From: Liu Bo Date: Mon, 5 Nov 2012 12:42:09 +0000 (+0000) Subject: Btrfs: fix a double free on pending snapshots in error handling X-Git-Tag: firefly_0821_release~3680^2~1158^2~93 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=109f2365f1928af241b2ccbd0f6ba0b93d911288;p=firefly-linux-kernel-4.4.55.git Btrfs: fix a double free on pending snapshots in error handling When creating a snapshot, failing to commit a transaction can end up with aborting the transaction, following by doing a cleanup for it, where we'll free all snapshots pending to disk. So we check it and avoid double free on pending snapshots. Signed-off-by: Liu Bo Signed-off-by: Chris Mason --- diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 14c0d2e0790c..e262cd8c4a7d 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -571,8 +571,12 @@ static int create_snapshot(struct btrfs_root *root, struct dentry *dentry, ret = btrfs_commit_transaction(trans, root->fs_info->extent_root); } - if (ret) + if (ret) { + /* cleanup_transaction has freed this for us */ + if (trans->aborted) + pending_snapshot = NULL; goto fail; + } ret = pending_snapshot->error; if (ret)