git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Biggers <ebiggers@google.com>
	Sat, 13 Jan 2024 00:57:47 +0000 (16:57 -0800)
committer	Eric Biggers <ebiggers@google.com>
	Sat, 13 Jan 2024 02:55:09 +0000 (18:55 -0800)
commit	c919330dd57835970b37676d377de3eaaea2c1e9
tree	0371d7b3f567ee9a12a7ec0b4c4c944880c98cbd	tree \| snapshot
parent	38814330fedd778edffcabe0c8cb462ee365782e	commit \| diff

f2fs: fix double free of f2fs_sb_info

kill_f2fs_super() is called even if f2fs_fill_super() fails.
f2fs_fill_super() frees the struct f2fs_sb_info, so it must set
sb->s_fs_info to NULL to prevent it from being freed again.

Fixes: 275dca4630c1 ("f2fs: move release of block devices to after kill_block_super()")
Reported-by: <syzbot+8f477ac014ff5b32d81f@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/lkml/0000000000006cb174060ec34502@google.com
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/linux-f2fs-devel/20240113005747.38887-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>