Commit a1be1f39 authored by Eric Biggers's avatar Eric Biggers Committed by Linus Torvalds
Browse files

kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"

This reverts commit ba62bafe ("kernel/relay.c: fix potential memory leak").

This commit introduced a double free bug, because 'chan' is already
freed by the line:

    kref_put(&chan->kref, relay_destroy_channel);

This bug was found by syzkaller, using the BLKTRACESETUP ioctl.

Fixes: ba62bafe

 ("kernel/relay.c: fix potential memory leak")
Signed-off-by: default avatarEric Biggers <>
Reported-by: default avatarsyzbot <>
Reviewed-by: default avatarAndrew Morton <>
Cc: Zhouyi Zhou <>
Cc: Jens Axboe <>
Cc: <>	[4.7+]
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 28f3a488
......@@ -611,7 +611,6 @@ struct rchan *relay_open(const char *base_filename,
kref_put(&chan->kref, relay_destroy_channel);
return NULL;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment