The documentation for kobject_init() clearly states that the new object must be cleaned up with a call to kobject_put(), not a kfree() call directly. However, the error path in mddev_alloc() frees the newly allocated mddev object directly with kfree() after kobject_init() is called in mddev_init(). Fix this by changing the kfree() call to a kobject_put(). Signed-off-by: Logan Gunthorpe <logang@xxxxxxxxxxxx> --- drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 198d4ceae55a..d9e0e38be38c 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -769,7 +769,7 @@ static struct mddev *mddev_alloc(dev_t unit) return new; out_free_new: spin_unlock(&all_mddevs_lock); - kfree(new); + kobject_put(&new->kobj); return ERR_PTR(error); } base-commit: 922f4b5c75aa13532382ffb4964d2d12ad98747e -- 2.30.2
