tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

tipc: fix a double free in tipc_enable_bearer()

bearer_disable() already calls kfree_rcu() to free struct tipc_bearer,
we don't need to call kfree() again.

Fixes: cb30a63384bc ("tipc: refactor function tipc_enable_bearer()")
Reported-by: syzbot+b981acf1fb240c0c128b@syzkaller.appspotmail.com
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Cong Wang and committed by
David S. Miller dc4501ff b71acb0e

-1
-1
net/tipc/bearer.c
··· 319 319 res = tipc_disc_create(net, b, &b->bcast_addr, &skb); 320 320 if (res) { 321 321 bearer_disable(net, b); 322 - kfree(b); 323 322 errstr = "failed to create discoverer"; 324 323 goto rejected; 325 324 }