From fe4be618c9f23b74a9437488c4d28ff489529a8f Mon Sep 17 00:00:00 2001
From: Conrad Meyer <cem@FreeBSD.org>
Date: Wed, 11 May 2016 23:16:11 +0000
Subject: [PATCH] subr_vmem: Fix double-free in error case of vmem_create

If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
again.

Reported by:	Coverity
CID:		1042110
Sponsored by:	EMC / Isilon Storage Division
---
 sys/kern/subr_vmem.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/sys/kern/subr_vmem.c b/sys/kern/subr_vmem.c
index 4e08113d4c49..1de637884321 100644
--- a/sys/kern/subr_vmem.c
+++ b/sys/kern/subr_vmem.c
@@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_t base, vmem_size_t size,
 	if (vm == NULL)
 		return (NULL);
 	if (vmem_init(vm, name, base, size, quantum, qcache_max,
-	    flags) == NULL) {
-		free(vm, M_VMEM);
+	    flags) == NULL)
 		return (NULL);
-	}
 	return (vm);
 }