linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Linux 4.9-rc4 double free from pp_release()
@ 2016-11-09 22:04 Shuah Khan
  2016-11-09 22:59 ` Sudip Mukherjee
  0 siblings, 1 reply; 3+ messages in thread
From: Shuah Khan @ 2016-11-09 22:04 UTC (permalink / raw)
  To: sudipm.mukherjee, Greg KH; +Cc: LKML, shuahkh

Hi Sudip/Greg,

I am seeing the following double free from pp_release() in Linux 4.9-rc4
Is this a known problem?

-- Shuah

[   54.732175] device: 'ppdev0.0': device_add
[   54.732220] bus: 'parport': add device ppdev0.0
[   54.732388] PM: Adding info for parport:ppdev0.0
[   54.732804] bus: 'parport': driver_probe_device: matched device
ppdev0.0 with driver ppdev
[   54.732810] bus: 'parport': really_probe: probing driver ppdev with
device ppdev0.0
[   54.732851] devices_kset: Moving ppdev0.0 to end of list
[   54.732857] driver: 'ppdev': driver_bound: bound to device 'ppdev0.0'
[   54.732872] bus: 'parport': really_probe: bound device ppdev0.0 to
driver ppdev
[   54.785001] device: 'ppdev0.0': device_unregister
[   54.785133] bus: 'parport': remove device ppdev0.0
[   54.785161] PM: Removing info for parport:ppdev0.0
[   54.785315] ==================================================================
[   54.785326] BUG: Double free or freeing an invalid pointer
[   54.785332] Unexpected shadow byte: 0xFB
[   54.785344] CPU: 1 PID: 973 Comm: colord-sane Tainted: G    B   W
    4.9.0-rc4+ #1
[   54.785348] Hardware name: Hewlett-Packard HP ProBook 6475b/180F,
BIOS 68TTU Ver. F.04 08/03/2012
[   54.785353]  ffff8801f6197d20 ffffffff81b372e3 ffff8801fa403cc0
ffff8801b1f15048
[   54.785367]  ffff8801f6197d48 ffffffff8156bf71 00000000fffffffb
ffff8801fa403cc0
[   54.785378]  ffff8801b1f15048 ffff8801f6197d78 ffffffff8156c8e9
0000000000000296
[   54.785387] Call Trace:
[   54.785402]  [<ffffffff81b372e3>] dump_stack+0x67/0x94
[   54.785411]  [<ffffffff8156bf71>] kasan_object_err+0x21/0x70
[   54.785417]  [<ffffffff8156c8e9>] kasan_report_double_free+0x49/0x60
[   54.785424]  [<ffffffff8156bb6b>] kasan_slab_free+0x9b/0xb0
[   54.785431]  [<ffffffff81567999>] kfree+0xd9/0x280
[   54.785443]  [<ffffffffa029048b>] pp_release+0x1db/0xa00 [ppdev]
[   54.785451]  [<ffffffff815ab3db>] __fput+0x24b/0x690
[   54.785459]  [<ffffffff815ab88e>] ____fput+0xe/0x10
[   54.785466]  [<ffffffff8117df6e>] task_work_run+0xde/0x140
[   54.785474]  [<ffffffff810039d1>] exit_to_usermode_loop+0xf1/0x110
[   54.785483]  [<ffffffff81006450>] syscall_return_slowpath+0x150/0x190
[   54.785491]  [<ffffffff828fb3fd>] entry_SYSCALL_64_fastpath+0xab/0xad
[   54.785497] Object at ffff8801b1f15048, in cache kmalloc-8 size: 8
[   54.785503] Allocated:
[   54.785510] PID = 973
[   54.785517]
[   54.785524] [<ffffffff8108088b>] save_stack_trace+0x1b/0x20
[   54.785527]
[   54.785533] [<ffffffff8156b2e6>] save_stack+0x46/0xd0
[   54.785535]
[   54.785541] [<ffffffff8156b55d>] kasan_kmalloc+0xad/0xe0
[   54.785543]
[   54.785549] [<ffffffff8156bac2>] kasan_slab_alloc+0x12/0x20
[   54.785551]
[   54.785558] [<ffffffff8156a565>] __kmalloc_track_caller+0xd5/0x290
[   54.785560]
[   54.785567] [<ffffffff814bf661>] kstrdup+0x31/0x60
[   54.785569]
[   54.785583] [<ffffffffa031c236>]
parport_register_dev_model+0x226/0xe20 [parport]
[   54.785585]
[   54.785593] [<ffffffffa0291025>] register_device+0x115/0x210 [ppdev]
[   54.785596]
[   54.785604] [<ffffffffa0292181>] pp_ioctl+0xec1/0x20a0 [ppdev]
[   54.785606]
[   54.785612] [<ffffffff815e0074>] do_vfs_ioctl+0x184/0xf30
[   54.785614]
[   54.785620] [<ffffffff815e0e99>] SyS_ioctl+0x79/0x90
[   54.785622]
[   54.785628] [<ffffffff828fb36a>] entry_SYSCALL_64_fastpath+0x18/0xad
[   54.785631] Freed:
[   54.785636] PID = 973
[   54.785641]
[   54.785647] [<ffffffff8108088b>] save_stack_trace+0x1b/0x20
[   54.785649]
[   54.785655] [<ffffffff8156b2e6>] save_stack+0x46/0xd0
[   54.785657]
[   54.785664] [<ffffffff8156bb41>] kasan_slab_free+0x71/0xb0
[   54.785667]
[   54.785672] [<ffffffff81567999>] kfree+0xd9/0x280
[   54.785676]
[   54.785686] [<ffffffffa03189b4>] free_pardevice+0x34/0x50 [parport]
[   54.785689]
[   54.785696] [<ffffffff81f0e296>] device_release+0x76/0x1e0
[   54.785698]
[   54.785706] [<ffffffff81b3d947>] kobject_release+0x107/0x370
[   54.785707]
[   54.785714] [<ffffffff81b3d55e>] kobject_put+0x4e/0xa0
[   54.785716]
[   54.785722] [<ffffffff81f0fc16>] device_unregister+0x66/0xa0
[   54.785725]
[   54.785736] [<ffffffffa031b7d4>]
parport_unregister_device+0x3d4/0x670 [parport]
[   54.785738]
[   54.785747] [<ffffffffa0290483>] pp_release+0x1d3/0xa00 [ppdev]
[   54.785749]
[   54.785755] [<ffffffff815ab3db>] __fput+0x24b/0x690
[   54.785757]
[   54.785763] [<ffffffff815ab88e>] ____fput+0xe/0x10
[   54.785765]
[   54.785771] [<ffffffff8117df6e>] task_work_run+0xde/0x140
[   54.785773]
[   54.785778] [<ffffffff810039d1>] exit_to_usermode_loop+0xf1/0x110
[   54.785780]
[   54.785786] [<ffffffff81006450>] syscall_return_slowpath+0x150/0x190
[   54.785788]
[   54.785795] [<ffffffff828fb3fd>] entry_SYSCALL_64_fastpath+0xab/0xad
[   54.785798] ==================================================================

