On Mon, Dec 4, 2017 at 11:23 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Mon, Dec 4, 2017 at 10:57 AM, David Miller <da...@davemloft.net> wrote: >> >> It looks like tipc_accept_from_sock() has a similar problem? The >> tipc_close_conn() will get invoked indirectly from the sock_release() >> path right? > > Not sure, the sock_release() in tipc_accept_from_sock() is for > kernel_accept(), not for tipc_alloc_conn(). Or maybe it is hiding > deep in the call chain that I miss?
I see: tipc_release() -> tipc_sk_leave() -> tipc_group_delete() -> tipc_topsrv_kern_unsubscr() -> tipc_close_conn() Seems on this path we do need to skip NULL too.
