Re: [syzbot] [hfs?] memory leak in __hfs_bnode_create

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+98547b0428b6a6a3467c@syzkaller.appspotmail.com>
To: eadavis@qq.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [hfs?] memory leak in __hfs_bnode_create
Date: Thu, 16 Apr 2026 22:52:02 -0700	[thread overview]
Message-ID: <69e1ca82.050a0220.1de265.0001.GAE@google.com> (raw)
In-Reply-To: <tencent_DAAEE40C8067D786E112D5065F89B62ED406@qq.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in __hfs_bnode_create

BUG: memory leak
unreferenced object 0xffff88811d782480 (size 96):
  comm "syz.0.17", pid 6738, jiffies 4294945815
  hex dump (first 32 bytes):
    00 a0 6b 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..k.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc e40892e2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811d780780 (size 96):
  comm "syz.0.18", pid 6747, jiffies 4294945821
  hex dump (first 32 bytes):
    00 80 31 14 81 88 ff ff 00 00 00 00 00 00 00 00  ..1.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc daa1adcb):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888113764300 (size 96):
  comm "syz.0.19", pid 6759, jiffies 4294945830
  hex dump (first 32 bytes):
    00 f0 31 14 81 88 ff ff 00 00 00 00 00 00 00 00  ..1.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc 1420922e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF


Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=116024ce580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=208b81ceb4623b6b
dashboard link: https://syzkaller.appspot.com/bug?extid=98547b0428b6a6a3467c
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1077c4ce580000

next prev parent reply	other threads:[~2026-04-17  5:52 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-17  1:56 [syzbot] [hfs?] memory leak in __hfs_bnode_create syzbot
2026-04-17  3:11 ` Edward Adam Davis
2026-04-17  5:52   ` syzbot [this message]
2026-04-17  4:52 ` Edward Adam Davis
2026-04-17  6:12   ` syzbot
2026-04-17  5:04 ` Edward Adam Davis
2026-04-17  6:23   ` syzbot
2026-04-17  6:05 ` Edward Adam Davis
2026-04-17  6:47   ` syzbot
2026-04-17  6:22 ` Edward Adam Davis
2026-04-17  6:58   ` syzbot
2026-04-17  6:58 ` [PATCH] hfsplus: Supports freeing newly created tree head Edward Adam Davis
2026-04-17 22:03   ` Viacheslav Dubeyko
2026-04-18  9:37     ` Edward Adam Davis
2026-04-22 18:19       ` Viacheslav Dubeyko
2026-04-28  2:37         ` Edward Adam Davis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69e1ca82.050a0220.1de265.0001.GAE@google.com \
    --to=syzbot+98547b0428b6a6a3467c@syzkaller.appspotmail.com \
    --cc=eadavis@qq.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.