On Fri, Apr 10, 2026 at 6:11 PM Dan Carpenter <[email protected]> wrote: > > Hello Ming-Hung Tsai, > > Commit 4ca8b8bd952d ("dm cache: fix write hang in passthrough mode") > from Feb 9, 2026 (linux-next), leads to the following Smatch static > checker warning: > > drivers/md/dm-cache-target.c:1527 invalidate_committed() > error: dereferencing freed memory 'mg' (line 1525) > > drivers/md/dm-cache-target.c > 1517 static void invalidate_committed(struct work_struct *ws) > 1518 { > 1519 struct dm_cache_migration *mg = ws_to_mg(ws); > 1520 struct cache *cache = mg->cache; > 1521 struct bio *bio = mg->overwrite_bio; > 1522 struct per_bio_data *pb = get_per_bio_data(bio); > 1523 > 1524 if (mg->k.input) > 1525 invalidate_complete(mg, false); > ^^ > This frees mg. > > 1526 > --> 1527 init_continuation(&mg->k, invalidate_completed); > ^^ > 1528 remap_to_origin_clear_discard(cache, bio, > mg->invalidate_oblock); > ^^ > 1529 dm_hook_bio(&pb->hook_info, bio, overwrite_endio, mg); > ^^ > But we still dereference it later. > > 1530 dm_submit_bio_remap(bio, NULL); > 1531 } > > This email is a free service from the Smatch-CI project [smatch.sf.net]. > > regards, > dan carpenter >
Thanks for the report. I've fixed this and added your Reported-by: https://lore.kernel.org/dm-devel/[email protected]/ Ming-Hung Tsai
