On 12/19/2014 03:01 PM, Al Viro wrote: > On Fri, Dec 19, 2014 at 02:34:00PM +0300, Pavel Emelyanov wrote: >> Hi, >> >> It looks like there's a strange refcount underflow in VFS/socket code. >> The proggie [1] crashes the recent Linus' tree (d790be38 Merge tag >> 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux) >> with the calltrace [2]. >> >> If in the proggie the psk is replaced with non-socket descriptor the >> issue doesn't appear. > > Gyah... mismerge on cherry-pick. My fault - ->i_fop assignment should've > been removed from sock_alloc_file() in bd9b51. Could you verify that the > following recovers the things? > > diff --git a/net/socket.c b/net/socket.c > index 70bbde6..a2c33a4 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -372,7 +372,6 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname) > path.mnt = mntget(sock_mnt); > > d_instantiate(path.dentry, SOCK_INODE(sock)); > - SOCK_INODE(sock)->i_fop = &socket_file_ops; > > file = alloc_file(&path, FMODE_READ | FMODE_WRITE, > &socket_file_ops); > . > Acked-by: Pavel Emelyanov <xemul@xxxxxxxxxxxxx> This also makes socket non-open-able back again, which, in turn, was another issue I was surprised with on the new kernel :) Thanks, Pavel -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
