From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB0C6C5AD49 for ; Mon, 2 Jun 2025 14:52:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A1466B02BF; Mon, 2 Jun 2025 10:52:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 479036B02C1; Mon, 2 Jun 2025 10:52:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 38EA06B02C2; Mon, 2 Jun 2025 10:52:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1DE756B02BF for ; Mon, 2 Jun 2025 10:52:48 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C34FAC0776 for ; Mon, 2 Jun 2025 14:52:47 +0000 (UTC) X-FDA: 83510752374.08.9C839E8 Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) by imf11.hostedemail.com (Postfix) with ESMTP id D4EF340006 for ; Mon, 2 Jun 2025 14:52:45 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=SR9lwdxW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf11.hostedemail.com: domain of joshua.hahnjy@gmail.com designates 209.85.128.173 as permitted sender) smtp.mailfrom=joshua.hahnjy@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748875965; a=rsa-sha256; cv=none; b=IzSfR5BabZYWusIKoF7LbC9Szd/SKwLPJtNE3OOm5X/eBbnMRZmrl9YkRirUhjO6gN9W3U 3yiKoxfHTRuhiLT1BaPWrXCs9MCN1rVWWWDmfninKt/NUbUAIiaNP8nRTr/9ccb7L/2sNJ 5Jd/8mR+YuGN8KkmmP8mmX+DXUK0t9c= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=SR9lwdxW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf11.hostedemail.com: domain of joshua.hahnjy@gmail.com designates 209.85.128.173 as permitted sender) smtp.mailfrom=joshua.hahnjy@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748875965; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=76sd53eSyvjHFmX9Hf2WRuEGfzgy55oGQBEa4L2zRnU=; b=PqKlniUktDOdB97Zw8TynXGsKf/hNgDhOEWfuVuxGiC1yK0GcgygUwnKbv4lwHNnJswZO5 O2yOzDwXqKPqJuoAcfDZplqONat6NPGU0+Rl+vEB6iPp/unyeRq2vffzsp1Wpza+ELwnSm LjOw7g8xf9DsBRZNTqj4wiVMozNMvrA= Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-70e4bd65106so40559247b3.0 for ; Mon, 02 Jun 2025 07:52:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1748875965; x=1749480765; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=76sd53eSyvjHFmX9Hf2WRuEGfzgy55oGQBEa4L2zRnU=; b=SR9lwdxWI3D67/u4W8QADuyYHbaZZAwZy4c9mHLgH2tKABYojocBAJskyixvePQXd+ 8SBByGuLDcqvuCFZfg9RKjKw/ncX664V4yuTgG2ivsYkvB0EQpIAoJ8iTXdc18TG3aYL Dyl8Pyyjh0xuO1dDn3XErxoyD+OtdJnNfQW+3aXgMuid/fSPV91rfE4GJJXKCMX9Iy1j X7saIHyERLFsOSs4EAaSF9wFyTyLWwkY8zmG6rLpUS5SK0zmXfjuOX3FaMf80DvYIoFv 9MNqJbUR4ZTLGx7A1bfeWPHqdWjvRxnmGFMIdfDndIX7MdBUb9Dtc0VWu8zUl3IgCv/N +gOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748875965; x=1749480765; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=76sd53eSyvjHFmX9Hf2WRuEGfzgy55oGQBEa4L2zRnU=; b=QBy/OybBG960IsFP+rF4xxeKfne9PJ9q2nCiM5bkZhiUWeSDnRmj/+zNBO/NNuDj/L 0i1KTVwj4mxyxyhm/XH7gXaUUxh2kp8mG8pC4m4VTqJjDdKdFpWGx65+/EsEFStBGoa1 