[bug report] kmemleak observed during blktests nvme/fc

[Chaitanya Kulkarni]

On 12/14/25 7:44 PM, Chaitanya Kulkarni wrote:
> On 12/11/25 07:40, Yi Zhang wrote:
>> Hi
>> The following kmemleak was observed during blktests nvme/fc, please
>> help check it and let me know if you need any info/test for it,
>> thanks.
>>
>> commit d678712ead7318d5650158aa00113f63ccd4e210
>> Merge: 95ed689e9f30 a0750fae73c5
>> Author: Jens Axboe <axboe at kernel.dk>
>> Date:   Wed Dec 10 13:41:17 2025 -0700
>>
>>      Merge branch 'block-6.19' into for-next
>>
>>      * block-6.19:
>>        blk-mq-dma: always initialize dma state
>>
>> # cat /sys/kernel/debug/kmemleak
>> unreferenced object 0xffff88826cab51c0 (size 2488):
>>    comm "nvme", pid 84134, jiffies 4304631753
>>    hex dump (first 32 bytes):
>>      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>>      60 1a be c1 ff ff ff ff c0 2b 05 73 77 60 00 00 `........+.sw`..
>>    backtrace (crc 155ec6c5):
>>      kmem_cache_alloc_node_noprof+0x5e4/0x830
>>      blk_alloc_queue+0x30/0x700
>>      blk_mq_alloc_queue+0x14b/0x230
>>      nvme_alloc_admin_tag_set+0x352/0x670 [nvme_core]
>>      0xffffffffc11de07f
>>      0xffffffffc11dfc28
>>      nvmf_create_ctrl+0x2ec/0x620 [nvme_fabrics]
>>      nvmf_dev_write+0xd5/0x180 [nvme_fabrics]
>>      vfs_write+0x1d0/0xfd0
>>      ksys_write+0xf9/0x1d0
>>      do_syscall_64+0x95/0x520
>>      entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
>
> Can you try following ? FYI : - Potential fix, only compile tested.
>
> From b3c2e350ae741b18c04abe489dcf9d325537c01c Mon Sep 17 00:00:00 2001
> From: Chaitanya Kulkarni <ckulkarnilinux at gmail.com>
> Date: Sun, 14 Dec 2025 19:29:24 -0800
> Subject: [PATCH COMPILE TESTED ONLY] nvme-fc: release admin tagset if 
> init fails
>
> nvme_fabrics creates an NVMe/FC controller in following path:
>
>     nvmf_dev_write()
>       -> nvmf_create_ctrl()
>         -> nvme_fc_create_ctrl()
>           -> nvme_fc_init_ctrl()
>
> Check ctrl->ctrl.admin_tagset in the fail_ctrl path and call
> nvme_remove_admin_tag_set() to release the resources.
>
> Signed-off-by: Chaitanya Kulkarni <ckulkarnilinux at gmail.com>
> ---
>  drivers/nvme/host/fc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
> index bc455fa98246..6948de3f438a 100644
> --- a/drivers/nvme/host/fc.c
> +++ b/drivers/nvme/host/fc.c
> @@ -3587,6 +3587,8 @@ nvme_fc_init_ctrl(struct device *dev, struct 
> nvmf_ctrl_options *opts,
>
>      ctrl->ctrl.opts = NULL;
>
> +    if (ctrl->ctrl.admin_tagset)
> +        nvme_remove_admin_tag_set(&ctrl->ctrl);
>      /* initiate nvme ctrl ref counting teardown */
>      nvme_uninit_ctrl(&ctrl->ctrl);
>
did you get a chance to try this ?

-ck