From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8102F3264D0
	for <linux-kernel@vger.kernel.org>; Fri, 17 Apr 2026 05:52:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.71
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776405125; cv=none; b=cqSoqRtsBdky5aO8xxnv9mqqE3az7lKHXEiTvaLKGwjC5lrzQJPm5GTdORURne+xUg2eCjRTXzaM7TpExabjsUv0kwmklbw6v5mICnd8l1P+t0IznEopwKFIq5jVce5xpDYFr1r+dKC02c4otV7MWoH/LZlz495otefaVPHfwv8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776405125; c=relaxed/simple;
	bh=Pjo1T9/3ZJt48X/bGsqYu6U8Xk4aoSuamnMakfVMMFg=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type; b=kxaz/hk9XDJo2k65FOcD3kX94Dlc3pdxDIw4TuERc6SgF23cP2VYM88p1D71FQVaID5EN9b9rGTdMcHvo/+nGmJTbJiNQUmNH8dMObWKNrl37rDLuFSu+k9FrfqPbJgVdnioL4hBH79FCfYC+U6/sgxwexy/JDsAhOHyPV2o8A4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.71
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-68721a878d7so594095eaf.3
        for <linux-kernel@vger.kernel.org>; Thu, 16 Apr 2026 22:52:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1776405122; x=1777009922;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=95AygwbkQVDJ/cgecZxYP7xbZ+5OvfinPfl808nel9s=;
        b=NqyGiZt5OCqUcxxc6syBjgXqXOLrazBlaYbj1sFu2W/aoogLka9ih31z1ndgEJO+vC
         36U+4bX+YHEEpuWGKBScCtqyn/asEQSAtRmMH00XjkuvpAbrAV75sYmtq1QWaW/ti/Pz
         CwgBmM5uZGtac7aqPllNezDHCFITug6+XSFHn+XUzwHUu1AdJHckfdjSwB2WI3gNZ3eU
         Ylmlp+MugP3i2oRZCQy6yVN9oN4fIUpJyuCcAY6nIG4yyVY3CtrOV1KZw0Ev5aWH5azD
         xsPG0Fr2All8PcZdPkVhzenP6PxYhrSAhHw4oe/KjViGLVqOmWYxpwHQNXbHTfj/aqcd
         HGhw==
X-Forwarded-Encrypted: i=1; AFNElJ8dYdsOhop8V6eub4QpPDmHtC5ZQJUoRtgyHwta47IQLRmjmoiEahFhBENgQC2f+qu5mOopVxSf5+itJNg=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyy5HE3/aTVBzZcopslsiRedFvuknmRHHYjNmhDpN0p1TQbTquO
	fqKjvEPEtIZ6Ptmv9e8nu+TzPfcY/al/rSRSYYyuqF1rF6/j/ghumWVJS8PMc4tZI6+HJxgopAT
	WuEmBP20N2JcY0fDIh45OyZhdKoqpgD/ZrgcFtxX0bV19hUzPyt2qG0rueOA=
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a05:6820:220a:b0:68e:7e21:225d with SMTP id
 006d021491bc7-69462ec7be7mr766470eaf.33.1776405122385; Thu, 16 Apr 2026
 22:52:02 -0700 (PDT)
Date: Thu, 16 Apr 2026 22:52:02 -0700
In-Reply-To: <tencent_DAAEE40C8067D786E112D5065F89B62ED406@qq.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <69e1ca82.050a0220.1de265.0001.GAE@google.com>
Subject: Re: [syzbot] [hfs?] memory leak in __hfs_bnode_create
From: syzbot <syzbot+98547b0428b6a6a3467c@syzkaller.appspotmail.com>
To: eadavis@qq.com, linux-kernel@vger.kernel.org, 
	syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in __hfs_bnode_create

BUG: memory leak
unreferenced object 0xffff88811d782480 (size 96):
  comm "syz.0.17", pid 6738, jiffies 4294945815
  hex dump (first 32 bytes):
    00 a0 6b 13 81 88 ff ff 00 00 00 00 00 00 00 00  ..k.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc e40892e2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811d780780 (size 96):
  comm "syz.0.18", pid 6747, jiffies 4294945821
  hex dump (first 32 bytes):
    00 80 31 14 81 88 ff ff 00 00 00 00 00 00 00 00  ..1.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc daa1adcb):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888113764300 (size 96):
  comm "syz.0.19", pid 6759, jiffies 4294945830
  hex dump (first 32 bytes):
    00 f0 31 14 81 88 ff ff 00 00 00 00 00 00 00 00  ..1.............
    00 00 00 00 00 00 00 00 03 00 7f 00 00 00 00 00  ................
  backtrace (crc 1420922e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    __hfs_bnode_create+0x59/0x310 fs/hfsplus/bnode.c:469
    hfsplus_bnode_find+0x13e/0x580 fs/hfsplus/bnode.c:547
    hfsplus_btree_open+0x2e1/0x5a0 fs/hfsplus/btree.c:382
    hfsplus_fill_super+0x272/0x880 fs/hfsplus/super.c:548
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1694
    vfs_get_tree+0x30/0x120 fs/super.c:1754
    fc_mount fs/namespace.c:1193 [inline]
    do_new_mount_fc fs/namespace.c:3758 [inline]
    do_new_mount fs/namespace.c:3834 [inline]
    path_mount+0x5a9/0x1370 fs/namespace.c:4154
    do_mount fs/namespace.c:4167 [inline]
    __do_sys_mount fs/namespace.c:4383 [inline]
    __se_sys_mount fs/namespace.c:4360 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4360
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF


Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=116024ce580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=208b81ceb4623b6b
dashboard link: https://syzkaller.appspot.com/bug?extid=98547b0428b6a6a3467c
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1077c4ce580000