From: Eric Dumazet <[email protected]> Date: Tue, 09 May 2017 06:29:19 -0700
> From: Eric Dumazet <[email protected]> > > syzkaller found a way to trigger double frees from ip_mc_drop_socket() > > It turns out that leave a copy of parent mc_list at accept() time, > which is very bad. > > Very similar to commit 8b485ce69876 ("tcp: do not inherit > fastopen_req from parent") > > Initial report from Pray3r, completed by Andrey one. > Thanks a lot to them ! > > Signed-off-by: Eric Dumazet <[email protected]> > Reported-by: Pray3r <[email protected]> > Reported-by: Andrey Konovalov <[email protected]> > Tested-by: Andrey Konovalov <[email protected]> > --- > v2: fix moved into inet_csk_clone_lock() to fix both DCCP and TCP Applied and queued up for -stable, thanks Eric.
