From nobody Sun Dec 14 12:13:43 2025 Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E94430C378 for ; Sat, 13 Dec 2025 23:37:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765669028; cv=none; b=H82xF29+BWeQWqxJAl++elEs4rovcZ6iGEejXnWfPDG5ymx4OcSwQM1C6mlmL8AI299VMz8sotG04Wx2UwcW1ApCkc+ADYA9C3x2dfkeL1GNSwJTpFdo/XTL7ck6bVS1YkslALiJsEOGRnxPqd2UnGO5TCj9zCQF4bJmvxE88h8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765669028; c=relaxed/simple; bh=cJfN2LFQVsTToarEtrjJG6LBKZLE6UGOBVVViTLOxXg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=dFgkBc1M83wqFli+I3xEXX0tetDKiZxSKz6JbC7JJJjMOPk0+Brs8txENOTKkq5ne9OOQ1ATCkBzXe18Vm0SkI07bloWfnA6jX5kidRgEJUkb+DhvH4rsl5aT9ZweFpoATejBJmQlFXDXL6E4aN81HzkIJ8IkJJeyXRBevsDTw8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=U+f1INb2; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="U+f1INb2" Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47798ded6fcso14061725e9.1 for ; Sat, 13 Dec 2025 15:37:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765669023; x=1766273823; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=uvM+YrUFgllyVXk9pxhptdAjipRbIePjBKtm7KoIwJ8=; b=U+f1INb2oiANqz9EbKbSTdA2QB+hy7ZcNE7YRI1DzKSsFO2y1RUz9K3gRftESeYxOp M+Bnt39qRZHH1MrvgPGeCR2iz7WWSHkgkJUeAEgAwIU6e3Dur3WLq/d89ZFNqEw8DSv6 +IW7UyxUFCqfcC1fV3X9sYG0U+uyTYnjcPZxZzmo3w1CabTpbd4JVEt6PPzNbhqL0+uQ Li4kxSI8f5J+x5gptBhb+mw8v4mu/hvKmlAyxx6WjjTnkTUWu1EdOBktQn1SqnCRdKDp ockWoJbYsHyBdIqt8JfMeJXfQgxJNjBTMGa9OncFJRP871TEHKyTvHTmp9+HCB6skeoW VDOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765669023; x=1766273823; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uvM+YrUFgllyVXk9pxhptdAjipRbIePjBKtm7KoIwJ8=; b=BHgn8Gtc7at5pg8pN0sKWW705fDMsq6p4myIMQJn2Gl9bwu9IaTm59QDJlsLMiEXpd flX12LyjXU9Qd4Zj6AmpgJAa5yQTxkWX08EehietVJCN7qgy9xNH0vLfPm/b3AzlyGqu B+lsAQKm2S7zVgmxh7iiWpHygwJfk9tzYgNik+UJIaioVL/nB434Bwdc8IupukxkeFbt 3E6IfxXICpc9BqlqU6uuZz839X4aWyKC9Eltz0tWC4mNWpKlI4ZhIjipFKiOF7QlhoSH rc14eUGP2dW3Q70VHtyfm4PJAW5aI4IQGX38EiX2v9FD2WDA1mdBS2P2DTdobXIy2UHz SDBg== X-Forwarded-Encrypted: i=1; AJvYcCUggZh5HxsR3veIV5wnZMD2HKoW5qMNj43d9TQ8WwccpXtVQI7+49E8eXIgqjeFaz9Hv5uI8DkwL/iHaqE=@vger.kernel.org X-Gm-Message-State: AOJu0YwguqN5o0KKd5olVKDNEdZc9VcoFpDNjnaWMzkEv8D0KiXvLvXo n3EUjrdjjRs7zAYUCdVmicgEVLDX/dOetlqIQlimxNXZn2fbvzjrOYP1 X-Gm-Gg: AY/fxX58qVPgnlOx+VpECI+titRi9PqOgn4dOSa5Eec4gEC/vsdlyd1xOHxhB024tzW k3p8HLZ36dkoZRokQl9JT+utWiKjWwpupn0UAkDuXYDaBx0IkiBlHkQLEwczNGYYx20ixXnSrG8 ELPm900JGgHsgCHn6squlPWYUrGH5hjq/It5+jzvpx/X70F+6fatB81UvMKG9s3OXOf3eECQX0D 4Fn1SZaG6JdAkewzZRnA8rBIWBB0BF8xrgrIu8sUSW1Cx4M6rkWxI6T1TLv6xyaOkBq27ZECRyV WRV8cgDqH0oPqqLdvGV2hAdZxVmGO6EWQuNAPkzGTbUdDgzLsGE573FXf3swZv3bgGFei9J7ElG