If __bch2_dev_attach_bdev() fails, bch2_dev_free() is called twice.
Once here and another time in the error handling path.
This leads to several use-after-free.
Remove the redundant call and only rely on the error handling path.
Fixes: 6a44735653d4 ("bcachefs: Improved superblock-related error messages")
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
fs/bcachefs/super.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/bcachefs/super.c b/fs/bcachefs/super.c
index 29cd71445a94..7379325c428f 100644
--- a/fs/bcachefs/super.c
+++ b/fs/bcachefs/super.c
@@ -1617,10 +1617,8 @@ int bch2_dev_add(struct bch_fs *c, const char *path)
bch2_dev_usage_init(ca);
ret = __bch2_dev_attach_bdev(ca, &sb);
- if (ret) {
- bch2_dev_free(ca);
+ if (ret)
goto err;
- }
ret = bch2_dev_journal_alloc(ca);
if (ret) {
--
2.34.1
