Re: net: nfc: BUG and panic in accept() on 3.5-rc2
From: Eric Dumazet <hidden>
Date: 2012-06-11 14:41:40
Also in:
lkml, netdev
Subsystem:
networking [general], nfc subsystem, the rest · Maintainers:
"David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Heidelberg, Linus Torvalds
On Mon, 2012-06-11 at 16:41 +0200, Samuel Ortiz wrote:
Hi Sasha, On Mon, Jun 11, 2012 at 04:00:41PM +0200, Sasha Levin wrote:quoted
Hi all, I've stumbled on the following while fuzzing with trinity inside a KVM tools guest, running on 3.5-rc2:Thanks for the report, it could be worth adding this one to bugzilla.kernel.org. What's trinity ? Also, if this one is reproducible, would you mind sharing some details about how we could reproduce it ?
Well, bugfix should be trivial enough ;)
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index ec1134c..208416e 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c@@ -54,11 +54,12 @@ static int rawsock_release(struct socket *sock) { struct sock *sk = sock->sk; - pr_debug("sock=%p\n", sock); - - sock_orphan(sk); - sock_put(sk); + pr_debug("sock=%p sk=%p\n", sock, sk); + if (sk) { + sock_orphan(sk); + sock_put(sk); + } return 0; }