File: drivers/net/ppp/ppp_generic.c
In ppp_unregister_channel, pch could be freed in ppp_unbridge_channels()
but after that pch is still in use. Inside the function ppp_unbridge_channels,
if "pchbb == pch" is true and then pch will be freed.
I checked the commit history and found that this problem is introduced from
4cf476ced45d7 ("ppp: add PPPIOCBRIDGECHAN and PPPIOCUNBRIDGECHAN ioctls").
I have no idea about how to generate a suitable patch, sorry.
