Commit f7e3f852 authored Dec 04, 2025 by Shaurya Rane Committed by Jens Axboe Dec 04, 2025

block: fix memory leak in __blkdev_issue_zero_pages

Move the fatal signal check before bio_alloc() to prevent a memory
leak when BLKDEV_ZERO_KILLABLE is set and a fatal signal is pending.

Previously, the bio was allocated before checking for a fatal signal.
If a signal was pending, the code would break out of the loop without
freeing or chaining the just-allocated bio, causing a memory leak.

This matches the pattern already used in __blkdev_issue_write_zeroes()
where the signal check precedes the allocation.

Fixes: bf86bcdb ("blk-lib: check for kill signal in ioctl BLKZEROOUT")
Reported-by: <syzbot+527a7e48a3d3d315d862@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=527a7e48a3d3d315d862

Signed-off-by: Shaurya Rane <ssrane_b23@ee.vjti.ac.in>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Tested-by: <syzbot+527a7e48a3d3d315d862@syzkaller.appspotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 8a322821

block/blk-lib.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -202,13 +202,13 @@ static void __blkdev_issue_zero_pages(struct block_device *bdev,
		unsigned int nr_vecs = __blkdev_sectors_to_bio_pages(nr_sects);
		struct bio *bio;

		bio = bio_alloc(bdev, nr_vecs, REQ_OP_WRITE, gfp_mask);
		bio->bi_iter.bi_sector = sector;

		if ((flags & BLKDEV_ZERO_KILLABLE) &&
		fatal_signal_pending(current))
		break;

		bio = bio_alloc(bdev, nr_vecs, REQ_OP_WRITE, gfp_mask);
		bio->bi_iter.bi_sector = sector;

		do {
		unsigned int len;