A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page()
Issue
- A double free of the kmalloc-512 cache between
nvme_trans_log_temperature()andnvme_get_log_page() - Call trace:
[78286.447191] [<ffffffff85b80faa>] dump_stack+0x19/0x1b
[78286.447193] [<ffffffff85623a91>] print_trailer+0x161/0x280
[78286.447194] [<ffffffff85b7d7ff>] free_debug_processing+0x204/0x270
[78286.447197] [<ffffffffc02ec710>] ? nvme_sg_io+0x880/0x960 [nvme_core]
[78286.447198] [<ffffffff8562611e>] __slab_free+0x1ce/0x290
[78286.447200] [<ffffffff856262e6>] ? kfree+0x106/0x140
[78286.447214] [<ffffffffc02e803c>] ? nvme_get_log_page+0xcc/0xe0 [nvme_core]
[78286.447217] [<ffffffffc02ec710>] ? nvme_sg_io+0x880/0x960 [nvme_core]
[78286.447218] [<ffffffff856262e6>] kfree+0x106/0x140
[78286.447220] [<ffffffffc02ec710>] nvme_sg_io+0x880/0x960 [nvme_core]
[78286.447223] [<ffffffff85b70010>] ? init_memory_mapping+0xe0/0x3d0
[78286.447225] [<ffffffffc02e9433>] nvme_ioctl+0x63/0xc0 [nvme_core]
[78286.447227] [<ffffffff85767d1a>] blkdev_ioctl+0x28a/0xa20
[78286.447228] [<ffffffff856260da>] ? __slab_free+0x18a/0x290
[78286.447229] [<ffffffff8568e9d1>] block_ioctl+0x41/0x50
[78286.447230] [<ffffffff856634c0>] do_vfs_ioctl+0x3a0/0x5b0
[78286.447232] [<ffffffff85663771>] SyS_ioctl+0xa1/0xc0
[78286.447233] [<ffffffff85b93f92>] system_call_fastpath+0x25/0x2a
[78286.447234] FIX kmalloc-512: Object at 0xffff9d159cbb52d8 not freed
Environment
- Red Hat Enterprise Linux 7.9
- kernel-3.10.0-1160.11.1.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
