From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Subject: Re: KASAN: use-after-free Read in sctp_do_sm
Date: Tue, 8 May 2018 15:57:32 -0300
Message-ID: <20180508185732.GP5105@localhost.localdomain>
References: <000000000000c10690056bb22ccd@google.com>
 <CADvbK_d8O7b9OCfCKGhaaQuBafi6rgkKEQh9Bk7pvZKX3KDKCg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: syzbot <syzbot+141d898c5f24489db4aa@syzkaller.appspotmail.com>,
        davem <davem@davemloft.net>, LKML <linux-kernel@vger.kernel.org>,
        linux-sctp@vger.kernel.org, network dev <netdev@vger.kernel.org>,
        Neil Horman <nhorman@tuxdriver.com>,
        syzkaller-bugs@googlegroups.com,
        Vlad Yasevich <vyasevich@gmail.com>
To: Xin Long <lucien.xin@gmail.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <CADvbK_d8O7b9OCfCKGhaaQuBafi6rgkKEQh9Bk7pvZKX3KDKCg@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

On Wed, May 09, 2018 at 01:41:03AM +0800, Xin Long wrote:
...
> >  sctp_chunk_destroy net/sctp/sm_make_chunk.c:1481 [inline]
> >  sctp_chunk_put+0x321/0x440 net/sctp/sm_make_chunk.c:1504
> >  sctp_ulpevent_make_rcvmsg+0x955/0xd40 net/sctp/ulpevent.c:718
> There's no reason to put the chunk in sctp_ulpevent_make_rcvmsg's
> fail_mark err path before holding this chunk later there.
>
> We should just remove it.

Oups. Agreed.

  Marcelo