On Wed, Dec 08, 2021 at 04:54:34PM +0000, Lee Jones wrote: > To prevent this from happening we need to take a reference on the > to-be-used/dereferenced 'struct sctp_endpoint' until such a time when > we know it can be safely released. > > When KASAN is not enabled, a similar, but slightly different NULL > pointer derefernce crash occurs later along the thread of execution in > inet_sctp_diag_fill() this time. Hey Lee, did you try running lksctp-tools [1] func tests with this patch? I'm getting failures here. [root@vm1 func_tests]# make v4test ./test_assoc_abort test_assoc_abort.c 1 PASS : ABORT an association using SCTP_ABORT test_assoc_abort passes ./test_assoc_shutdown test_assoc_shutdown.c 1 BROK : bind: Address already in use DUMP_CORE ../../src/testlib/sctputil.h: 145 /bin/sh: line 1: 3727 Segmentation fault (core dumped) ./$a test_assoc_shutdown fails make: *** [Makefile:1648: v4test] Error 1 I didn't check it closely but it would seem that the ep is beind held forever. If I simply retry after a few seconds, it's still there (now the 1st test fails): [root@vm1 func_tests]# make v4test ./test_assoc_abort test_assoc_abort.c 1 BROK : bind: Address already in use DUMP_CORE ../../src/testlib/sctputil.h: 145 /bin/sh: line 1: 3751 Segmentation fault (core dumped) ./$a test_assoc_abort fails 1.https://github.com/sctp/lksctp-tools Marcelo
