For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: [PATCH] memory leak in btrfs_read_chunk_tree
Author: hariconscious@gmail.com
#syz test
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index ae1742a35e76..fa912137c94d 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -7188,6 +7188,8 @@ static int read_one_dev(struct extent_buffer *leaf,
if (!btrfs_test_opt(fs_info, DEGRADED)) {
btrfs_report_missing_device(fs_info, devid,
dev_uuid, true);
+ //1
+ free_fs_devices(fs_devices);
return -ENOENT;
}
@@ -7196,6 +7198,8 @@ static int read_one_dev(struct extent_buffer *leaf,
btrfs_err(fs_info,
"failed to add missing dev %llu: %ld",
devid, PTR_ERR(device));
+ //2
+ free_fs_devices(fs_devices);
return PTR_ERR(device);
}
btrfs_report_missing_device(fs_info, devid, dev_uuid,
false);
@@ -7204,6 +7208,8 @@ static int read_one_dev(struct extent_buffer *leaf,
if (!btrfs_test_opt(fs_info, DEGRADED)) {
btrfs_report_missing_device(fs_info,
devid, dev_uuid, true);
+ //3
+ free_fs_devices(fs_devices);
return -ENOENT;
}
btrfs_report_missing_device(fs_info, devid,
@@ -7242,6 +7248,9 @@ static int read_one_dev(struct extent_buffer *leaf,
BUG_ON(test_bit(BTRFS_DEV_STATE_WRITEABLE,
&device->dev_state));
if (device->generation !=
btrfs_device_generation(leaf, dev_item))
+ //4
+ btrfs_free_device(device);
+ free_fs_devices(fs_devices);
return -EINVAL;
}
@@ -7253,6 +7262,9 @@ static int read_one_dev(struct extent_buffer *leaf,
btrfs_err(fs_info,
"device total_bytes should be at most %llu but
found %llu",
max_total_bytes, device->total_bytes);
+ //5
+ btrfs_free_device(device);
+ free_fs_devices(fs_devices);
return -EINVAL;
}
}© 2016 - 2025 Red Hat, Inc.