================================================================== BUG: KASAN: double-free or invalid-free in slab_free mm/slub.c:3157 [inline] BUG: KASAN: double-free or invalid-free in kfree+0xe5/0x7b0 mm/slub.c:4196 CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.11.0-rc2-next-20210108-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:230 kasan_report_invalid_free+0x51/0x80 mm/kasan/report.c:355 ____kasan_slab_free.part.0+0xfd/0x110 mm/kasan/common.c:344 kasan_slab_free include/linux/kasan.h:188 [inline] slab_free_hook mm/slub.c:1548 [inline] slab_free_freelist_hook+0x82/0x1d0 mm/slub.c:1586 slab_free mm/slub.c:3157 [inline] kfree+0xe5/0x7b0 mm/slub.c:4196 bdev_free_inode+0x57/0x80 fs/block_dev.c:787 i_callback+0x3f/0x70 fs/inode.c:223 rcu_do_batch kernel/rcu/tree.c:2508 [inline] rcu_core+0x72b/0x1280 kernel/rcu/tree.c:2743 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343 run_ksoftirqd kernel/softirq.c:650 [inline] run_ksoftirqd+0x2d/0x50 kernel/softirq.c:642 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:165 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Allocated by task 4902: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:404 [inline] ____kasan_kmalloc mm/kasan/common.c:435 [inline] ____kasan_kmalloc.constprop.0+0xa0/0xd0 mm/kasan/common.c:407 kmalloc include/linux/slab.h:554 [inline] kernfs_get_open_node fs/kernfs/file.c:571 [inline] kernfs_fop_open+0x957/0xd40 fs/kernfs/file.c:717 do_dentry_open+0x4b9/0x11b0 fs/open.c:817 do_open fs/namei.c:3254 [inline] path_openat+0x1b8e/0x2720 fs/namei.c:3369 do_filp_open+0x17e/0x3c0 fs/namei.c:3396 do_sys_openat2+0x16d/0x420 fs/open.c:1178 do_sys_open fs/open.c:1194 [inline] __do_sys_open fs/open.c:1202 [inline] __se_sys_open fs/open.c:1198 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1198 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff888022cacd00 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 0 bytes inside of 128-byte region [ffff888022cacd00, ffff888022cacd80) The buggy address belongs to the page: page:0000000083df0907 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888022cacc00 pfn:0x22cac flags: 0xfff00000000200(slab) raw: 00fff00000000200 ffffea0000946f00 0000000900000009 ffff888010041640 raw: ffff888022cacc00 000000008010000a 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888022cacc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888022cacc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888022cacd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888022cacd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888022cace00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================