Re: [PATCH] fs/super: fix memory leak of s_fs_info on setup_bdev_super failure
From: Christian Brauner
Date: Fri Nov 14 2025 - 06:55:34 EST
On Fri, Nov 14, 2025 at 06:12:12AM +0100, Mehdi Ben Hadj Khelifa wrote:
> #syz test
>
> diff --git a/fs/super.c b/fs/super.c
> index 5bab94fb7e03..a99e5281b057 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -1690,6 +1690,11 @@ int get_tree_bdev_flags(struct fs_context *fc,
> if (!error)
> error = fill_super(s, fc);
> if (error) {
> + /*
> + * return back sb_info ownership to fc to be freed by put_fs_context()
> + */
> + fc->s_fs_info = s->s_fs_info;
> + s->s_fs_info = NULL;
> deactivate_locked_super(s);
> return error;
> }
> --
> 2.51.2
>
No, either free it in hfs_fill_super() when it fails or add a wrapper
around kill_block_super() for hfs and free it after ->kill_sb() has run.