On Tue, Nov 3, 2020 at 9:14 PM Xin Long <lucien....@gmail.com> wrote: > > On Sun, Nov 1, 2020 at 1:40 PM syzbot > <syzbot+5be8aebb1b7dfa90e...@syzkaller.appspotmail.com> wrote: > > > > syzbot has bisected this issue to: > > > > commit bcd623d8e9fa5f82bbd8cd464dc418d24139157b > > Author: Xin Long <lucien....@gmail.com> > > Date: Thu Oct 29 07:05:05 2020 +0000 > > > > sctp: call sk_setup_caps in sctp_packet_transmit instead > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14df9cb8500000 > > start commit: 68bb4665 Merge branch 'l2-multicast-forwarding-for-ocelot-.. > > git tree: net-next > > final oops: https://syzkaller.appspot.com/x/report.txt?x=16df9cb8500000 > > console output: https://syzkaller.appspot.com/x/log.txt?x=12df9cb8500000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=eac680ae76558a0e > > dashboard link: https://syzkaller.appspot.com/bug?extid=5be8aebb1b7dfa90ef31 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11286398500000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11bbf398500000 > > > > Reported-by: syzbot+5be8aebb1b7dfa90e...@syzkaller.appspotmail.com > > Fixes: bcd623d8e9fa ("sctp: call sk_setup_caps in sctp_packet_transmit > > instead") > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > I'm looking into this, Thanks. This was actually caused by:
commit a1dd2cf2f1aedabc2ca9bb4f90231a521c52d8eb Author: Xin Long <lucien....@gmail.com> Date: Thu Oct 29 15:05:03 2020 +0800 sctp: allow changing transport encap_port by peer packets where the IP6CB was overwritten by SCTP_INPUT_CB. inet6_skb_parmI will fix it by bringing inet6_skb_parm back to sctp_input_cb: struct sctp_input_cb { + union { + struct inet_skb_parm h4; +#if IS_ENABLED(CONFIG_IPV6) + struct inet6_skb_parm h6; +#endif + } header; + __be16 encap_port; struct sctp_chunk *chunk; struct sctp_af *af; - __be16 encap_port; }; Will post it soon, Thanks.