Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't
increase dlc->refcnt.
Reported-by: syzbot+4496e82090657320efc6@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Qiujun Huang <hqjagain@xxxxxxxxx>
---
net/bluetooth/rfcomm/tty.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 0c7d31c..ea2a1df0 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -414,7 +414,6 @@ static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
if (IS_ERR(dlc))
return PTR_ERR(dlc);
else if (dlc) {
- rfcomm_dlc_put(dlc);
return -EBUSY;
}
dlc = rfcomm_dlc_alloc(GFP_KERNEL);
--
1.8.3.1
