On Wed, May 22, 2024 at 5:24 AM Fedor Pchelkin <pchelkin@xxxxxxxxx> wrote: > > kthread creation may possibly fail inside race_signal_callback(). In > such case stop the already started threads and return with error code. > > Found by Linux Verification Center (linuxtesting.org). > > Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx> > --- > drivers/dma-buf/st-dma-fence.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c > index b7c6f7ea9e0c..ab1ec4631578 100644 > --- a/drivers/dma-buf/st-dma-fence.c > +++ b/drivers/dma-buf/st-dma-fence.c > @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) > t[i].before = pass; > t[i].task = kthread_run(thread_signal_callback, &t[i], > "dma-fence:%d", i); > + if (IS_ERR(t[i].task)) { > + ret = PTR_ERR(t[i].task); > + while (--i >= 0) > + kthread_stop(t[i].task); This looks like it needs to be kthread_stop_put since get_task_struct was called for previous successful kthread_run calls. > + return ret; > + } > get_task_struct(t[i].task); > } > > -- > 2.39.2 >