From 4d2ba6d8342729115be4109f0f4e19315bbf7622 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Mon, 31 Mar 2025 03:25:53 +0200
Subject: [PATCH] sctp: fix double unlock in case adding a remote address fails

Thanks to glebius@ for pointing to the problem.

Reported by:	syzbot+1d5c164f1c10de84ad8a@syzkaller.appspotmail.com
Fixes:		2d5c48eccd9f ("sctp: Tighten up locking around sctp_aloc_assoc()")

(cherry picked from commit e8623834ca29b562687db945bdd12a3e2fe4aeb1)
---
 sys/netinet/sctp_pcb.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 7f10784ce43..6b4f1ce883d 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -4233,7 +4233,6 @@ sctp_aloc_assoc_locked(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
 		LIST_REMOVE(stcb, sctp_asocs);
 		LIST_REMOVE(stcb, sctp_tcbasocidhash);
 		SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
-		SCTP_INP_WUNLOCK(inp);
 		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
 		*error = ENOBUFS;
 		return (NULL);