Commit bc6d4f1b authored Sep 24, 2025 by Jacek Kalwas Committed by Tomasz Zawadzki Oct 08, 2025

nvme: fix leak in nvme_ctrlr_identify_active_ns



Issue found locally by the recently added
nvmf/target/ns_hotplug_stress.sh and ASAN, see backtraces below.

The test was modified so that after each thread completed, the listener
was removed.

nvme_ctrlr_identify_active_ns_async can fail if the target was
disconnected and the failure was not verified. It was leading to the
thread blocking for the admin timeout period and leaking the context
object.

Direct leak of 160 byte(s) in 2 object(s) allocated from:
    #0 0xffff99e57e2c in calloc (/usr/lib64/libasan.so.8+0xd7e2c) (BuildId: ffadec1458b8ee2a7580468af83f96175e7d9b82)
    #1 0xcc319c in nvme_active_ns_ctx_create /spdk/lib/nvme/nvme_ctrlr.c:2315
    #2 0xcc8a50 in nvme_ctrlr_identify_active_ns /spdk/lib/nvme/nvme_ctrlr.c:2590
    #3 0xcd9450 in nvme_ctrlr_process_async_event /spdk/lib/nvme/nvme_ctrlr.c:3318

Change-Id: I3722fe9feb2e0f0faca58d58f9f6be3e3a153f6e
Signed-off-by: Jacek Kalwas <jacek.kalwas@nutanix.com>
Reviewed-on: https://review.spdk.io/c/spdk/spdk/+/26764


Community-CI: Mellanox Build Bot
Reviewed-by: Jim Harris <jim.harris@nvidia.com>
Reviewed-by: Tomasz Zawadzki <tomasz@tzawadzki.com>
Tested-by: SPDK Automated Test System <spdkbot@gmail.com>

parent 7966e4a7

lib/nvme/nvme_ctrlr.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -2593,6 +2593,11 @@ nvme_ctrlr_identify_active_ns(struct spdk_nvme_ctrlr *ctrlr)
		}

		nvme_ctrlr_identify_active_ns_async(ctx);
		if (ctx->state == NVME_ACTIVE_NS_STATE_ERROR) {
		nvme_active_ns_ctx_destroy(ctx);
		return -ENXIO;
		}

		rc = nvme_wait_for_adminq_completion(ctrlr, &ctx->status, false);
		if (rc \|\| ctx->state == NVME_ACTIVE_NS_STATE_ERROR) {
		if (!ctx->status.timed_out) {

Admin message