Re: [PATCH] block: blk-zoned: fix zwplug refcount leak on write error path

[Shin'ichiro Kawasaki]

On May 27, 2026 / 08:15, Damien Le Moal wrote:
[...]
> Wentao,
> 
> You clearly did not test this at all because if you had, you would have seen
> all the warning splats that your patch triggers.

FYI, the blktests CI run for the patch caught failures at block/017, zbd/004,
zbd/009 and zbd/012.

# RUN_ZONED_TESTS=1 ./check block/017
block/017 (do I/O and check the inflight counter)            [passed]
    runtime  2.264s  ...  2.140s
block/017 (zoned) (do I/O and check the inflight counter)    [failed]
    runtime  2.107s  ...  2.080s
    something found in dmesg:
    [  207.429382] [   T1852] run blktests block/017 at 2026-05-27 20:43:45
    [  207.466894] [   T1852] null_blk: nullb1: using native zone append
    [  207.479158] [   T1852] null_blk: disk nullb1 created
    [  207.810531] [   T1956] null_blk: disk nullb0 created
    [  207.811528] [   T1956] null_blk: module loaded
    [  207.830801] [   T1852] null_blk: nullb1: using native zone append
    [  208.404359] [   T1852] null_blk: disk nullb1 created
    [  209.174141] [      C2] ------------[ cut here ]------------
    [  209.175354] [      C2] WARNING: block/blk-zoned.c:590 at disk_free_zone_wplug+0x30c/0x3b0, CPU#2: swapper/2/0
    [  209.176896] [      C2] Modules linked in: null_blk nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr sunrpc 9pnet_virtio 9pnet i2c_piix4 pcspkr netfs i2c_smbus dm_multipath nfnetlink zram vmw_vsock_virtio_transport vmw_vsock_virtio_transport_common vsock bochs drm_client_lib nvme drm_shmem_helper xfs drm_kms_helper sym53c8xx nvme_core floppy nvme_keyring nvme_auth scsi_transport_spi e1000 drm serio_raw ata_generic pata_acpi i2c_dev qemu_fw_cfg virtiofs fuse virtio_console [last unloaded: null_blk]
    ...
    (See '/home/shin/Blktests/blktests/results/nodev_zoned/block/017.dmesg' for the entire message)
# ./check zbd/004 zbd/009 zbd/012
zbd/004 => nullb1 (write split across sequential zones)      [failed]
    runtime  0.152s  ...  0.626s
    something found in dmesg:
    [  231.263084] [   T2067] run blktests zbd/004 at 2026-05-27 20:44:08
    [  231.714947] [   T2105] ------------[ cut here ]------------
    [  231.716700] [   T2105] refcount_t: underflow; use-after-free.
    [  231.717849] [   T2105] WARNING: lib/refcount.c:28 at refcount_warn_saturate+0xa9/0xe0, CPU#3: dd/2105
    [  231.720269] [   T2105] Modules linked in: null_blk nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr sunrpc 9pnet_virtio 9pnet i2c_piix4 pcspkr netfs i2c_smbus dm_multipath nfnetlink zram vmw_vsock_virtio_transport vmw_vsock_virtio_transport_common vsock bochs drm_client_lib nvme drm_shmem_helper xfs drm_kms_helper sym53c8xx nvme_core floppy nvme_keyring nvme_auth scsi_transport_spi e1000 drm serio_raw ata_generic pata_acpi i2c_dev qemu_fw_cfg virtiofs fuse virtio_console [last unloaded: null_blk]
    [  231.730390] [   T2105] CPU: 3 UID: 0 PID: 2105 Comm: dd Tainted: G        W           7.1.0-rc5+ #3 PREEMPT(full)
    [  231.732289] [   T2105] Tainted: [W]=WARN
    [  231.733281] [   T2105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-10.fc44 06/10/2025
    [  231.735090] [   T2105] RIP: 0010:refcount_warn_saturate+0xa9/0xe0
    [  231.736514] [   T2105] Code: bd ee 5d 03 67 48 0f b9 3a 5b 5d c3 cc cc cc cc 48 8d 3d ba ee 5d 03 67 48 0f b9 3a 5b 5d e9 ce ea 85 01 48 8d 3d b7 ee 5d 03 <67> 48 0f b9 3a 5b 5d c3 cc cc cc cc 48 8d 3d b4 ee 5d 03 67 48 0f
    ...
    (See '/home/shin/Blktests/blktests/results/nullb1/zbd/004.dmesg' for the entire message)
zbd/009 (test gap zone support with BTRFS)                   [failed]
    runtime  11.646s  ...  1.424s
    --- tests/zbd/009.out	2023-04-06 10:11:07.928670527 +0900
    +++ /home/shin/Blktests/blktests/results/nodev/zbd/009.out.bad	2026-05-27 20:44:12.743034470 +0900
    @@ -1,2 +1,4 @@
     Running zbd/009
    -Test complete
    +mount: /home/shin/Blktests/blktests/results/tmpdir.zbd.009.xLW/mnt: wrong fs type, bad option, bad superblock on /dev/sdd, missing codepage or helper program, or other error.
    +       dmesg(1) may have more information after failed mount system call.
    +Test failed
zbd/012 (test requeuing of zoned writes and queue freezing)  [failed]
    runtime  42.181s  ...  23.791s
    --- tests/zbd/012.out	2025-03-06 19:32:02.536851507 +0900
    +++ /home/shin/Blktests/blktests/results/nodev/zbd/012.out.bad	2026-05-27 20:44:38.677211476 +0900
    @@ -2,6 +2,4 @@
     1
     2
     4
    -8
    -16
    -Test complete
    +Test failed