aio_read+0x213/0x340 [ 176.078808] io_submit_one+0x338/0xea0 [ 176.078916] __x64_sys_io_submit+0x116/0x240 [ 176.079037] do_syscall_64+0xbb/0x1d0 [ 176.079143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.079334] Freed by task 1386 on cpu 3 at 176.062896s: [ 176.079485] kasan_save_stack+0x30/0x50 [ 176.079595] kasan_save_track+0x17/0x60 [ 176.079704] kasan_save_free_info+0x3b/0x70 [ 176.079823] __kasan_slab_free+0x37/0x50 [ 176.079934] kfree+0xfb/0x3d0 [ 176.080022] ghash_setkey+0x9b/0x130 [ 176.080124] crypto_shash_setkey+0x44/0xa0 [ 176.080242] crypto_ahash_setkey+0x43/0x120 [ 176.080361] crypto_gcm_setkey+0x212/0x270 [ 176.080482] crypto_aead_setkey+0x5e/0x130 [ 176.080598] crypt_message+0x258/0xec0 [cifs] [ 176.080823] smb3_init_transform_rq+0x352/0x3f0 [cifs] [ 176.081063] smb_send_rqst+0x144/0x230 [cifs] [ 176.081288] cifs_call_async+0x2c0/0x590 [cifs] [ 176.081511] smb2_async_readv+0x428/0x650 [cifs] [ 176.081742] cifs_issue_read+0x14c/0x280 [cifs] [ 176.081968] netfs_unbuffered_read_iter_locked+0x612/0x9f0 [ 176.082121] netfs_unbuffered_read_iter+0x6b/0x90 [ 176.082257] aio_read+0x213/0x340 [ 176.082353] io_submit_one+0x338/0xea0 [ 176.082461] __x64_sys_io_submit+0x116/0x240 [ 176.082583] do_syscall_64+0xbb/0x1d0 [ 176.082688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.082905] The buggy address belongs to the object at ffff8881066c1000 which belongs to the cache kmalloc-4k of size 4096 [ 176.083259] The buggy address is located 0 bytes inside of 4096-byte region [ffff8881066c1000, ffff8881066c2000) [ 176.083626] The buggy address belongs to the physical page: [ 176.083780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066c0 [ 176.084001] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 176.084211] flags: 0x200000000000040(head|node=0|zone=2) [ 176.084416] page_type: f5(slab) [ 176.084543] raw: 0200000000000040 ffff888100043700 ffffea000430c210 ffffea0004047e10 [ 176.084819] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 176.085102] head: 0200000000000040 ffff888100043700 ffffea000430c210 ffffea0004047e10 [ 176.085386] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 176.085679] head: 0200000000000003 ffffea000419b001 ffffffffffffffff 0000000000000000 [ 176.085964] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 176.086254] page dumped because: kasan: bad access detected [ 176.086511] Memory state around the buggy address: [ 176.086689] ffff8881066c0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.086946] ffff8881066c0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.087210] >ffff8881066c1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.087477] ^ [ 176.087601] ffff8881066c1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.087867] ffff8881066c1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.088131] ================================================================== [ 176.088450] Disabling lock debugging due to kernel taint [ 176.143258] CIFS: VFS: \\ Error -104 sending data on socket to server [ 176.144772] CIFS: VFS: \\ Error -32 sending data on socket to server [ 176.175387] CIFS: VFS: \\samba-dc1 Error -104 sending data on socket to server [ 176.175791] CIFS: VFS: \\samba-dc1 Error -32 sending data on socket to server [ 176.261095] CIFS: VFS: \\samba-dc1 Error -104 sending data on socket to server [ 176.261518] CIFS: VFS: \\samba-dc1 Error -32 sending data on socket to server [ 176.384791] CIFS: VFS: \\ Error -104 sending data on socket to server [ 176.384820] CIFS: VFS: \\ Error -104 sending data on socket to server [ 176.463744] CIFS: VFS: \\ Error -104 sending data on socket to server [ 176.556116] CIFS: VFS: \\ Error -32 sending data on socket to server [ 176.808512] CIFS: VFS: \\ Send error in SessSetup = -11 [ 236.584829] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.586068] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.586309] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.586419] CIFS: VFS: reconnect tcon failed rc = -11 [ 236.586572] CIFS: VFS: reconnect tcon failed rc = -11 [ 236.586783] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.587257] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.587362] CIFS: VFS: reconnect tcon failed rc = -11 [ 236.587831] CIFS: VFS: reconnect tcon failed rc = -11 [ 236.588315] CIFS: VFS: reconnect tcon failed rc = -512 [ 236.642524] CIFS: VFS: \\samba-dc1\IPC$ error -11 on ioctl to get interface list [ 236.672370] CIFS: VFS: \\samba-dc1\test error -11 on ioctl to get interface list [ 238.322962] kmemleak: 67 new suspected memory leaks (see /sys/kernel/debug/kmemleak)