On Thu, 09 Dec 2021, Marcelo Ricardo Leitner wrote: > On Wed, Dec 08, 2021 at 04:54:34PM +0000, Lee Jones wrote: > > To prevent this from happening we need to take a reference on the > > to-be-used/dereferenced 'struct sctp_endpoint' until such a time when > > we know it can be safely released. > > > > When KASAN is not enabled, a similar, but slightly different NULL > > pointer derefernce crash occurs later along the thread of execution in > > inet_sctp_diag_fill() this time. > > Hey Lee, did you try running lksctp-tools [1] func tests with this patch? > I'm getting failures here. > > [root@vm1 func_tests]# make v4test > ./test_assoc_abort > test_assoc_abort.c 1 PASS : ABORT an association using SCTP_ABORT > test_assoc_abort passes > > ./test_assoc_shutdown > test_assoc_shutdown.c 1 BROK : bind: Address already in use > DUMP_CORE ../../src/testlib/sctputil.h: 145 > /bin/sh: line 1: 3727 Segmentation fault (core dumped) ./$a > test_assoc_shutdown fails > make: *** [Makefile:1648: v4test] Error 1 > > I didn't check it closely but it would seem that the ep is beind held > forever. If I simply retry after a few seconds, it's still there (now the 1st > test fails): > > [root@vm1 func_tests]# make v4test > ./test_assoc_abort > test_assoc_abort.c 1 BROK : bind: Address already in use > DUMP_CORE ../../src/testlib/sctputil.h: 145 > /bin/sh: line 1: 3751 Segmentation fault (core dumped) ./$a > test_assoc_abort fails > > 1.https://github.com/sctp/lksctp-tools No I haven't, but I will do once I get a moment. The only thing I can think of, before I go digging again, is that either the association is never unhashed (so it stays in cache forever - I doubt this, as it would be very bad) or the association was migrated via sctp_assoc_migrate() and the additional reference was not transferred across. -- Lee Jones [李琼斯] Senior Technical Lead - Developer Services Linaro.org │ Open source software for Arm SoCs Follow Linaro: Facebook | Twitter | Blog