tGyDtRBm4XzbfoWtc8rZPIJqGD/tgvOQfuvt3K0gitu0nnlBXyNsTMn0lPNyMQw2Bzuk fAZrg0WtUGCdaplYinfWDicfoVMRG2Nhw/mz2gNCJCbgxNuobrYxIFU2nJb8v5X8yv6h Z6ziskmffrmhNR3vNH4pth1w77df3D4mxTIsSVxET7GgKGz9UGHCTp+IqYGDhRWWA2c5 Zclw== X-Forwarded-Encrypted: i=1; AJvYcCVFZc9kbfIsjq/Qb3pf2aBLGM+ntI8T7jGp/7dHwUrrQHDiv6dKVVRSco+bGWzUQ0U7fy4PAXf6pA==@kvack.org X-Gm-Message-State: AOJu0YyfLpmu+8teFNBZddFjMHyZluHj3PqLPpJsSX34DCHACyq9L1XL JP3VD5zs/jpOdVzpjKWKc7uLRUh9JzH5gZ1bw83x2gsFXfeQ44qINwoM X-Gm-Gg: ASbGncvftYwkAsdCJqdJfJkepVRvPFrfNAK9PmJCyRoDDS52pgJHc6QVwx9q4eT/zMd riRAzk0IGMphVNa6o8sCYR1wgpoFftsmXhtXR2Pjy/le1x+HKJTaQ/RbsewUn9Y8skqH7QoQHSB yorkNyQWTi6n26X83nvxHLcAysJwPSENQwjuKJGk7SMEc2Mbl96iDSmdLM+qFaK2qnAmthEQQoZ Ek9Cnc/CtVWjCp7SC9HRfXtpTjdfqdkPRJV5g8qdv0Pj09xq5eBgX6tAQBpPCeKqdDPY8ILm4Zd S6dlLw6YpvnANF+FBCEreu1qiVDqVPnKeDReb8dTGtvP53xuoA== X-Google-Smtp-Source: AGHT+IEsgSp200jiLK+JMX2zF3T0B7XKAG0dLeZ5mmTJTjJ/BXwU5aM/+R7TYdq3m+S8I9xo+XiTZg== X-Received: by 2002:a05:690c:4d84:b0:70d:ffaf:48ed with SMTP id 00721157ae682-71057d61298mr155431007b3.33.1748875964793; Mon, 02 Jun 2025 07:52:44 -0700 (PDT) Received: from localhost ([2a03:2880:25ff:1::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-70f8abee892sm20949177b3.32.2025.06.02.07.52.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Jun 2025 07:52:42 -0700 (PDT) From: Joshua Hahn To: Harry Yoo Cc: kernel test robot , oe-kbuild-all@lists.linux.dev, linux-kernel@vger.kernel.org, Andrew Morton , Linux Memory Management List , Gregory Price , Huang Ying , Honggyu Kim Subject: Re: mm/mempolicy.c:3719:1-6: ERROR: invalid free of structure field Date: Mon, 2 Jun 2025 07:52:39 -0700 Message-ID: <20250602145240.1868958-1-joshua.hahnjy@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: D4EF340006 X-Stat-Signature: 5bgzm63qetid5t7sm11tknkaaiihxspk X-Rspam-User: X-HE-Tag: 1748875965-307594 X-HE-Meta: U2FsdGVkX19r/lEIZGKOlpE8QMyG/q5mOP8z+wo2U9aU0uOepqtExoQEwL7nrbZJu87EKxlsl3/jbS9NiN1UYdm1M6rNZYlwQgj562p6932C5m2QTYEBY/txsl5FY4/CiGzrCX0sqisfC8XcvJ1a+Pf93scY7IXuVEfbKXoeL+jykNEu4BxNGrbk2R+G8nel+rHseRCl5o4+ezFTkeutNsxa4ecNI7RUlrHIWLoIOBO6yNC9J4AEN7DflPHdPL/xbL10/zSbxK59UFWktoLoaPVpkEpyhHcsH8cMbt8HqpCnB9GJoBvIJiSg7Ftg2LdFP1/+9W4tNMC8PPHeBSWGnR8ScbzRwJ1Ywg7m3NzNgcZ7LsrdLMa6VVUVvbrdsMGhVoOEPD0n355HhmOsHS2Wh/vEdHiutX4laJfIdRNLzxLDEfjTDeUpH6QvRmPyZ5z9tNam5l9OYTzhWhfA+pWrZ0y2oAezGoZOREJANKlM8w+wMuTywa4JT3IXU1KKydJwMHzxlm/JVMjSiZhSQLCTDDN92xd7JWax2XMVzACwrVQuGgjEtbY/ubrbFc73gF9lv7bW7ld/jeOjLMXUqcHQnFpu9MnFIU9lkwwzZTtlRlmH+Z0Q89vIpB+B0xNkWWKFr+4Pw0UxVeQIzosVv9N6I0vm7GL9FThNZUU3T0E6skQWGDhxQSpEdlz5ORVkCLaExmLAUtrotTnvGv2M1+Xi/eGh83/dqXwdbsSf97eB5inagsJg2dJavY3GEyCZgJyMsojJWoUk82BoYA9coeTCLOHwScTmskX22xbjIl8XgV8EcpePRnOFI8oZfbNGNq0OUs8+wUL+fe4T6sj8XRq3qkCVDWvif4uVaiJbTzuEJctira7EoniaHmVWKT8rr6uoGvf3WYDxlIWdrZHQ756z737LRT9MyQ/tIZ8RehiXUalmU7JHGF/adGnBnw0PaLcLeK4sbGx4FbgD3JzEqNO +72zpbjo 1DrMnFBM/JcZNjYIol39U6i3qhIasBw9s8ynLDCuzsiJv1ovM5ftLR1p5+OIvupO/pFo/NTQY4Rc0QMhHfke++mGykFn+z9Jh7aUCcSru2b/xnMHp9tyuYCWDIOutKDzWi3Bbj196RN/W4gOnHGjNxS7DOnpSfXY9gDsRc9KOcH/CJI+CRbet7696dJN2ZPN1v/vu2u80OM1IDdvWNQKQ7W8X5inb/8cLjwahvM437/7+gC/5oBarIQbxpRDQZ6GgqpTZtF4xJnIvLu0omjATahfGu2TLe5hzCUMFmMuA6o/abjQd18skapS0TtI7tbgsyW73i9b8YHguKagbBfOukD1dckNRym0JuErRhGo15oULCYdxZEFu52h+r6jXlrsNKZGMkVnnt1AblwdVGb8Lo2Z2fiklfXbdP2m7GjdRFrgRyh86G36rwO9iWbGFmx/oZxOE43eckWtpS0tZCC6tuJ5+Tjo6RUDnXyJBL/055R8/d8K9HZlra/jdSA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 2 Jun 2025 15:01:08 +0900 Harry Yoo wrote: > On Sun, Jun 01, 2025 at 01:34:46PM +0800, kernel test robot wrote: > > cocci warnings: (new ones prefixed by >>) > > >> mm/mempolicy.c:3719:1-6: ERROR: invalid free of structure field > > > > vim +3719 mm/mempolicy.c > > > > 3700 > > 3701 static void wi_state_free(void) > > 3702 { > > 3703 struct weighted_interleave_state *old_wi_state; > > 3704 > > 3705 mutex_lock(&wi_state_lock); > > 3706 > > 3707 old_wi_state = rcu_dereference_protected(wi_state, > > 3708 lockdep_is_held(&wi_state_lock)); > > 3709 if (!old_wi_state) { > > 3710 mutex_unlock(&wi_state_lock); > > 3711 goto out; > > 3712 } > > 3713 > > 3714 rcu_assign_pointer(wi_state, NULL); > > 3715 mutex_unlock(&wi_state_lock); > > 3716 synchronize_rcu(); > > 3717 kfree(old_wi_state); > > 3718 out: > > > 3719 kfree(&wi_group->wi_kobj); > > Hmm maybe Joshua meant kfree(wi_group)? > > Anyway, practically it's the same as kfree(wi_group) and something strange > is happening there. > > in add_weighted_interleave_group() (the only caller of wi_cleanup()), > kobject_del() and kobject_put() are called after wi_cleanup() freed > wi_group in the error path. Hi Harry, Thanks for your suggestion and insight! This is totally a slip-up on my end. I completely missed the kobject_{put, delete} that gets called immediately after this, which is embarrassing because rebasing on top of Rakie's patch (which introduces those proper freeing calls) was the main focus of this v8. >From what I can tell, I think the solution here is to just remove the goto statement entirely. There is no need to free the wi_group here, and it would also be bad practice to do more than the function name suggests anyways. Let me send a patch that gets rid of the goto statement, and just returns if there is no old_wi_state. While I'm at it, I'll send in a patch from David Hildenbrand that is an optimization in this area. Thanks again for taking a look Harry, hope you have a great day! Joshua > > > 3720 } > > 3721 > > > > -- > > 0-DAY CI Kernel Test Service > > -- > Cheers, > Harry / Hyeonggon