From: Eric Dumazet <eric.duma...@gmail.com>
Date: Thu, 09 Feb 2017 16:15:52 -0800
> From: Eric Dumazet <eduma...@google.com>
>
> udp_ioctl(), as its name suggests, is used by UDP protocols,
> but is also used by L2TP :(
>
> L2TP should use its own handler, because it really does not
> look the same.
>
> SIOCINQ for instance should not assume UDP checksum or headers.
>
> Thanks to Andrey and syzkaller team for providing the report
> and a nice reproducer.
>
> While crashes only happen on recent kernels (after commit
> 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue")), this
> probably needs to be backported to older kernels.
>
> Fixes: 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue")
> Fixes: 85584672012e ("udp: Fix udp_poll() and ioctl()")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Andrey Konovalov <andreyk...@google.com>
> Acked-by: Paolo Abeni <pab...@redhat.com>
> ---
> v2: Adding the EXPORT_SYMBOL(l2tp_ioctl) for ipv6, of course...
Applied and queued up for -stable, thanks Eric.
