f2fs: fix double free of f2fs_sb_info

kill_f2fs_super() is called even if f2fs_fill_super() fails. f2fs_fill_super() frees the struct f2fs_sb_info, so it must set sb->s_fs_info to NULL to prevent it from being freed again. Fixes: 275dca4630c1 ("f2fs: move release of block devices to after kill_block_super()") Reported-by: <syzbot+8f477ac014ff5b32d81f@syzkaller.appspotmail.com> Closes: https://lore.kernel.org/lkml/0000000000006cb174060ec34502@google.com Reviewed-by: Chao Yu <chao@kernel.org> Link: https://lore.kernel.org/linux-f2fs-devel/20240113005747.38887-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
author: Eric Biggers <ebiggers@google.com> 2024-01-12 16:57:47 -0800
committer: Eric Biggers <ebiggers@google.com> 2024-01-12 18:55:09 -0800
commit: c919330dd57835970b37676d377de3eaaea2c1e9 (patch)
tree: 0371d7b3f567ee9a12a7ec0b4c4c944880c98cbd /fs/f2fs
parent: 38814330fedd778edffcabe0c8cb462ee365782e (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index d00d21a8b53a..d45ab0992ae5 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -4880,6 +4880,7 @@ free_sbi:
 	if (sbi->s_chksum_driver)
 		crypto_free_shash(sbi->s_chksum_driver);
 	kfree(sbi);
+	sb->s_fs_info = NULL;
 
 	/* give only one another chance */
 	if (retry_cnt > 0 && skip_recovery) {
author	Eric Biggers <ebiggers@google.com>	2024-01-12 16:57:47 -0800
committer	Eric Biggers <ebiggers@google.com>	2024-01-12 18:55:09 -0800
commit	c919330dd57835970b37676d377de3eaaea2c1e9 (patch)
tree	0371d7b3f567ee9a12a7ec0b4c4c944880c98cbd /fs/f2fs
parent	38814330fedd778edffcabe0c8cb462ee365782e (diff)