When the call to f2fs_fill_super() fails, only the memory occupied by sbi is released, but s_fs_info is not set to NULL, this will cause the current issue to occur. Reported-and-tested-by: syzbot+a5e651ca75fa0260acd5@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> --- fs/f2fs/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index d00d21a8b53a..9939e2445b1e 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4879,6 +4879,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent) free_sbi: if (sbi->s_chksum_driver) crypto_free_shash(sbi->s_chksum_driver); + sb->s_fs_info = NULL; kfree(sbi); /* give only one another chance */ -- 2.43.0
