[android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs

public inbox for oe-kbuild@lists.linux.dev
 help / color / mirror / Atom feed

* [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
@ 2026-03-28 17:49 kernel test robot
  2026-03-30  7:00 ` Dan Carpenter
  0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2026-03-28 17:49 UTC (permalink / raw)
  To: oe-kbuild; +Cc: lkp, Dan Carpenter

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: cros-kernel-buildreports@googlegroups.com

tree:   https://android.googlesource.com/kernel/common android17-6.18
head:   1eeff75d058d17b506a97fa282e7bbb55074c8d1
commit: 33cf4171196debf6009e33d96dccdd7929071db5 [7/7] mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets()
:::::: branch date: 15 hours ago
:::::: commit date: 3 months ago
config: i386-randconfig-141-20260328 (https://download.01.org/0day-ci/archive/20260329/202603290111.IIC2UeIB-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9004-gb810ac53

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202603290111.IIC2UeIB-lkp@intel.com/

smatch warnings:
mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)

vim +/sysfs_target +80 mm/damon/tests/sysfs-kunit.h

b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  40  
2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  41  static void damon_sysfs_test_add_targets(struct kunit *test)
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  42  {
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  43  	struct damon_sysfs_targets *sysfs_targets;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  44  	struct damon_sysfs_target *sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  45  	struct damon_ctx *ctx;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  46  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  47  	sysfs_targets = damon_sysfs_targets_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  48  	if (!sysfs_targets)
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  49  		kunit_skip(test, "sysfs_targets alloc fail");
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  50  	sysfs_targets->nr = 1;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  51  	sysfs_targets->targets_arr = kmalloc_array(1,
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  52  			sizeof(*sysfs_targets->targets_arr), GFP_KERNEL);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  53  	if (!sysfs_targets->targets_arr) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  54  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  55  		kunit_skip(test, "targets_arr alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  56  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  57  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  58  	sysfs_target = damon_sysfs_target_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  59  	if (!sysfs_target) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  60  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  61  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  62  		kunit_skip(test, "sysfs_target alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  63  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  64  	sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  65  	sysfs_target->regions = damon_sysfs_regions_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  66  	if (!sysfs_target->regions) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  67  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  68  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  69  		kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  70  		kunit_skip(test, "sysfs_regions alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  71  	}
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  72  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  73  	sysfs_targets->targets_arr[0] = sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  74  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  75  	ctx = damon_new_ctx();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  76  	if (!ctx) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  77  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  78  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @79  		kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @80  		kfree(sysfs_target->regions);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  81  		kunit_skip(test, "ctx alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  82  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  83  
2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  84  	damon_sysfs_add_targets(ctx, sysfs_targets);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  85  	KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  86  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  87  	sysfs_target->pid = __damon_sysfs_test_get_any_pid(
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  88  			sysfs_target->pid + 1, 200);
2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  89  	damon_sysfs_add_targets(ctx, sysfs_targets);
d96727a251fd2b mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  90  	KUNIT_EXPECT_EQ(test, 2u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  91  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  92  	damon_destroy_ctx(ctx);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  93  	kfree(sysfs_targets->targets_arr);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  94  	kfree(sysfs_targets);
2d6a1c835685de mm/damon/tests/sysfs-kunit.h Jinjie Ruan   2024-10-10  95  	kfree(sysfs_target->regions);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  96  	kfree(sysfs_target);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  97  }
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  98  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)
  2026-03-28 17:49 [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79) kernel test robot
@ 2026-03-30  7:00 ` Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2026-03-30  7:00 UTC (permalink / raw)
  To: oe-kbuild, cros-kernel-buildreports; +Cc: lkp, oe-kbuild-all

tree:   https://android.googlesource.com/kernel/common android17-6.18
head:   1eeff75d058d17b506a97fa282e7bbb55074c8d1
commit: 33cf4171196debf6009e33d96dccdd7929071db5 [7/7] mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets()
config: i386-randconfig-141-20260328 (https://download.01.org/0day-ci/archive/20260329/202603290111.IIC2UeIB-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9004-gb810ac53

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202603290111.IIC2UeIB-lkp@intel.com/

smatch warnings:
mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79)

vim +/sysfs_target +80 mm/damon/tests/sysfs-kunit.h

2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  41  static void damon_sysfs_test_add_targets(struct kunit *test)
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  42  {
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  43  	struct damon_sysfs_targets *sysfs_targets;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  44  	struct damon_sysfs_target *sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  45  	struct damon_ctx *ctx;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  46  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  47  	sysfs_targets = damon_sysfs_targets_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  48  	if (!sysfs_targets)
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  49  		kunit_skip(test, "sysfs_targets alloc fail");
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  50  	sysfs_targets->nr = 1;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  51  	sysfs_targets->targets_arr = kmalloc_array(1,
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  52  			sizeof(*sysfs_targets->targets_arr), GFP_KERNEL);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  53  	if (!sysfs_targets->targets_arr) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  54  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  55  		kunit_skip(test, "targets_arr alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  56  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  57  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  58  	sysfs_target = damon_sysfs_target_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  59  	if (!sysfs_target) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  60  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  61  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  62  		kunit_skip(test, "sysfs_target alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  63  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  64  	sysfs_target->pid = __damon_sysfs_test_get_any_pid(12, 100);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  65  	sysfs_target->regions = damon_sysfs_regions_alloc();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  66  	if (!sysfs_target->regions) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  67  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  68  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  69  		kfree(sysfs_target);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  70  		kunit_skip(test, "sysfs_regions alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  71  	}
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  72  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  73  	sysfs_targets->targets_arr[0] = sysfs_target;
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  74  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  75  	ctx = damon_new_ctx();
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  76  	if (!ctx) {
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  77  		kfree(sysfs_targets->targets_arr);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  78  		kfree(sysfs_targets);
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @79  		kfree(sysfs_target);
                                                                                              ^^^^^^^^^^^^^
Freed

33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01 @80  		kfree(sysfs_target->regions);
                                                                                              ^^^^^^^^^^^^^^^^^^^^^
Use after free

33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  81  		kunit_skip(test, "ctx alloc fail");
33cf4171196deb mm/damon/tests/sysfs-kunit.h SeongJae Park 2025-11-01  82  	}
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  83  
2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  84  	damon_sysfs_add_targets(ctx, sysfs_targets);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  85  	KUNIT_EXPECT_EQ(test, 1u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  86  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  87  	sysfs_target->pid = __damon_sysfs_test_get_any_pid(
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  88  			sysfs_target->pid + 1, 200);
2caef83db9f8e0 mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  89  	damon_sysfs_add_targets(ctx, sysfs_targets);
d96727a251fd2b mm/damon/sysfs-test.h        SeongJae Park 2024-06-18  90  	KUNIT_EXPECT_EQ(test, 2u, nr_damon_targets(ctx));
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  91  
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  92  	damon_destroy_ctx(ctx);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  93  	kfree(sysfs_targets->targets_arr);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  94  	kfree(sysfs_targets);
2d6a1c835685de mm/damon/tests/sysfs-kunit.h Jinjie Ruan   2024-10-10  95  	kfree(sysfs_target->regions);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  96  	kfree(sysfs_target);
b8ee5575f763c2 mm/damon/sysfs-test.h        SeongJae Park 2023-10-22  97  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-30  7:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-28 17:49 [android-common:android17-6.18 7/7] mm/damon/tests/sysfs-kunit.h:80 damon_sysfs_test_add_targets() error: dereferencing freed memory 'sysfs_target' (line 79) kernel test robot
2026-03-30  7:00 ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox