Double alloc/free of cache item

Double alloc/free of cache item

[Torsten Rupp]

[-- Attachment #1: Type: text/plain, Size: 457 bytes --]

Dear XFS developers,

there is a double alloc/free of the cache item "xfs_extfree_item_cache" 
in xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set 
this also cause a segmenation fault due to a NULL pointer access (the 
cache item is already freed). Please find attached a patch which fix 
this issue.

I discussed this issue and the fix already with Darrick.

Thank you for your work on xfsprogs!

Best regards,

Torsten

[-- Attachment #2: 0001-Fix-alloc-free-of-cache-item.patch --]
[-- Type: text/x-patch, Size: 1204 bytes --]

From 4c669fd1db79564d8b5240c7464dd28f3bc27bb1 Mon Sep 17 00:00:00 2001
From: Torsten Rupp <torsten.rupp@gmx.net>
Date: Sun, 12 Oct 2025 09:23:58 +0200
Subject: [PATCH 1/1] Fix alloc/free of cache item

xfs_extfree_item_cache is allocated and freed twice. Remove the
obsolete alloc/free.

Signed-off-by: Torsten Rupp <torsten.rupp@gmx.net>
---
 libxfs/init.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/libxfs/init.c b/libxfs/init.c
index 393a9467..a5e89853 100644
--- a/libxfs/init.c
+++ b/libxfs/init.c
@@ -214,9 +214,6 @@ init_caches(void)
 		fprintf(stderr, "Could not allocate btree cursor caches.\n");
 		abort();
 	}
-	xfs_extfree_item_cache = kmem_cache_init(
-			sizeof(struct xfs_extent_free_item),
-			"xfs_extfree_item");
 	xfs_trans_cache = kmem_cache_init(
 			sizeof(struct xfs_trans), "xfs_trans");
 	xfs_parent_args_cache = kmem_cache_init(
@@ -236,7 +233,6 @@ destroy_caches(void)
 	leaked += kmem_cache_destroy(xfs_da_state_cache);
 	xfs_defer_destroy_item_caches();
 	xfs_btree_destroy_cur_caches();
-	leaked += kmem_cache_destroy(xfs_extfree_item_cache);
 	leaked += kmem_cache_destroy(xfs_trans_cache);
 	leaked += kmem_cache_destroy(xfs_parent_args_cache);
 
-- 
2.43.0

Re: Double alloc/free of cache item

[Carlos Maiolino]

On Tue, Oct 14, 2025 at 08:51:12AM +0200, Torsten Rupp wrote:
> Dear XFS developers,
> 
> there is a double alloc/free of the cache item "xfs_extfree_item_cache"
> in xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set
> this also cause a segmenation fault due to a NULL pointer access (the
> cache item is already freed). Please find attached a patch which fix
> this issue.

The patch looks fine as the same cache is created/destroyed also through
the xfs_defer_{init,destroy}. However I'd suggest re-sending the patch
the proper way as attaching patches to emails make maintainers life
harder. But that's up to the maintainer to decide.

For the patch itself:

Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>

> 
> I discussed this issue and the fix already with Darrick.
> 
> Thank you for your work on xfsprogs!
> 
> Best regards,
> 
> Torsten

Re: Double alloc/free of cache item

[Darrick J. Wong]

On Tue, Oct 14, 2025 at 08:51:12AM +0200, Torsten Rupp wrote:
> Dear XFS developers,
> 
> there is a double alloc/free of the cache item "xfs_extfree_item_cache" in
> xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set this
> also cause a segmenation fault due to a NULL pointer access (the cache item
> is already freed). Please find attached a patch which fix this issue.
> 
> I discussed this issue and the fix already with Darrick.
> 
> Thank you for your work on xfsprogs!
> 
> Best regards,
> 
> Torsten

> From 4c669fd1db79564d8b5240c7464dd28f3bc27bb1 Mon Sep 17 00:00:00 2001
> From: Torsten Rupp <torsten.rupp@gmx.net>
> Date: Sun, 12 Oct 2025 09:23:58 +0200
> Subject: [PATCH 1/1] Fix alloc/free of cache item
> 
> xfs_extfree_item_cache is allocated and freed twice. Remove the
> obsolete alloc/free.
> 
> Signed-off-by: Torsten Rupp <torsten.rupp@gmx.net>

Usually patches are pasted inline in the message and not as attachments
to avoid picky MTAs, but whatever, it got through lore/vger.

Looks correct,
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>

--D

> ---
>  libxfs/init.c | 4 ----
>  1 file changed, 4 deletions(-)
> 
> diff --git a/libxfs/init.c b/libxfs/init.c
> index 393a9467..a5e89853 100644
> --- a/libxfs/init.c
> +++ b/libxfs/init.c
> @@ -214,9 +214,6 @@ init_caches(void)
>  		fprintf(stderr, "Could not allocate btree cursor caches.\n");
>  		abort();
>  	}
> -	xfs_extfree_item_cache = kmem_cache_init(
> -			sizeof(struct xfs_extent_free_item),
> -			"xfs_extfree_item");
>  	xfs_trans_cache = kmem_cache_init(
>  			sizeof(struct xfs_trans), "xfs_trans");
>  	xfs_parent_args_cache = kmem_cache_init(
> @@ -236,7 +233,6 @@ destroy_caches(void)
>  	leaked += kmem_cache_destroy(xfs_da_state_cache);
>  	xfs_defer_destroy_item_caches();
>  	xfs_btree_destroy_cur_caches();
> -	leaked += kmem_cache_destroy(xfs_extfree_item_cache);
>  	leaked += kmem_cache_destroy(xfs_trans_cache);
>  	leaked += kmem_cache_destroy(xfs_parent_args_cache);
>  
> -- 
> 2.43.0
>