1. Patchew
  2. linux
  3. View series

[syzbot] [net?] KASAN: slab-use-after-free Write in l2tp_session_delete

Edward Adam Davis posted 1 patch 1 year, 5 months ago
There is a newer version of this series
[syzbot] [net?] KASAN: slab-use-after-free Write in l2tp_session_delete
Posted by Edward Adam Davis 1 year, 5 months ago 
delete tunnl session list

#syz test: linux-next f76698bd9a8c

diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 3596290047b2..1fd27c902d80 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -446,6 +446,7 @@ static int pppol2tp_release(struct socket *sock)
 	if (session) {
 		struct pppol2tp_session *ps;
 
+		list_del_init(&session->list);
 		l2tp_session_delete(session);
 
 		ps = l2tp_session_priv(session);
Re: [syzbot] [net?] KASAN: slab-use-after-free Write in l2tp_session_delete
Posted by syzbot 1 year, 5 months ago 
Hello,

syzbot tried to test the proposed patch but the build/boot failed:

kernel clean failed: failed to run ["make" "-j" "64" "ARCH=x86_64" "distclean"]: exit status 2
Makefile:83: *** Cannot find a vmlinux for VMLINUX_BTF at any of "  ../../vmlinux /sys/kernel/btf/vmlinux /boot/vmlinux-5.9.0-0.bpo.5-cloud-amd64".  Stop.
make[2]: *** [Makefile:192: sched_ext_clean] Error 2
make[1]: *** [/syzkaller/jobs-2/linux/kernel/Makefile:1361: sched_ext] Error 2
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:240: __sub-make] Error 2



Tested on:

commit:         f76698bd Add linux-next specific files for 20240621
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=e78fc116033e0ab7
dashboard link: https://syzkaller.appspot.com/bug?extid=c041b4ce3a6dfd1e63e2
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=175c26c1980000

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.