bVaPddzhwTlZ3MEViWLaUAMbq5n4EUP8DGWRgu9HeX0kD7bVKcbumCWGE0Smmhj/8TFcqO2fsrd OT10914nfDyGk= X-Google-Smtp-Source: AGHT+IENkhxfPSBfbzNFq+lkIO4tXRzzEAa/71aLHopjgvmXksmw7sZUAvCfmFZtrx/jVGb4eEdANw== X-Received: by 2002:a05:600c:6912:b0:479:3a88:de5d with SMTP id 5b1f17b1804b1-47a8f91dac4mr68687055e9.36.1765669022611; Sat, 13 Dec 2025 15:37:02 -0800 (PST) Received: from eray-kasa.. ([2a02:4e0:2d18:46e:337b:a52b:d034:ae83]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47a8f6f3a46sm111436235e9.15.2025.12.13.15.37.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 13 Dec 2025 15:37:02 -0800 (PST) From: Ahmet Eray Karadag To: akpm@linux-foundation.org Cc: viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, Ahmet Eray Karadag , syzbot+1c70732df5fd4f0e4fbb@syzkaller.appspotmail.com Subject: [PATCH] adfs: fix memory leak in sb->s_fs_info Date: Sun, 14 Dec 2025 02:36:22 +0300 Message-ID: <20251213233621.151496-2-eraykrdg1@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Syzbot reported a memory leak in adfs during the mount process. The issue arises because the ownership of the allocated (struct adfs_sb_info) is transferred from the filesystem context to the superblock via sget_fc(). This function sets fc->s_fs_info to NULL after the transfer. The ADFS filesystem previously used the default kill_block_super for superblock destruction. This helper performs generic cleanup but does not free the private sb->s_fs_info data. Since fc->s_fs_info is set to NULL during the transfer, the standard context cleanup (adfs_free_fc) also skips freeing this memory. As a result, if the superblock is destroyed, the allocated struct adfs_sb_info is leaked. Fix this by implementing a custom .kill_sb callback (adfs_kill_sb) that explicitly frees sb->s_fs_info before invoking the generic kill_block_super. Reported-by: syzbot+1c70732df5fd4f0e4fbb@syzkaller.appspotmail.com Fixes: https://syzkaller.appspot.com/bug?extid=3D1c70732df5fd4f0e4fbb Signed-off-by: Ahmet Eray Karadag --- fs/adfs/super.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/adfs/super.c b/fs/adfs/super.c index fdccdbbfc213..afcd9f6ef350 100644 --- a/fs/adfs/super.c +++ b/fs/adfs/super.c @@ -462,10 +462,19 @@ static int adfs_init_fs_context(struct fs_context *fc) return 0; } =20 +static void adfs_kill_sb(struct super_block *sb) +{ + struct adfs_sb_info *asb =3D ADFS_SB(sb); + + kill_block_super(sb); + + kfree(asb); +} + static struct file_system_type adfs_fs_type =3D { .owner =3D THIS_MODULE, .name =3D "adfs", - .kill_sb =3D kill_block_super, + .kill_sb =3D adfs_kill_sb, .fs_flags =3D FS_REQUIRES_DEV, .init_fs_context =3D adfs_init_fs_context, .parameters =3D adfs_param_spec, --=20 2.43.0