From: Eric Dumazet <eric.duma...@gmail.com>
Date: Tue, 09 May 2017 06:29:19 -0700
> From: Eric Dumazet <eduma...@google.com>
>
> syzkaller found a way to trigger double frees from ip_mc_drop_socket()
>
> It turns out that leave a copy of parent mc_list at accept() time,
> which is very bad.
>
> Very similar to commit 8b485ce69876 ("tcp: do not inherit
> fastopen_req from parent")
>
> Initial report from Pray3r, completed by Andrey one.
> Thanks a lot to them !
>
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Pray3r <pray3...@gmail.com>
> Reported-by: Andrey Konovalov <andreyk...@google.com>
> Tested-by: Andrey Konovalov <andreyk...@google.com>
> ---
> v2: fix moved into inet_csk_clone_lock() to fix both DCCP and TCP
Applied and queued up for -stable, thanks Eric.
