| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2018 15:39:48 -0800
From: Eric Biggers <ebiggers3@...il.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
David Ahern <dsahern@...il.com>,
syzbot
<bot+21b498fc12cf2041655f8e1eeae0733807d794b3@...kaller.appspotmail.com>,
LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
syzkaller-bugs@...glegroups.com,
David Miller <davem@...emloft.net>,
Florian Westphal <fw@...len.de>,
Daniel Borkmann <daniel@...earbox.net>,
Xin Long <lucien.xin@...il.com>, jakub.kicinski@...ronome.com,
mschiffer@...verse-factory.net,
Vladislav Yasevich <vyasevich@...il.com>,
Jiri Benc <jbenc@...hat.com>, netdev <netdev@...r.kernel.org>,
Neil Horman <nhorman@...driver.com>, linux-sctp@...r.kernel.org
Subject: Re: INFO: task hung in bpf_exit_net
On Fri, Dec 22, 2017 at 05:04:37PM -0200, Marcelo Ricardo Leitner wrote:
> On Fri, Dec 22, 2017 at 04:28:07PM -0200, Marcelo Ricardo Leitner wrote:
> > On Fri, Dec 22, 2017 at 11:58:08AM +0100, Dmitry Vyukov wrote:
> > ...
> > > > Same with this one, perhaps related to / fixed by:
> > > > http://patchwork.ozlabs.org/patch/850957/
> > > >
> > >
> > >
> > >
> > > Looking at the log, this one seems to be an infinite loop in SCTP code
> > > with console output in it. Kernel is busy printing gazilion of:
> > >
> > > [ 176.491099] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
> > > low, using default minimum of 512
> > > ** 110 printk messages dropped **
> > > [ 176.503409] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
> > > low, using default minimum of 512
> > > ** 103 printk messages dropped **
> > > ...
> > > [ 246.742374] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
> > > low, using default minimum of 512
> > > [ 246.742484] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
> > > low, using default minimum of 512
> > > [ 246.742590] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
> > > low, using default minimum of 512
> > >
> > > Looks like a different issue.
> > >
> >
> > Oh. I guess this is caused by the interface having a MTU smaller than
> > SCTP_DEFAULT_MINSEGMENT (512), as the icmp frag needed handler
> > (sctp_icmp_frag_needed) will trigger an instant retransmission.
> > But as the MTU is smaller, SCTP won't update it, but will issue the
> > retransmission anyway.
> >
> > I will test this soon. Should be fairly easy to trigger it.
>
> Reproduced it.
>
> netns A veth0(1500) - veth1(1500) B veth2(508) - veth3(508) C
>
> When A sends a sctp packet bigger than 508, it triggers the issue as B
> will reply a icmp frag needed with a size that sctp won't accept but
> will retransmit anyway.
>
syzbot hasn't encountered this hang again (although, it just happened once in
the first place). I assume it was fixed by commit b6c5734db070, so telling
syzbot this:
#syz fix: sctp: fix the handling of ICMP Frag Needed for too small MTUs
- Eric
Powered by blists - more mailing lists