From: Cong Wang <xiyou.wangc...@gmail.com> Date: Wed, 18 Apr 2018 11:51:56 -0700
> @@ -199,9 +200,15 @@ static int llc_ui_release(struct socket *sock) > llc->laddr.lsap, llc->daddr.lsap); > if (!llc_send_disc(sk)) > llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo); > + sap = llc->sap; > + /* Hold this for release_sock(), so that llc_backlog_rcv() could still > + * use it. > + */ > + llc_sap_hold(sap); > if (!sock_flag(sk, SOCK_ZAPPED)) > llc_sap_remove_socket(llc->sap, sk); > release_sock(sk); > + llc_sap_put(sap); > if (llc->dev) > dev_put(llc->dev); > sock_put(sk); Yeah, kind of a weird ordering issue here. It would have been nice if we could remove the sap after the release_sock() but it appears that we can't. Applied and queued up for -stable, thanks.
