A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page()

Solution Verified - Updated -

Issue

  • A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page()
  • Call trace:
[78286.447191]  [<ffffffff85b80faa>] dump_stack+0x19/0x1b
[78286.447193]  [<ffffffff85623a91>] print_trailer+0x161/0x280
[78286.447194]  [<ffffffff85b7d7ff>] free_debug_processing+0x204/0x270
[78286.447197]  [<ffffffffc02ec710>] ? nvme_sg_io+0x880/0x960 [nvme_core]
[78286.447198]  [<ffffffff8562611e>] __slab_free+0x1ce/0x290
[78286.447200]  [<ffffffff856262e6>] ? kfree+0x106/0x140
[78286.447214]  [<ffffffffc02e803c>] ? nvme_get_log_page+0xcc/0xe0 [nvme_core]
[78286.447217]  [<ffffffffc02ec710>] ? nvme_sg_io+0x880/0x960 [nvme_core]

[78286.447218]  [<ffffffff856262e6>] kfree+0x106/0x140  

[78286.447220]  [<ffffffffc02ec710>] nvme_sg_io+0x880/0x960 [nvme_core]
[78286.447223]  [<ffffffff85b70010>] ? init_memory_mapping+0xe0/0x3d0
[78286.447225]  [<ffffffffc02e9433>] nvme_ioctl+0x63/0xc0 [nvme_core]
[78286.447227]  [<ffffffff85767d1a>] blkdev_ioctl+0x28a/0xa20
[78286.447228]  [<ffffffff856260da>] ? __slab_free+0x18a/0x290
[78286.447229]  [<ffffffff8568e9d1>] block_ioctl+0x41/0x50
[78286.447230]  [<ffffffff856634c0>] do_vfs_ioctl+0x3a0/0x5b0
[78286.447232]  [<ffffffff85663771>] SyS_ioctl+0xa1/0xc0
[78286.447233]  [<ffffffff85b93f92>] system_call_fastpath+0x25/0x2a
[78286.447234] FIX kmalloc-512: Object at 0xffff9d159cbb52d8 not freed

Environment

  • Red Hat Enterprise Linux 7.9
  • kernel-3.10.0-1160.11.1.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In