Hi, maintainer.
Our code analyzer reported a double free bug,
and it is a little difficult for me to fix the intricate bug.
File: net/ipv6/ip6_tunnel.c
In ip6_tnl_start_xmit, it calls ipxip6_tnl_xmit() and then
ipxip6_tnl_xmit calls ip6_tnl_xmit(). The skb could be freed
at line 1,213 via consume_skb(skb). If ip6_tnl_xmit() returns
an error code, the tx_err branch of ip6_tnl_start_xmit will free
the skb again.
Issue: e7bb18e6c8b7e ("ip6_tunnel: simplify transmit path")
Signed-off-by: Lv Yunlong <[email protected]>