On 07/05/2025 14:36, Laurent Vivier wrote:

While running pasta, we trigger the following assert:

ASSERTION FAILED in udp_at_sidx (udp_flow.c:35): flow->f.type == FLOW_UDP

in udp_at_sidx() in the following path:

902 void udp_sock_handler(const struct ctx *c, union epoll_ref ref, 903 uint32_t events, const struct timespec *now) 904 { 905 struct udp_flow *uflow = udp_at_sidx(ref.flowside);

The invalid sidx is comming from the epoll_ref provided by epoll_wait().

This assert follows the following error:

Couldn't connect flow socket: Permission denied

It appears that an error happens in udp_flow_sock() and the recently created fd is not removed from the epoll_ctl() pool:

71 static int udp_flow_sock(const struct ctx *c, 72 struct udp_flow *uflow, unsigned sidei) 73 { ... 82 s = flowside_sock_l4(c, EPOLL_TYPE_UDP, pif, side, fref.data); 83 if (s < 0) { 84 flow_dbg_perror(uflow, "Couldn't open flow specific socket"); 85 return s; 86 } 87 88 if (flowside_connect(c, s, pif, side) < 0) { 89 int rc = -errno; 90 flow_dbg_perror(uflow, "Couldn't connect flow socket"); 91 return rc; 92 } ...

flowside_sock_l4() calls sock_l4_sa() that adds 's' to the epoll_ctl() pool.

So to cleanly manage the error of flowside_connect() we need to remove 's' from the epoll_ctl() pool using epoll_del().

Link: https://github.com/containers/podman/issues/26073 Signed-off-by: Laurent Vivier --- udp_flow.c | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/udp_flow.c b/udp_flow.c index fea1cf3c7a41..b3a13b7993d5 100644 --- a/udp_flow.c +++ b/udp_flow.c @@ -87,6 +87,10 @@ static int udp_flow_sock(const struct ctx *c,

if (flowside_connect(c, s, pif, side) < 0) { int rc = -errno; + + if (pif == PIF_HOST) + epoll_del(c, s); + flow_dbg_perror(uflow, "Couldn't connect flow socket"); return rc; }

After re-reading the code, I think we need also a "close(s)" and not the "(pif == PIF_HOST)" as flowside_sock_l4() also calls flowside_sock_splice() which call sock_l4_sa() too (but in a namespace). Laurent