From: Fedor Pchelkin <pchelkin@xxxxxxxxx> commit 6cb05d89fd62a76a9b74bd16211fb0930e89fea8 upstream. kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code. Found by Linux Verification Center (linuxtesting.org). Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx> Reviewed-by: T.J. Mercier <tjmercier@xxxxxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/20240522181308.841686-1-pchelkin@xxxxxxxxx Signed-off-by: Christian König <christian.koenig@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *ar t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop_put(t[i].task); + return ret; + } get_task_struct(t[i].task); } Patches currently in stable-queue which might be from pchelkin@xxxxxxxxx are queue-6.9/dma-buf-handle-testing-kthreads-creation-failure.patch