From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
Date: Sun, 29 Mar 2026 01:49:28 +0800 [thread overview]
Message-ID: <202603290111.IIC2UeIB-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: cros-kernel-buildreports@googlegroups.com
tree: https://android.googlesource.com/kernel/common android17-6.18
head: 1eeff75d058d17b506a97fa282e7bbb55074c8d1
commit: 33cf4171196debf6009e33d96dccdd7929071db5 [7/7] mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets()
:::::: branch date: 15 hours ago
:::::: commit date: 3 months ago
config: i386-randconfig-141-20260328 (https://download.01.org/0day-ci/archive/20260329/202603290111.IIC2UeIB-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9004-gb810ac53
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202603290111.IIC2UeIB-lkp@intel.com/
smatch warnings:
mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
vim +/sysfs_target +80 mm/damon/tests/sysfs-kunit.h
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 40
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 41 static void damon_sysfs_test_add_targets(struct kunit *test)
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 42 {
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 43 struct damon_sysfs_targets *sysfs_targets;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 44 struct damon_sysfs_target *sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 45 struct damon_ctx *ctx;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 46
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 47 sysfs_targets = damon_sysfs_targets_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 48 if (!sysfs_targets)
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 49 kunit_skip(test, "sysfs_targets alloc fail");
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 50 sysfs_targets->nr = 1;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 51 sysfs_targets->targets_arr = kmalloc_array(1,
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 52 sizeof(*sysfs_targets->targets_arr), GFP_KERNEL);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 53 if (!sysfs_targets->targets_arr) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 54 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 55 kunit_skip(test, "targets_arr alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 56 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 57
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 58 sysfs_target = damon_sysfs_target_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 59 if (!sysfs_target) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 60 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 61 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 62 kunit_skip(test, "sysfs_target alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 63 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 64 sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 65 sysfs_target->regions = damon_sysfs_regions_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 66 if (!sysfs_target->regions) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 67 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 68 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 69 kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 70 kunit_skip(test, "sysfs_regions alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 71 }
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 72
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 73 sysfs_targets->targets_arr[0] = sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 74
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 75 ctx = damon_new_ctx();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 76 if (!ctx) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 77 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 78 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @79 kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @80 kfree(sysfs_target->regions);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 81 kunit_skip(test, "ctx alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 82 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 83
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 84 damon_sysfs_add_targets(ctx, sysfs_targets);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 85 KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 86
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 87 sysfs_target->pid = __damon_sysfs_test_get_any_pid(
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 88 sysfs_target->pid + 1, 200);
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 89 damon_sysfs_add_targets(ctx, sysfs_targets);
d96727a251fd2b mm/damon/sysfs-test.h SeongJae Park 2024-06-18 90 KUNIT_EXPECT_EQ(test, 2u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 91
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 92 damon_destroy_ctx(ctx);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 93 kfree(sysfs_targets->targets_arr);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 94 kfree(sysfs_targets);
2d6a1c835685de mm/damon/tests/sysfs-kunit.h Jinjie Ruan 2024-10-10 95 kfree(sysfs_target->regions);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 96 kfree(sysfs_target);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 97 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 98
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <error27@gmail.com>
To: oe-kbuild@lists.linux.dev, cros-kernel-buildreports@googlegroups.com
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev
Subject: [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
Date: Mon, 30 Mar 2026 10:00:34 +0300 [thread overview]
Message-ID: <202603290111.IIC2UeIB-lkp@intel.com> (raw)
Message-ID: <20260330070034.3Dvl7HYZEmJxpAyAy7ejTVS_QAllkyQMSMXGAeo9H_0@z> (raw)
tree: https://android.googlesource.com/kernel/common android17-6.18
head: 1eeff75d058d17b506a97fa282e7bbb55074c8d1
commit: 33cf4171196debf6009e33d96dccdd7929071db5 [7/7] mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets()
config: i386-randconfig-141-20260328 (https://download.01.org/0day-ci/archive/20260329/202603290111.IIC2UeIB-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9004-gb810ac53
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202603290111.IIC2UeIB-lkp@intel.com/
smatch warnings:
mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
vim +/sysfs_target +80 mm/damon/tests/sysfs-kunit.h
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 41 static void damon_sysfs_test_add_targets(struct kunit *test)
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 42 {
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 43 struct damon_sysfs_targets *sysfs_targets;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 44 struct damon_sysfs_target *sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 45 struct damon_ctx *ctx;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 46
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 47 sysfs_targets = damon_sysfs_targets_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 48 if (!sysfs_targets)
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 49 kunit_skip(test, "sysfs_targets alloc fail");
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 50 sysfs_targets->nr = 1;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 51 sysfs_targets->targets_arr = kmalloc_array(1,
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 52 sizeof(*sysfs_targets->targets_arr), GFP_KERNEL);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 53 if (!sysfs_targets->targets_arr) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 54 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 55 kunit_skip(test, "targets_arr alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 56 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 57
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 58 sysfs_target = damon_sysfs_target_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 59 if (!sysfs_target) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 60 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 61 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 62 kunit_skip(test, "sysfs_target alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 63 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 64 sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 65 sysfs_target->regions = damon_sysfs_regions_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 66 if (!sysfs_target->regions) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 67 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 68 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 69 kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 70 kunit_skip(test, "sysfs_regions alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 71 }
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 72
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 73 sysfs_targets->targets_arr[0] = sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 74
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 75 ctx = damon_new_ctx();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 76 if (!ctx) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 77 kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 78 kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @79 kfree(sysfs_target);
^^^^^^^^^^^^^
Freed
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @80 kfree(sysfs_target->regions);
^^^^^^^^^^^^^^^^^^^^^
Use after free
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 81 kunit_skip(test, "ctx alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 82 }
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 83
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 84 damon_sysfs_add_targets(ctx, sysfs_targets);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 85 KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 86
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 87 sysfs_target->pid = __damon_sysfs_test_get_any_pid(
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 88 sysfs_target->pid + 1, 200);
2caef83db9f8e0 mm/damon/sysfs-test.h SeongJae Park 2024-06-18 89 damon_sysfs_add_targets(ctx, sysfs_targets);
d96727a251fd2b mm/damon/sysfs-test.h SeongJae Park 2024-06-18 90 KUNIT_EXPECT_EQ(test, 2u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 91
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 92 damon_destroy_ctx(ctx);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 93 kfree(sysfs_targets->targets_arr);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 94 kfree(sysfs_targets);
2d6a1c835685de mm/damon/tests/sysfs-kunit.h Jinjie Ruan 2024-10-10 95 kfree(sysfs_target->regions);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 96 kfree(sysfs_target);
b8ee5575f763c2 mm/damon/sysfs-test.h SeongJae Park 2023-10-22 97 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2026-03-28 17:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-28 17:49 kernel test robot [this message]
2026-03-30 7:00 ` [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79) Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603290111.IIC2UeIB-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox