[PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST
@ 2026-06-11  1:13 Qu Wenruo
  2026-06-11  1:13 ` [PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices Qu Wenruo
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Qu Wenruo @ 2026-06-11  1:13 UTC (permalink / raw)
  To: linux-btrfs

Just give a full test run (except libbtrfsutil run) with D=asan, all kinds of
memory leaks related to zone/RST are exposed.

Fix them one by one.

Qu Wenruo (3):
  btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned
    devices
  btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info()
  btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup
    failure

 common/device-utils.c   |  4 ++--
 kernel-shared/volumes.c |  6 ++++--
 kernel-shared/zoned.c   |  3 ++-
 kernel-shared/zoned.h   | 10 ++++++++++
 4 files changed, 18 insertions(+), 5 deletions(-)

--
2.54.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices
  2026-06-11  1:13 [PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST Qu Wenruo
@ 2026-06-11  1:13 ` Qu Wenruo
  2026-06-11  1:13 ` [PATCH 2/3] btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info() Qu Wenruo
  2026-06-11  1:13 ` [PATCH 3/3] btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup failure Qu Wenruo
  2 siblings, 0 replies; 4+ messages in thread
From: Qu Wenruo @ 2026-06-11  1:13 UTC (permalink / raw)
  To: linux-btrfs

[BUG]
With D=asan compiling option enabled, the test case mkfs/025 fails with
the following asan report triggered:

====== RUN CHECK root_helper /home/adam/btrfs-progs/mkfs.btrfs -d single -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3 /dev/nullb4 /dev/nullb5 /dev/nullb6 /dev/nullb7 /dev/nullb8 /dev/nullb9

=================================================================
==185235==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 20480 byte(s) in 10 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960fa0d37 in btrfs_prepare_device common/device-utils.c:253
    #4 0x55e960eb14ee in prepare_one_device mkfs/main.c:1156
    #5 0x7ffa8d65e11a in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:239
    #6 0x7ffa8d29698a  (/usr/lib/libc.so.6+0x9698a) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)

Direct leak of 18432 byte(s) in 9 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960f9a847 in btrfs_get_dev_zone_info kernel-shared/zoned.c:1431
    #4 0x55e960f9a6d2 in btrfs_get_dev_zone_info_all_devices kernel-shared/zoned.c:1408
    #5 0x55e960eb9b7d in main mkfs/main.c:2383
    #6 0x7ffa8d227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #7 0x7ffa8d2276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x55e960ea8fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 3def50571e3d23304fbe357251f52f4428140607)

Direct leak of 2048 byte(s) in 1 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960f9a847 in btrfs_get_dev_zone_info kernel-shared/zoned.c:1431
    #4 0x55e960f9a6d2 in btrfs_get_dev_zone_info_all_devices kernel-shared/zoned.c:1408
    #5 0x55e960f0d0f0 in __open_ctree_fd kernel-shared/disk-io.c:1665
    #6 0x55e960f0d9d8 in open_ctree_fs_info kernel-shared/disk-io.c:1733
    #7 0x55e960eb88f2 in main mkfs/main.c:2254
    #8 0x7ffa8d227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x7ffa8d2276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #10 0x55e960ea8fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 3def50571e3d23304fbe357251f52f4428140607)
...

[CAUSE]
In btrfs_prepare_device(), we call btrfs_get_zone_info() which allocated
space for zinfo, then later report_zones() allocates zinfo::zones and
zinfo::active_zones.

But we only free zinfo itself, not the zones nor active_zones pointers,
leading to the above leak.

[FIX]
Introduce a helper, btrfs_free_zoned_device_info() to do the proper free
of a btrfs_zoned_device_info structure.

Fixes: 58ec59389263 ("btrfs-progs: zoned: support resetting zoned device")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 common/device-utils.c   |  4 ++--
 kernel-shared/volumes.c |  2 +-
 kernel-shared/zoned.c   |  2 +-
 kernel-shared/zoned.h   | 10 ++++++++++
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/common/device-utils.c b/common/device-utils.c
index 9dfc50211955..63240c1f5130 100644
--- a/common/device-utils.c
+++ b/common/device-utils.c
@@ -302,12 +302,12 @@ int btrfs_prepare_device(int fd, const char *file, u64 *byte_count_ret,
 		goto err;
 	}
 
-	free(zinfo);
+	btrfs_free_zoned_device_info(zinfo);
 	*byte_count_ret = byte_count;
 	return 0;
 
 err:
-	free(zinfo);
+	btrfs_free_zoned_device_info(zinfo);
 	return 1;
 }
 
diff --git a/kernel-shared/volumes.c b/kernel-shared/volumes.c
index a54ea4dd1fbd..c3d113b6e3b1 100644
--- a/kernel-shared/volumes.c
+++ b/kernel-shared/volumes.c
@@ -648,7 +648,7 @@ again:
 		/* free the memory */
 		kfree(device->name);
 		kfree(device->label);
-		kfree(device->zone_info);
+		btrfs_free_zoned_device_info(device->zone_info);
 		kfree(device);
 	}
 
diff --git a/kernel-shared/zoned.c b/kernel-shared/zoned.c
index 18fb7eb511d3..1757b195560a 100644
--- a/kernel-shared/zoned.c
+++ b/kernel-shared/zoned.c
@@ -1464,7 +1464,7 @@ int btrfs_get_zone_info(int fd, const char *file,
 	/* Get zone information */
 	ret = report_zones(fd, file, zinfo);
 	if (ret != 0) {
-		kfree(zinfo);
+		btrfs_free_zoned_device_info(zinfo);
 		return ret;
 	}
 	*zinfo_ret = zinfo;
diff --git a/kernel-shared/zoned.h b/kernel-shared/zoned.h
index d004ff16f198..2d01da7d83e8 100644
--- a/kernel-shared/zoned.h
+++ b/kernel-shared/zoned.h
@@ -83,6 +83,16 @@ enum btrfs_zoned_model zoned_model(const char *file);
 u64 zone_size(const char *file);
 int btrfs_get_zone_info(int fd, const char *file,
 			struct btrfs_zoned_device_info **zinfo);
+
+static inline void btrfs_free_zoned_device_info(struct btrfs_zoned_device_info *zinfo)
+{
+	if (!zinfo)
+		return;
+	free(zinfo->zones);
+	free(zinfo->active_zones);
+	free(zinfo);
+}
+
 int btrfs_get_dev_zone_info_all_devices(struct btrfs_fs_info *fs_info);
 int btrfs_check_zoned_mode(struct btrfs_fs_info *fs_info);
 
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/3] btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info()
  2026-06-11  1:13 [PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST Qu Wenruo
  2026-06-11  1:13 ` [PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices Qu Wenruo
@ 2026-06-11  1:13 ` Qu Wenruo
  2026-06-11  1:13 ` [PATCH 3/3] btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup failure Qu Wenruo
  2 siblings, 0 replies; 4+ messages in thread
From: Qu Wenruo @ 2026-06-11  1:13 UTC (permalink / raw)
  To: linux-btrfs

[BUG]
With the previous btrfs_zoned_device_info memory leak fixed, the test
case mkfs/025 still fails with extra memory leaks:

====== RUN CHECK /home/adam/btrfs-progs/mkfs.btrfs -d single -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3 /dev/nullb4 /dev/nullb5 /dev/nullb6 /dev/nullb7 /dev/nullb8 /dev/nullb9

=================================================================
==4392==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d3d7b in create_metadata_block_groups mkfs/main.c:162
    #6 0x5568791e1a52 in main mkfs/main.c:2263
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d446d in create_data_block_groups mkfs/main.c:222
    #6 0x5568791e1ea7 in main mkfs/main.c:2297
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d446d in create_data_block_groups mkfs/main.c:222
    #6 0x5568791e1ffe in main mkfs/main.c:2305
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

[CAUSE]
Inside btrfs_load_block_group_zone_info() we allocated an @active bitmap
using bitmap_zalloc(), and use that bitmap for updating @zone_info.

However after everything is done we only freed @zone_info, not @active
bitmap, causing the above memory leak.

[FIX]
Free @active bitmap inside btrfs_load_block_group_zone_info().

Fixes: 6936ffa265c7 ("btrfs-progs: zoned: activate block group on loading")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 kernel-shared/zoned.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel-shared/zoned.c b/kernel-shared/zoned.c
index 1757b195560a..8a9d1f38c37d 100644
--- a/kernel-shared/zoned.c
+++ b/kernel-shared/zoned.c
@@ -1302,6 +1302,7 @@ out:
 	if (!ret)
 		cache->write_offset = cache->alloc_offset;
 
+	kfree(active);
 	kfree(zone_info);
 	return ret;
 }
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 3/3] btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup failure
  2026-06-11  1:13 [PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST Qu Wenruo
  2026-06-11  1:13 ` [PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices Qu Wenruo
  2026-06-11  1:13 ` [PATCH 2/3] btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info() Qu Wenruo
@ 2026-06-11  1:13 ` Qu Wenruo
  2 siblings, 0 replies; 4+ messages in thread
From: Qu Wenruo @ 2026-06-11  1:13 UTC (permalink / raw)
  To: linux-btrfs

[BUG]
With all previous memory leaks fixed, now mkfs/030 fails with the
following memory leak:

====== RUN CHECK /home/adam/btrfs-progs/mkfs.btrfs -f -O zoned -d dup -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3
WARNING: DUP is not recommended on filesystem with multiple devices
WARNING: DUP may not actually lead to 2 copies on the device, see manual page

=================================================================
==48914==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 144 byte(s) in 1 object(s) allocated from:
    #0 0x7fe9247205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5587da350c9a in __btrfs_map_block kernel-shared/volumes.c:2236
    #2 0x5587da34f4b9 in btrfs_map_block kernel-shared/volumes.c:2002
    #3 0x5587da279470 in queue_discard_logical mkfs/main.c:1355
    #4 0x5587da27a01b in discard_free_space mkfs/main.c:1453
    #5 0x5587da2825a8 in main mkfs/main.c:2587
    #6 0x7fe924227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #7 0x7fe9242276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x5587da26ffa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 67b730427c6a4739addff9bd31ecd89b1b5ae11a)

[CAUSE]
In __btrfs_map_block() if the fs has raid-stripe-tree enabled, we need
to do one extra mapping to get the physical address.

However btrfs_stripe_tree_logical_to_physical() can fail, and if that
function failed, we error out without freeing @multi we have allocated,
resulting the above memory leak.

[FIX]
Do the proper error handling before erroring out after
btrfs_stripe_tree_logical_to_physical() failure.

Fixes: a9fd50f85fdd ("btrfs-progs: read stripe tree when mapping blocks")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 kernel-shared/volumes.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel-shared/volumes.c b/kernel-shared/volumes.c
index c3d113b6e3b1..f35b59bcc20e 100644
--- a/kernel-shared/volumes.c
+++ b/kernel-shared/volumes.c
@@ -2396,8 +2396,10 @@ again:
 
 			ret = btrfs_stripe_tree_logical_to_physical(fs_info, logical,
 								    &multi->stripes[i]);
-			if (ret)
+			if (ret) {
+				kfree(multi);
 				return ret;
+			}
 		} else {
 			multi->stripes[i].physical =
 				map->stripes[stripe_index].physical +
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-06-11  1:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-11  1:13 [PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST Qu Wenruo
2026-06-11  1:13 ` [PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices Qu Wenruo
2026-06-11  1:13 ` [PATCH 2/3] btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info() Qu Wenruo
2026-06-11  1:13 ` [PATCH 3/3] btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup failure Qu Wenruo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.