From: Dan Carpenter <dan.carpenter@linaro.org>
To: oe-kbuild@lists.linux.dev, David Carlier <devnexen@gmail.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@kernel.org>,
Roman Gushchin <roman.gushchin@linux.dev>,
Shakeel Butt <shakeel.butt@linux.dev>,
Muchun Song <muchun.song@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
Qi Zheng <zhengqi.arch@bytedance.com>
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev,
Linux Memory Management List <linux-mm@kvack.org>,
David Carlier <devnexen@gmail.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] mm/memcontrol: fix obj_cgroup leak in mem_cgroup_css_online() error path
Date: Tue, 24 Mar 2026 12:10:49 +0300 [thread overview]
Message-ID: <202603241635.qNXDPwjs-lkp@intel.com> (raw)
In-Reply-To: <20260322164943.37460-1-devnexen@gmail.com>
Hi David,
kernel test robot noticed the following build warnings:
url: https://github.com/intel-lab-lkp/linux/commits/David-Carlier/mm-memcontrol-fix-obj_cgroup-leak-in-mem_cgroup_css_online-error-path/20260324-010357
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/20260322164943.37460-1-devnexen%40gmail.com
patch subject: [PATCH] mm/memcontrol: fix obj_cgroup leak in mem_cgroup_css_online() error path
config: arm64-randconfig-r072-20260324 (https://download.01.org/0day-ci/archive/20260324/202603241635.qNXDPwjs-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 14.3.0
smatch: v0.5.0-9004-gb810ac53
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202603241635.qNXDPwjs-lkp@intel.com/
smatch warnings:
mm/memcontrol.c:4180 mem_cgroup_css_online() warn: variable dereferenced before check 'pn' (see line 4176)
vim +/pn +4180 mm/memcontrol.c
6f0df8e16eb543 Johannes Weiner 2023-08-23 4168 * regular ID destruction during offlining.
6f0df8e16eb543 Johannes Weiner 2023-08-23 4169 */
e77786b4682e69 Shakeel Butt 2025-12-25 4170 xa_store(&mem_cgroup_private_ids, memcg->id.id, memcg, GFP_KERNEL);
6f0df8e16eb543 Johannes Weiner 2023-08-23 4171
2f7dd7a4100ad4 Johannes Weiner 2014-10-02 4172 return 0;
098fad3e1621cb Qi Zheng 2026-03-05 4173 free_objcg:
098fad3e1621cb Qi Zheng 2026-03-05 4174 for_each_node(nid) {
098fad3e1621cb Qi Zheng 2026-03-05 4175 struct mem_cgroup_per_node *pn = memcg->nodeinfo[nid];
59f75a1877fbf7 David Carlier 2026-03-22 @4176 objcg = rcu_replace_pointer(pn->objcg, NULL, true);
^^^^^^^^^
Dereference
59f75a1877fbf7 David Carlier 2026-03-22 4177 if (objcg)
59f75a1877fbf7 David Carlier 2026-03-22 4178 percpu_ref_kill(&objcg->refcnt);
098fad3e1621cb Qi Zheng 2026-03-05 4179
4a2f95f5c79e02 Qi Zheng 2026-03-09 @4180 if (pn && pn->orig_objcg) {
^^
Checked too late.
098fad3e1621cb Qi Zheng 2026-03-05 4181 obj_cgroup_put(pn->orig_objcg);
4a2f95f5c79e02 Qi Zheng 2026-03-09 4182 /*
02b5fc7885d9f8 Andrew Morton 2026-03-09 4183 * Reset pn->orig_objcg to NULL to prevent
02b5fc7885d9f8 Andrew Morton 2026-03-09 4184 * obj_cgroup_put() from being called again in
02b5fc7885d9f8 Andrew Morton 2026-03-09 4185 * __mem_cgroup_free().
4a2f95f5c79e02 Qi Zheng 2026-03-09 4186 */
4a2f95f5c79e02 Qi Zheng 2026-03-09 4187 pn->orig_objcg = NULL;
4a2f95f5c79e02 Qi Zheng 2026-03-09 4188 }
098fad3e1621cb Qi Zheng 2026-03-05 4189 }
a0dd8b1942f5bf Muchun Song 2026-03-05 4190 free_shrinker_info(memcg);
da0efe30944476 Muchun Song 2022-03-22 4191 offline_kmem:
da0efe30944476 Muchun Song 2022-03-22 4192 memcg_offline_kmem(memcg);
e77786b4682e69 Shakeel Butt 2025-12-25 4193 mem_cgroup_private_id_remove(memcg);
da0efe30944476 Muchun Song 2022-03-22 4194 return -ENOMEM;
8cdea7c0545426 Balbir Singh 2008-02-07 4195 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2026-03-24 9:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-22 8:01 [PATCH] mm/memcontrol: fix obj_cgroup leak in mem_cgroup_css_online() error path David Carlier
2026-03-22 16:20 ` Andrew Morton
2026-03-22 16:41 ` David CARLIER
2026-03-22 16:49 ` David Carlier
2026-03-22 18:54 ` Andrew Morton
2026-03-22 19:26 ` David CARLIER
2026-03-24 9:10 ` Dan Carpenter [this message]
2026-03-24 10:54 ` David CARLIER
2026-03-22 19:36 ` David Carlier
2026-03-22 22:34 ` Andrew Morton
2026-03-23 2:12 ` Qi Zheng
2026-03-23 6:30 ` David Carlier
-- strict thread matches above, loose matches on Subject: below --
2026-03-23 6:28 David Carlier
2026-03-23 6:30 ` David CARLIER
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603241635.qNXDPwjs-lkp@intel.com \
--to=dan.carpenter@linaro.org \
--cc=akpm@linux-foundation.org \
--cc=devnexen@gmail.com \
--cc=hannes@cmpxchg.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=mhocko@kernel.org \
--cc=muchun.song@linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=oe-kbuild@lists.linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=shakeel.butt@linux.dev \
--cc=stable@vger.kernel.org \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox