Re: [PATCH] btrfs: fix qgroup extent_changeset leak in page_mkwrite

[Qu Wenruo]

在 2025/12/12 15:39, Ahmet Eray Karadag 写道:
> syzbot reported a memory leak originating from ulist_prealloc()
> called from qgroup_reserve_data() in the btrfs_page_mkwrite()
> path. When btrfs_check_data_free_space() succeeds and
> btrfs_delalloc_reserve_metadata() later fails, we free the data
> reservation via btrfs_free_reserved_data_space(), but we never
> free the extent_changeset pointed to by data_reserved.
>
> Add the missing extent_changeset_free(data_reserved) in this
> error path, matching the other exit paths in btrfs_page_mkwrite()
> and the failure handling in btrfs_check_data_free_space().
>
> Reported-by: syzbot+2f8aa76e6acc9fce6638@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=2f8aa76e6acc9fce6638
> Signed-off-by: Ahmet Eray Karadag <eraykrdg1@xxxxxxxxx>

Already fixed by this patch.

https://lore.kernel.org/linux-btrfs/ab2ab25d0598c04467a62e9e88c9131cec159c48.1765454225.git.fdmanana@xxxxxxxx/

And your fix doesn't even have a proper fixes: tag.

> ---
>   fs/btrfs/file.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
> index 7a501e73d880..4b05e72249e2 100644
> --- a/fs/btrfs/file.c
> +++ b/fs/btrfs/file.c
> @@ -1910,6 +1910,8 @@ static vm_fault_t btrfs_page_mkwrite(struct vm_fault *vmf)
>   		if (!only_release_metadata)
>   			btrfs_free_reserved_data_space(inode, data_reserved,
>   						       page_start, reserved_space);
> +		extent_changeset_free(data_reserved);
> +		data_reserved = NULL;
>   		goto out_noreserve;
>   	}
>