kernel: audit.c: is it a memleak of net in function audit_send_reply

[亿一]

Hi, all:

when reviewing code in function audit_send_reply, I notice that if
kthread_run return failure, the net reference would not be released
because reply has been kfree directly.

static void audit_send_reply(struct sk_buff *request_skb, int seq, int
type, int done,
     int multi, const void *payload, int size)
{
    struct net *net = sock_net(NETLINK_CB(request_skb).sk);
    struct sk_buff *skb;
    struct task_struct *tsk;
    struct audit_reply *reply = kmalloc(sizeof(struct audit_reply),
                                                           GFP_KERNEL);

    if (!reply)
        return;

    skb = audit_make_reply(seq, type, done, multi, payload, size);
    if (!skb)
        goto out;

    reply->net = get_net(net);     // hold a reference of net here
    reply->portid = NETLINK_CB(request_skb).portid;
    reply->skb = skb;

    tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
    if (!IS_ERR(tsk))
        return;
    kfree_skb(skb);

    out:
        kfree(reply);      // kfree reply without release the net reference.
}