On Tue, Feb 17, 2026 at 07:05:01AM -0800, Stephen Hemminger wrote:
> mlx5_flow_aso_age_mng_init() and mlx5_flow_aso_ct_mng_init() each
> allocate a management structure, then call mlx5_aso_queue_init().
> If the queue init fails, the structure is freed but the pointer in
> the shared context (sh->aso_age_mng / sh->ct_mng) is not set to
> NULL.
>
> A subsequent call to the same init function sees the non-NULL
> pointer, skips re-allocation, and returns success, leaving the
> caller operating on freed memory.
>
> Set the pointer to NULL after freeing in both error paths.
>
> Fixes: f935ed4b645a ("net/mlx5: support flow hit action for aging")
> Cc: [email protected]
>
> Signed-off-by: Stephen Hemminger <[email protected]>
Acked-by: Dariusz Sosnowski <[email protected]>
