On Wed, Feb 3, 2021 at 11:13 PM Dan Carpenter dan.carpenter@oracle.com wrote:
Hi Daniel,
url: https://github.com/0day-ci/linux/commits/Daniel-Latypov/kunit-support-runnin... base: 88bb507a74ea7d75fa49edd421eaa710a7d80598 config: x86_64-randconfig-m001-20210202 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot lkp@intel.com Reported-by: Dan Carpenter dan.carpenter@oracle.com
smatch warnings: lib/kunit/executor.c:110 kunit_run_all_tests() error: double free of 'suite_set.start'
vim +110 lib/kunit/executor.c
8c0d884986ba22 Brendan Higgins 2020-08-04 96 int kunit_run_all_tests(void) aac35468ca20a3 Alan Maguire 2020-08-04 97 { aac35468ca20a3 Alan Maguire 2020-08-04 98 struct kunit_suite * const * const *suites; aac35468ca20a3 Alan Maguire 2020-08-04 99 d5554dd78a454b Daniel Latypov 2021-02-03 100 struct suite_set suite_set = kunit_filter_suites(); 45dcbb6f5ef78b Brendan Higgins 2020-08-04 101 d5554dd78a454b Daniel Latypov 2021-02-03 102 kunit_print_tap_header(&suite_set); d5554dd78a454b Daniel Latypov 2021-02-03 103 d5554dd78a454b Daniel Latypov 2021-02-03 104 for (suites = suite_set.start; suites < suite_set.end; suites++) aac35468ca20a3 Alan Maguire 2020-08-04 105 __kunit_test_suites_init(*suites); aac35468ca20a3 Alan Maguire 2020-08-04 106 d5554dd78a454b Daniel Latypov 2021-02-03 107 if (filter_glob) { /* a copy was made of each array */ d5554dd78a454b Daniel Latypov 2021-02-03 108 for (suites = suite_set.start; suites < suite_set.end; suites++) ^^^^^^^^^^^^^^^^^^^^^^^^ This will free "suite_set.start" will in the first iteration through the loop
Ah, the loop is supposed to contain `kfree(*suites)`. I'll fix the patch and resend.
I'm not familiar with conventions but it feels like adding Reported-by on the amended patch would almost imply the report suggested the need for the ability to filter suites. So I'll add an informal attribution in the cover letter.
Thanks!
d5554dd78a454b Daniel Latypov 2021-02-03 109 kfree(suites); d5554dd78a454b Daniel Latypov 2021-02-03 @110 kfree(suite_set.start); ^^^^^^^^^^^^^^^ and then double free it.
d5554dd78a454b Daniel Latypov 2021-02-03 111 } d5554dd78a454b Daniel Latypov 2021-02-03 112 aac35468ca20a3 Alan Maguire 2020-08-04 113 return 0; aac35468ca20a3 Alan Maguire 2020-08-04 114 }
0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org