From: James Chapman <[email protected]>
Date: Mon, 12 Feb 2018 10:11:05 +0000
> Since L2TP hooks on sockets opened by userspace using sk_user_data, we
> may race with other socket families that attempt to use the same
> socket.
>
> This problem was discovered by syzbot using AF_KCM. KCM has since been
> modified to use only TCP sockets to avoid hitting this issue but we
> should prevent such races in L2TP anyway.
>
> Fixes: c8fffcea0a079 ("l2tp: Refactor l2tp core driver to make use of the
> common UDP tunnel function")
> Reported-by: [email protected]
Yikes. Where is your signoff James?
> Kernel BUG at net/l2tp/l2tp_ppp.c:176!
> invalid opcode: 0000 [#1] SMP KASAN
> Dumping ftrace buffer:
> (ftrace buffer empty)
And this oops dump should be before the various
fixes/reported-by/signed-off-by tags.
Thanks.
