xlog_recover_process_data() frees the transaction on any error out of the oh_flags switch statement, but in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case, the transaction has already been freed in xlog_recover_commit_trans() before the error is returned. Avoid this by only freeing the transaction in xlog_recover_commit_trans() if no error will be returned. (Coverity spotted this) Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx> --- diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 981af0f..e634ffd 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -3514,9 +3514,11 @@ out: if (!list_empty(&done_list)) list_splice_init(&done_list, &trans->r_itemq); - xlog_recover_free_trans(trans); - error2 = xfs_buf_delwri_submit(&buffer_list); + /* caller will free trans on error */ + if (!error && !error2) + xlog_recover_free_trans(trans); + return error ? error : error2; } _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
