Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3875385ybi;
        Tue, 18 Jun 2019 07:53:36 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyzi36MLLdzbycoS49eRa8lKpakHoDuOkWJXpXjM66BGnMccl3986lIgkdr2HqmOOJCgdpq
X-Received: by 2002:a63:490a:: with SMTP id w10mr3036457pga.6.1560869616236;
        Tue, 18 Jun 2019 07:53:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560869616; cv=none;
        d=google.com; s=arc-20160816;
        b=HxzGFqQ/TrQdMgthypWEIeSVovNZslBn36lNyx+kOPoyTYI4ffi39vMEY1mAAow+Jv
         qxGHcmSQ0Qzjz7i8CaSyF01ATjpjXGLYo3wGKk2myeN5L9eZItO57eeuhxktDTMZsMmz
         viKnZil8U3J8+nxED7tQYppQp/+k2t9RXX+V34/SscxDOh7MBainSM51Q/tAxOWLr+mf
         s9+6Uxy5dWg+f+amc3+4+ETTb+dWbTtPt1Et/tGec+EzGYQXd8AvrfyOSHM+qRmADQAR
         6I8DxQdtSuDI9bk80ewhqsuv6lq9FYwETASlQPvha0JTyVSz3W02khL2M+PIFiQTtv+3
         zBhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=0q+lDhwoSzLW/vGLXgPFr1bRPZrHxwKku/Yc4H2Wc70=;
        b=Xd/SGY+QKTzEXG6XOjJq8oVtNuP16D6S23JOLfmxAJuff1gj6FYrhWwYBrIuMDTNkh
         5IoOooYwCuOVRuz+B7TqZ/Tnc7/vKBZY/k865hgREprlheyNUp1+q+uLSqMtiPdDm2aL
         ziPe+Dk5cyB3+D9X07tTGtRn4ZlepEdsOJrNZ/KjsEc3sMAFL+2v4PZkBgPZJnyrIlpJ
         nzDW02YN7wakOS0z0cn6JXlaj41zGu9xLYFHH2eNiOi25uPpIthT+NKp7j6y0gwshx2J
         FAmMCrwHGWWGHtNhp+bm1A53ty0Wt4FadtI1sD1M2WIVdtW2gQTtWGDA5zwZ21gDTJ1y
         QErg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=pbyrk4o9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k11si2385638pjs.73.2019.06.18.07.53.20;
        Tue, 18 Jun 2019 07:53:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=pbyrk4o9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729320AbfFROxP (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Tue, 18 Jun 2019 10:53:15 -0400
Received: from mail-qk1-f181.google.com ([209.85.222.181]:41351 "EHLO
        mail-qk1-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727105AbfFROxO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jun 2019 10:53:14 -0400
Received: by mail-qk1-f181.google.com with SMTP id c11so8729933qkk.8;
        Tue, 18 Jun 2019 07:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=0q+lDhwoSzLW/vGLXgPFr1bRPZrHxwKku/Yc4H2Wc70=;
        b=pbyrk4o9ZgXacJhZgx6ZYLbBTYI/GQmPImCY/q9Giq0Tv3W9d861V0Cu2qiomhVjbb
         JfpKce9xOkyJmthgWXQjAwCXlKibJ5VLVRIU4eFIt7OqNgca1DaMSFoD34o/td1Syr9n
         CvQ/r6HlXUTC/bR2TT9yqO3kDRFBGtCp91/1D0VZRg890YIWI2c9sjMTh/x031HnckIx
         58OfV5wltHCi0jOTJdvmbzOOQ12+wrcF3nV9hplOmrmIeetxeqLUOglQ6EaSITQ/wrPe
         4K6/EbZUzA+gpOU9zJcsN9ZELmhWTop2AsdoGc5H0k/v6H/MjFdYbImuH5ifP1Ilzy/P
         5czQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=0q+lDhwoSzLW/vGLXgPFr1bRPZrHxwKku/Yc4H2Wc70=;
        b=OpqDbhAdkKG5rVnRtYBqFUQBOyk6eqo5GHBEwhoQXiCNsp4pZUDguM07qVFwbTUg8c
         IV5XTk7WGDJwoRKxPZy26jyBafXZJbNpD5b+2P810Dk5hV6mf7ctphmLuyg9rmhylQeF
         tG76MFzbKqCN10LQlnBniZFn1/evCxl+j564lpvkESkEWWbOKxwiN0kd/iigUMKqoQjS
         ZfDf6E6wTvO3purhh79f40VzN9ycH6dStFLS8qYWwfu61KZhmXk1rKRuOmmbl0YkyIpj
         VSwu0982HvK2JlmZNHnlXKWumC3viXuzRSupKijCCwQ+lGZGFTvDQ5KPphq4CX2/tozp
         d3IA==
X-Gm-Message-State: APjAAAUSYeLoR7sEZ6vmjK8NGH74j1uPd0JaQOzFewmUooeAcfyCPyJY
        XrdUUiCX84tseffXc7lRQr8=
X-Received: by 2002:ae9:eb96:: with SMTP id b144mr14015575qkg.321.1560869593227;
        Tue, 18 Jun 2019 07:53:13 -0700 (PDT)
Received: from localhost.localdomain ([168.181.49.32])
        by smtp.gmail.com with ESMTPSA id o22sm7976457qkk.50.2019.06.18.07.53.12
        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
        Tue, 18 Jun 2019 07:53:12 -0700 (PDT)
Received: by localhost.localdomain (Postfix, from userid 1000)
        id F2C2AC0FFC; Tue, 18 Jun 2019 11:53:09 -0300 (-03)
Date:   Tue, 18 Jun 2019 11:53:09 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To:     Hillf Danton <hdanton@sina.com>
Cc:     syzbot <syzbot+c1a380d42b190ad1e559@syzkaller.appspotmail.com>,
        "davem@davemloft.net" <davem@davemloft.net>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>,
        "lucien.xin@gmail.com" <lucien.xin@gmail.com>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
        "syzkaller-bugs@googlegroups.com" <syzkaller-bugs@googlegroups.com>,
        "vyasevich@gmail.com" <vyasevich@gmail.com>
Subject: Re: general protection fault in sctp_sched_prio_sched
Message-ID: <20190618145309.GO3436@localhost.localdomain>
References: <20190618144554.5016-1-hdanton@sina.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190618144554.5016-1-hdanton@sina.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jun 18, 2019 at 10:45:54PM +0800, Hillf Danton wrote:
...
> > Anyway, with the patch above, after calling
> > sctp_stream_init_ext() ->ext will be either completely valid, or it
> > will not be present at all as it is seting ->ext to NULL if sid
> > initialization ended up failing.
> > 
> Correct with no doubt.
> 
> I was wondering if it is likely for the ->ext, loaded with a valid slab,
> to cause a gpf in sctp_sched_prio_sched() without your patch applied.
> And if the failure to initialise sid could likely change the result.

Thanks, I think I understand now. Well, without the patch, yes, as
syzbot reported. Seems you're also worried if it can happen in other
situations as well, and end up triggering the same gpf but on a
different situation. I don't think so. It should be either
initialized or not initialized. Half-initialized as it was, that's a
pain.

  Marcelo