From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
syzbot+e69f06a0f30116c68056@syzkaller.appspotmail.com,
Eric Dumazet <edumazet@google.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Xin Long <lucien.xin@gmail.com>, Jakub Kicinski <kuba@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.12 62/95] sctp: initialize more fields in sctp_v6_from_sk()
Date: Tue, 2 Sep 2025 15:20:38 +0200 [thread overview]
Message-ID: <20250902131941.983606614@linuxfoundation.org> (raw)
In-Reply-To: <20250902131939.601201881@linuxfoundation.org>
6.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 2e8750469242cad8f01f320131fd5a6f540dbb99 ]
syzbot found that sin6_scope_id was not properly initialized,
leading to undefined behavior.
Clear sin6_scope_id and sin6_flowinfo.
BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649
__sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649
sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983
sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390
sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452
sctp_get_port net/sctp/socket.c:8523 [inline]
sctp_listen_start net/sctp/socket.c:8567 [inline]
sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636
__sys_listen_socket net/socket.c:1912 [inline]
__sys_listen net/socket.c:1927 [inline]
__do_sys_listen net/socket.c:1932 [inline]
__se_sys_listen net/socket.c:1930 [inline]
__x64_sys_listen+0x343/0x4c0 net/socket.c:1930
x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable addr.i.i created at:
sctp_get_port net/sctp/socket.c:8515 [inline]
sctp_listen_start net/sctp/socket.c:8567 [inline]
sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636
__sys_listen_socket net/socket.c:1912 [inline]
__sys_listen net/socket.c:1927 [inline]
__do_sys_listen net/socket.c:1932 [inline]
__se_sys_listen net/socket.c:1930 [inline]
__x64_sys_listen+0x343/0x4c0 net/socket.c:1930
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+e69f06a0f30116c68056@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/68adc0a2.050a0220.37038e.00c4.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/20250826141314.1802610-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/ipv6.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 38e2fbdcbeac4..9f835e674c599 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -546,7 +546,9 @@ static void sctp_v6_from_sk(union sctp_addr *addr, struct sock *sk)
{
addr->v6.sin6_family = AF_INET6;
addr->v6.sin6_port = 0;
+ addr->v6.sin6_flowinfo = 0;
addr->v6.sin6_addr = sk->sk_v6_rcv_saddr;
+ addr->v6.sin6_scope_id = 0;
}
/* Initialize sk->sk_rcv_saddr from sctp_addr. */
--
2.50.1
next prev parent reply other threads:[~2025-09-02 13:33 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 13:19 [PATCH 6.12 00/95] 6.12.45-rc1 review Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 01/95] tools/latency-collector: Check pkg-config install Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 02/95] rtla: " Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 03/95] trace/fgraph: Fix the warning caused by missing unregister notifier Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 04/95] of: dynamic: Fix memleak when of_pci_add_properties() failed Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 05/95] pinctrl: STMFX: add missing HAS_IOMEM dependency Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 06/95] mips: dts: lantiq: danube: add missing burst length property Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 07/95] mips: lantiq: xway: sysctrl: rename the etop node Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 08/95] of: dynamic: Fix use after free in of_changeset_add_prop_helper() Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 09/95] ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 10/95] perf symbol-minimal: Fix ehdr reading in filename__read_build_id Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 11/95] vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 12/95] scsi: core: sysfs: Correct sysfs attributes access rights Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 13/95] smb: client: fix race with concurrent opens in unlink(2) Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 14/95] smb: client: fix race with concurrent opens in rename(2) Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 15/95] ASoC: codecs: tx-macro: correct tx_macro_component_drv name Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 16/95] erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 17/95] ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 18/95] vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 19/95] net: ipv4: fix regression in local-broadcast routes Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 20/95] drm/msm: Defer fd_install in SUBMIT ioctl Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 21/95] of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 22/95] drm/msm/kms: move snapshot init earlier in KMS init Greg Kroah-Hartman
2025-09-02 13:19 ` [PATCH 6.12 23/95] drm/msm: update the high bitfield of certain DSI registers Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 24/95] drm/mediatek: Add error handling for old state CRTC in atomic_disable Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 25/95] powerpc/kvm: Fix ifdef to remove build warning Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 26/95] HID: input: rename hidinput_set_battery_charge_status() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 27/95] HID: input: report battery status changes immediately Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 28/95] net: macb: fix unregister_netdev call order in macb_remove() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 29/95] Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 30/95] Bluetooth: hci_event: Mark connection as closed during suspend disconnect Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 31/95] Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 32/95] Bluetooth: hci_sync: fix set_local_name race condition Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 33/95] atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 34/95] drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 35/95] drm/nouveau: remove unused memory target test Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 36/95] ice: dont leave device non-functional if Tx scheduler config fails Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 37/95] ice: use fixed adapter index for E825C embedded