nfsd4: fix double free in nfsd4_do_async_copy()

This frees "copy->nf_src" before and again after the goto.

Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index e4ddaf87493ae4b961b8f10f48dac7c9973046ab..0e75f7fb5fec0a363e1c1230f6fb731de9b26737 100644 (file)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1469,7 +1469,6 @@ static int nfsd4_do_async_copy(void *data)
                copy->nf_src->nf_file = nfs42_ssc_open(copy->ss_mnt, &copy->c_fh,
                                              &copy->stateid);
                if (IS_ERR(copy->nf_src->nf_file)) {
-                       kfree(copy->nf_src);
                        copy->nfserr = nfserr_offload_denied;
                        nfsd4_interssc_disconnect(copy->ss_mnt);
                        goto do_callback;