xfrm_add_acquire() constructs an xfrm_policy by calling
xfrm_policy_construct(), which allocates the policy structure via
xfrm_policy_alloc() and initializes its security context.

However, xfrm_add_acquire() currently releases the policy with kfree(),
which skips the proper cleanup and causes a memory leak.

Fix this by calling xfrm_policy_destroy() instead of kfree() to
properly release the policy and its associated resources, consistent
with the cleanup path in xfrm_policy_construct().

Fixes: 980ebd25794f ("[IPSEC]: Sync series - acquire insert")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
 net/xfrm/xfrm_user.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 010c9e6638c0..23c9bb42bb2a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -3035,7 +3035,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	}
 
 	xfrm_state_free(x);
-	kfree(xp);
+	xfrm_policy_destroy(xp);
 
 	return 0;
 
-- 
2.34.1