>> Now sctp uses the transport without holding it in sctp_hash_cmp, >> it can cause a use-after-free panic. As after it get transport from >> hashtable, another CPU may free it, then the members it accesses >> may be unavailable memory. > > How old is this bug? I think since: $ git describe 33c1529 v4.4-rc7-1158-g33c1529
> Is it in any release kernels? > yes it was found in s390x, we could not reproduce it in x86_64 by now. Maybe it needs low configuration cpu to reproduce.
