From nobody Fri Dec 19 15:00:30 2025
Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com
 [209.85.167.199])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7F382E1EFC
	for <linux-kernel@vger.kernel.org>; Fri,  5 Dec 2025 14:48:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.167.199
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764946135; cv=none;
 b=XvTmcXVbQ83OcN5hrcDWg+8CFHqbzgiqXuKhsVw5XbgzAsITadFBVXXWQvyRzQ5JXePnltja6FXwcRcjlISIKqvaDQPuby46I0go7ijirw7ItkE5Kp7FccHSawkvCpwNOLVltbTTmOBUWOuNfpJs3/4k1f47okRYofTkTln4Ibs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764946135; c=relaxed/simple;
	bh=RqEr9S0XnAHVndSl2d8Fyr9cX2NvU9y8RfE3KlBzua8=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type;
 b=F5BxPu2O826ORuakWoy6IVzOrWwoyWl7bBuEXbNugKDUPzzE5I5BRhY915NmMuwIZPlFvAGkqEbwVKBQAd1KguPivO9LjmGntDY/cwqnzsSxoMh7CMoMD/Pq8JFKmBWpm1HB/arQtHAJVfvgUEAXof3jd8a9MSK/SIkoy6Y83Sc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com;
 arc=none smtp.client-ip=209.85.167.199
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-oi1-f199.google.com with SMTP id
 5614622812f47-450adce3ee8so4389813b6e.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 05 Dec 2025 06:48:52 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764946131; x=1765550931;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=mIys1tDTyDfXQ7R7r5upLEocm/dQeIOCT5w0YnRlX14=;
        b=MPF1xrQW1bs+oa3MtjD6hMvzUfolHi7gxREnWilI2Abra4UZ1PNUyAlAZ9o0rwyZVj
         gF5RlcxkBs2GG0kch5gb0HDAaCeZHeXAyRamRF9fsoI1wbj/fI2TtfSWHvW9n7dqmEmT
         OIsFYu/bTFmGJ9e2E4IvDckognHSDnpqwHMwRr445qLxNxl8JhD6YMjSVPrMsEEZDSIR
         gY1SunhC4QuRUakGYxmRx3izGabNE6WIsajvJOWH5myxPd8bu32y+4Xj4gHb71mZvWBU
         YwEXzOoWaZvNDR+gYePtMkM6Kyjk/WJF8jx0tGhDSdZQUAN5SPkW2dN1H649sgxBRDdq
         HY0A==
X-Gm-Message-State: AOJu0Yxiy2Prp474r6gO1I+77NS6WrKo799yyiIl/lfn4Um9LUOPXw76
	M5+oyefW5s+SokCsRY8GFCYH8v28JHJ5NYFcx0BUKlBTxBV+GK2EjqsrWG39GSobo6jO9OZtFwS
	dG8gdenEHKF9Bdtpt0Ya2/kFp5Ci18kSQdrjHJPPIG+6Osm6SY+RMtL+6hvo=
X-Google-Smtp-Source: 
 AGHT+IEUt3Nec0eyO+bE3SgtnaFGrqgWrT4Bpn4BauptFYHDWDG/dIxIvA5RPjguj0TaWt9D075YcblTgz95MRcyHZK7wDlmIQRH
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a05:6808:308e:b0:450:6eb0:3481 with SMTP id
 5614622812f47-4536e4f9004mr5316609b6e.43.1764946131516; Fri, 05 Dec 2025
 06:48:51 -0800 (PST)
Date: Fri, 05 Dec 2025 06:48:51 -0800
In-Reply-To: <69326fcf.a70a0220.d98e3.01e5.GAE@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <6932f0d3.a70a0220.243dc6.000b.GAE@google.com>
Subject: Forwarded: [PATCH] hfsplus: fix memory leak in hfsplus_fill_super()
 error path
From: syzbot <syzbot+99f6ed51479b86ac4c41@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] hfsplus: fix memory leak in hfsplus_fill_super() error path
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git=
 master

When hfsplus_fill_super() fails, the sbi structure is freed but neither
sb->s_fs_info nor fc->s_fs_info are set to NULL. Since sget_fc() copies
fc->s_fs_info to sb->s_fs_info without clearing fc->s_fs_info, both
pointers reference the same memory. After fill_super frees sbi,
hfsplus_free_fc() may operate on a dangling pointer, causing memory
leak or other issues.

Set both sb->s_fs_info and fc->s_fs_info to NULL after freeing sbi
in the error path to ensure proper cleanup.

Reported-by: syzbot+99f6ed51479b86ac4c41@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3D99f6ed51479b86ac4c41
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/hfsplus/super.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
index 54e85e25a259..f242b88f6633 100644
--- a/fs/hfsplus/super.c
+++ b/fs/hfsplus/super.c
@@ -630,6 +630,8 @@ static int hfsplus_fill_super(struct super_block *sb, s=
truct fs_context *fc)
 	unload_nls(sbi->nls);
 	unload_nls(nls);
 	kfree(sbi);
+	sb->s_fs_info =3D NULL;
+	fc->s_fs_info =3D NULL;
 	return err;
 }
=20
--=20
2.43.0