Hello Ming-Hung Tsai,
Commit 4ca8b8bd952d ("dm cache: fix write hang in passthrough mode")
from Feb 9, 2026 (linux-next), leads to the following Smatch static
checker warning:
drivers/md/dm-cache-target.c:1527 invalidate_committed()
error: dereferencing freed memory 'mg' (line 1525)
drivers/md/dm-cache-target.c
1517 static void invalidate_committed(struct work_struct *ws)
1518 {
1519 struct dm_cache_migration *mg = ws_to_mg(ws);
1520 struct cache *cache = mg->cache;
1521 struct bio *bio = mg->overwrite_bio;
1522 struct per_bio_data *pb = get_per_bio_data(bio);
1523
1524 if (mg->k.input)
1525 invalidate_complete(mg, false);
^^
This frees mg.
1526
--> 1527 init_continuation(&mg->k, invalidate_completed);
^^
1528 remap_to_origin_clear_discard(cache, bio,
mg->invalidate_oblock);
^^
1529 dm_hook_bio(&pb->hook_info, bio, overwrite_endio, mg);
^^
But we still dereference it later.
1530 dm_submit_bio_remap(bio, NULL);
1531 }
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
