Re: syzkaller test panic: Linux 5.4.y

From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: john.p.donnelly@oracle.com
Cc: linux-sctp@vger.kernel.org, Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Subject: Re: syzkaller test panic: Linux 5.4.y
Date: Tue, 19 Oct 2021 14:35:53 -0700	[thread overview]
Message-ID: <CALnP8Zbc2oxPc8qL-yYqD0a-9eoaLHn0K802kTVjL7igq_SbFw@mail.gmail.com> (raw)
In-Reply-To: <bb302bd6-093b-2d21-801a-4f613ef39098@oracle.com>

On Tue, Oct 19, 2021 at 03:05:24PM -0500, john.p.donnelly@oracle.com wrote:
> On 10/19/21 10:24 AM, mleitner@redhat.com wrote:
> > Hi John,
> >
> > On Mon, Oct 18, 2021 at 04:29:58PM -0500, john.p.donnelly@oracle.com wrote:
> > >    Call Trace:
> > >     skb_put+0x4c/0x4c
> > >     sctp_addto_chunk+0x59/0xb0 [sctp]
> > >     sctp_make_strreset_req+0x166/0x180 [sctp]
> > >     sctp_send_reset_streams+0x14d/0x300 [sctp]
> > >     sctp_setsockopt.part.21+0x101f/0x1720 [sctp]
> > >     sctp_setsockopt+0x99/0xb0 [sctp]
> > >     sock_common_setsockopt+0x1a/0x1c
> > >     SyS_setsockopt+0x86/0xe6
> > >     +0x79/0x1ae
> > >     entry_SYSCALL_64_after_hwframe+0x151/0x0
> > >   RIP: 0033:0x7f80bdc21be9
> > >
> > >
> > > I am not familar with any of the sctp subsystem. It was found running the
> > > syzkaller fuzzing test suite.
> > >
> > > If there is a more appropriate place to report this I can do that too. This
> >
> > Here is fine :)
> >
> > > test fails on just about every 4.x and 5.x kernel.  It is not
> > > unique to 5.4.
> >
> > Did the test kernels include commit "sctp: account stream padding
> > length for reconf chunk"? It is a recent fix right on this topic. It
> > should be fixed by it, actually.
> >
> >    Marcelo
> >
>
>
> Hi Marcelo
>
>  I can confirm
>
>
> commit a2d859e3fc97e79d907761550dbc03ff1b36479c
> Author: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
> Date:   Wed Oct 13 17:27:29 2021 -0300
>
>     sctp: account stream padding length for reconf chunk
>
> resolves my panic for 5.4.LTS   wrt to
>
> // autogenerated by syzkaller (https://github.com/google/syzkaller)
> //  317ef02b0d5cbd19d445294fed91453c7f970fc3.c
>

Sweet!

>
>
> Should be an easy enough fix to apply to older 4.x kernels too.

Right. It's currently scheduled for:
 812   C out 18 Greg Kroah-Hart (1,7K) [PATCH 4.14 26/39] sctp:
account stream padding length for re
 813   C out 18 Greg Kroah-Hart (1,7K) [PATCH 4.19 33/50] sctp:
account stream padding length for re
 814   C out 18 Greg Kroah-Hart (1,7K) [PATCH 5.4 45/69] sctp: account
stream padding length for rec
 815   C out 18 Greg Kroah-Hart (1,7K) [PATCH 5.10 068/103] sctp:
account stream padding length for
 817   C out 18 Greg Kroah-Hart (1,7K) [PATCH 5.14 098/151] sctp:
account stream padding length for

>
> There is suppose to be a format to cc the syz-kaller bot to mark
> 317ef02b0d5cbd19d445294fed91453c7f970fc3 fixed with commit
> a2d859e3fc97e79d907761550dbc03ff1b36479c.
>
> Perhaps mentioning it here will be enough ;-) .

Almost :-)

The report I previously had for this issue didn't come from syzkaller.
I'm not sure if 317ef02 above refers to the Google's instance of what.
Anyway, would mind marking it as fixed then?

Thanks!
Marcelo