devices Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 38/95] ice: fix incorrect counter for buffer allocation failures Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 39/95] dt-bindings: display/msm: qcom,mdp5: drop lut clock Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 40/95] net: dlink: fix multicast stats being counted incorrectly Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 41/95] efi: stmm: Fix incorrect buffer allocation method Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 42/95] drm/xe/xe_sync: avoid race during ufence signaling Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 43/95] drm/xe: Dont trigger rebind on initial dma-buf validation Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 44/95] phy: mscc: Fix when PTP clock is register and unregister Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 45/95] bnxt_en: Fix memory corruption when FW resources change during ifdown Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 46/95] bnxt_en: Adjust TX rings if reservation is less than requested Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 47/95] bnxt_en: Fix stats context reservation logic Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 48/95] net/mlx5: Reload auxiliary drivers on fw_activate Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 49/95] net/mlx5: Fix lockdep assertion on sync reset unload event Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 50/95] net/mlx5: Nack sync reset when SFs are present Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 51/95] net/mlx5e: Update and set Xon/Xoff upon MTU set Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 52/95] net/mlx5e: Update and set Xon/Xoff upon port speed set Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 53/95] net/mlx5e: Set local Xoff after FW update Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 54/95] net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 55/95] net: stmmac: xgmac: Correct supported speed modes Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 56/95] net: stmmac: Set CIC bit only for TX queues with COE Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 57/95] hv_netvsc: Link queues to NAPIs Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 58/95] net: hv_netvsc: fix loss of early receive events from host during channel open Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 59/95] net: rose: split remove and free operations in rose_remove_neigh() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 60/95] net: rose: convert use field to refcount_t Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 61/95] net: rose: include node references in rose_neigh refcount Greg Kroah-Hartman
2025-09-02 13:20 ` Greg Kroah-Hartman [this message]
2025-09-02 13:20 ` [PATCH 6.12 63/95] l2tp: do not use sock_hold() in pppol2tp_session_get_sock() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 64/95] fbnic: Move phylink resume out of service_task and into open/close Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 65/95] efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 66/95] net: macb: Disable clocks once Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 67/95] KVM: x86: use array_index_nospec with indices that come from guest Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 68/95] RISC-V: KVM: fix stack overrun when loading vlenb Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 69/95] x86/microcode/AMD: Handle the case of no BIOS microcode Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 70/95] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 71/95] HID: asus: fix UAF via HID_CLAIMED_INPUT validation Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 72/95] HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 73/95] HID: quirks: add support for Legion Go dual dinput modes Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 74/95] HID: logitech: Add ids for G PRO 2 LIGHTSPEED Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 75/95] HID: wacom: Add a new Art Pen 2 Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 76/95] HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 77/95] Revert "drm/amdgpu: fix incorrect vm flags to map bo" Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 78/95] blk-zoned: Fix a lockdep complaint about recursive locking Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 79/95] dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 80/95] fs/smb: Fix inconsistent refcnt update Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 81/95] net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 82/95] smb3 client: fix return code mapping of remap_file_range Greg Kroah-Hartman
2025-09-02 13:20 ` [PATCH 6.12 83/95] xfs: do not propagate ENODATA disk errors into xattr code Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 84/95] drm/xe/vm: Clear the scratch_pt pointer on error Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 85/95] drm/nouveau/disp: Always accept linear modifier Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 86/95] drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 87/95] drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 88/95] drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 89/95] net: rose: fix a typo in rose_clear_routes() Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 90/95] PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 91/95] PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 92/95] Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 93/95] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 94/95] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data Greg Kroah-Hartman
2025-09-02 13:21 ` [PATCH 6.12 95/95] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands Greg Kroah-Hartman
2025-09-02 16:29 ` 6.12.45-rc1 review Brett A C Sheffield
2025-09-02 18:03 ` [PATCH 6.12 00/95] " Jon Hunter
2025-09-02 19:30 ` Florian Fainelli
2025-09-03 7:43 ` Pavel Machek
2025-09-03 8:16 ` Naresh Kamboju
2025-09-03 8:56 ` Ron Economos
2025-09-03 10:47 ` Mark Brown
2025-09-03 13:12 ` Jules Maselbas
2025-09-03 13:28 ` Brett Mastbergen
2025-09-03 13:34 ` Jules Maselbas
2025-09-04 16:07 ` Greg Kroah-Hartman
2025-09-04 16:23 ` Greg Kroah-Hartman
2025-09-03 13:58 ` Peter Schneider
2025-09-03 14:17 ` Harshit Mogalapalli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250902131941.983606614@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+e69f06a0f30116c68056@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.