From 8182e9da7d1c0b1357058e7a3da89a28e71eada4 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
Date: Thu, 6 Dec 2018 16:42:40 -0500
Subject: [PATCH] maple_tree: Remove double free of full node.

Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
---
 lib/maple_tree.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 446819f102db..2fc3811d57e8 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -475,15 +475,18 @@ void maple_link_node(struct maple_state *ms,
 		rmn64->parent = fmn64->parent;
 		/* Shift the data over */
 		maple_shift_64(target, ms->slot_idx);
+		/* Overwrite the duplicate slot data with the new right node */
 		target->slot[ms->slot_idx + 1] = ma_mk_node(rmn);
+		/* Overwrite the first pivot with the new value.  This is fine
+		 * as the current slot has valid entries for this pivot */
 		target->pivot[ms->slot_idx] = lmn64->pivot[3];
+		/* Set the first slot to the node with less pivots */
 		target->slot[ms->slot_idx] = ma_mk_node(lmn);
 	}
 
-	/* Orphan the full node */
+	/* Orphan & free the full node */
 	fmn64->parent = full_mn;
 	_maple_free_node(full_mn);
-	kfree(ma_get_alloc(ms));
 }
 /*
  * Private
-- 
2.49.0