From: Xin Long <lucien.xin@xxxxxxxxx>
Date: Tue, 22 Jan 2019 02:42:09 +0800
> In the paths:
>
> sctp_sf_do_unexpected_init() ->
> sctp_make_init_ack()
> sctp_sf_do_dupcook_a/b()() ->
> sctp_sf_do_5_1D_ce()
>
> The new chunk 'retval' transport is set from the incoming chunk 'chunk'
> transport. However, 'retval' transport belong to the new asoc, which
> is a different one from 'chunk' transport's asoc.
>
> It will cause that the 'retval' chunk gets set with a wrong transport.
> Later when sending it and because of Commit b9fd683982c9 ("sctp: add
> sctp_packet_singleton"), sctp_packet_singleton() will set some fields,
> like vtag to 'retval' chunk from that wrong transport's asoc.
>
> This patch is to fix it by setting 'retval' transport correctly which
> belongs to the right asoc in sctp_make_init_ack() and
> sctp_sf_do_5_1D_ce().
>
> Fixes: b9fd683982c9 ("sctp: add sctp_packet_singleton")
> Reported-by: Ying Xu <yinxu@xxxxxxxxxx>
> Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
Applied and queued up for -stable.
