[IPV4]: Do not leak dst entries in ip_copy_metadata().

Netfilter conntrack can defragment locally generated
packets before they hit ip_fragment().  In this case
the fragments have skb->dst set already, so we have to
release that existing reference before overwriting
skb->dst.
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/ip_output.c

@@ -389,6 +389,7 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
 	to->priority = from->priority;
 	to->protocol = from->protocol;
 	to->security = from->security;
+	dst_release(to->dst);
 	to->dst = dst_clone(from->dst);
 	to->dev = from->dev;