search

sctplab / sctp-idata

Developing support for draft-ietf-tsvwg-sctp-ndata
BSD 2-Clause "Simplified" License
6 stars 3 forks source link

Crash in sctpd module #19

Open Harishreddy01 opened 4 years ago

Harishreddy01 commented 4 years ago

In sctp_choose_boundspecific_stcb for (laddr = stcb->asoc.last_used_address; laddr; laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { if (laddr->ifa == NULL) { / address has been removed / continue; } if (laddr->action == SCTP_DEL_IP_ADDRESS) { / address is being deleted / continue; } sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); if (sifa == NULL) continue; if (((non_asoc_addr_ok == 0) && (sctp_is_addr_restricted2(stcb, sifa))) || (non_asoc_addr_ok && (sctp_is_addr_restricted2(stcb, sifa)) && (!sctp_is_addr_pending(stcb, sifa)))) { / on the no-no list / continue; } stcb->asoc.last_used_address = laddr; SCTP_TCB_UNLOCK(stcb); atomic_add_int(&sifa->refcount, 1); return (sifa); } if (start_at_beginning == 0) { stcb->asoc.last_used_address = NULL; goto sctp_from_the_top; } My application was crashing when in this part of code, when try to change some config related to sctp in my application and the reloading it. I some times see multiple threads are in this part of code, however they belong to different sctp connections.

tuexen commented 4 years ago

Can you provide a stack trace or a way to reproduce the issue?

Harishreddy01 commented 4 years ago

The stack trace is below:

0 sctp_choose_boundspecific_stcb (net=0x65c6df40, fam=2, non_asoc_addr_ok=0, dest_is_loop=, dest_is_priv=, vrf_id=, ro=0x65c6df98, stcb=0x65c6d800, inp=0x6a48c400)

at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctp_output.c:2663

1 sctp_source_address_selection (inp=inp@entry=0x6a48c400, stcb=stcb@entry=0x65c6d800, ro=ro@entry=0x3b1a0c58, net=net@entry=0x3b1a0c00, non_asoc_addr_ok=non_asoc_addr_ok@entry=0, vrf_id=vrf_id@entry=0)

at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctp_output.c:3287

2 0x0000000001de48c5 in sctp_lowlevel_chunk_output (inp=inp@entry=0x6a48c400, stcb=stcb@entry=0x65c6d800, net=net@entry=0x3b1a0c00, to=to@entry=0x3b1a0c60, m=0x2d897cd8, auth_offset=, auth=0x0,

auth_keyid=0, nofragment_flag=1, ecn_ok=0, chk=0x0, out_of_asoc_ok=0, src_port=49175, dest_port=49175, v_tag=2614718190, port=0, so_locked=0, over_addr=0x0)
at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctp_output.c:3673

3 0x0000000001de63a1 in sctp_med_chunk_output (inp=inp@entry=0x6a48c400, stcb=stcb@entry=0x65c6d800, asoc=asoc@entry=0x65c6d858, num_out=num_out@entry=0x7fffbe2734b0, reason_code=reason_code@entry=0x7fffbe2734b4,

control_only=control_only@entry=0, from_where=<optimized out>, now=<optimized out>, now_filled=<optimized out>, frag_point=<optimized out>, so_locked=<optimized out>)
at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctp_output.c:8690

4 0x0000000001dea8f2 in sctp_chunk_output (inp=inp@entry=0x6a48c400, stcb=stcb@entry=0x65c6d800, from_where=6, so_locked=0) at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctp_output.c:10031

5 0x0000000001e0ea94 in sctp_timeout_handler (t=) at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctp/sctputil.c:1723

6 0x0000000001e13b59 in SctpTimedObject::timeout (this=) at /home/acme/cc/Cz8.3.0_integration/acme/bin/sctpd/sctpd.cpp:2022

7 0x0000000002a27237 in TimeoutQueue::process_timeouts (this=0x3b86bb90, tNow=...) at /home/acme/cc/Cz8.3.0_integration/acme/lib/common/timeout.cpp:161

8 0x000000000276de29 in WorkerThread::doWork (this=0x3be30700, tmo=) at /home/acme/cc/Cz8.3.0_integration/acme/lib/common/WorkerThread.cpp:274

9 0x000000000276cb05 in WorkerThread::run (this=0x3be30700) at /home/acme/cc/Cz8.3.0_integration/acme/lib/common/WorkerThread.cpp:160

10 0x00000000024f89b9 in ThreadBase::startThread (pthread=0x3be30700) at /home/acme/cc/Cz8.3.0_integration/aplib/private/common/Thread.cpp:56

11 0x00007ffff69d6a18 in ThreadFunction (arg=0x0) at /home/acme/cc/Cz8.3.0_integration/aplib/private/losel/util/thread.c:395

12 0x00007ffff7bc6dd5 in start_thread () from ./lib64/libpthread.so.0

13 0x00007ffff0cd3f6d in clone () from ./lib64/libc.so.6

Steps to reproduce:

In our application we we try to change sctp related configuration like protocol or multihome address or adding or deleting more sctp interfaces etc and then reload the application ( not reboot) we are observing this crash

tuexen commented 4 years ago

sctp_output.c:2663 seems to be in the middle of variable declarations.

Are you really using this repo? Or are you using usrsctp? Which OS are you using? Any particular reason why you are not using a kernel stack?