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Linux 4.9-rc4 double free from pp_release()
  2016-11-09 22:04 Linux 4.9-rc4 double free from pp_release() Shuah Khan
@ 2016-11-09 22:59 ` Sudip Mukherjee
  2016-11-14 16:45   ` Shuah Khan
  0 siblings, 1 reply; 3+ messages in thread
From: Sudip Mukherjee @ 2016-11-09 22:59 UTC (permalink / raw)
  To: Shuah Khan, Greg KH; +Cc: LKML, shuahkh

Hi Shuah

On Wednesday 09 November 2016 10:04 PM, Shuah Khan wrote:
> Hi Sudip/Greg,
>
> I am seeing the following double free from pp_release() in Linux 4.9-rc4
> Is this a known problem?

Can you please check if the patch at [1] fixes the problem.

[1] https://patchwork.kernel.org/patch/9404815/


Regards
Sudip

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Linux 4.9-rc4 double free from pp_release()
  2016-11-09 22:59 ` Sudip Mukherjee
@ 2016-11-14 16:45   ` Shuah Khan
  0 siblings, 0 replies; 3+ messages in thread
From: Shuah Khan @ 2016-11-14 16:45 UTC (permalink / raw)
  To: Sudip Mukherjee, Shuah Khan, Greg KH; +Cc: LKML, Shuah Khan

On 11/09/2016 03:59 PM, Sudip Mukherjee wrote:
> Hi Shuah
> 
> On Wednesday 09 November 2016 10:04 PM, Shuah Khan wrote:
>> Hi Sudip/Greg,
>>
>> I am seeing the following double free from pp_release() in Linux 4.9-rc4
>> Is this a known problem?
> 
> Can you please check if the patch at [1] fixes the problem.
> 
> [1] https://patchwork.kernel.org/patch/9404815/
> 
> 
> Regards
> Sudip
> 
> 

Hi Sudip,

Yes the above patch fixed the problem. I tested it on 4.9-rc5

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-11-14 16:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-09 22:04 Linux 4.9-rc4 double free from pp_release() Shuah Khan
2016-11-09 22:59 ` Sudip Mukherjee
2016-11-14 16:45   ` Shuah Khan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).