I'm investigating a crash found by syzbot which turns out to be caused by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).
Here's the syzbot report: https://syzkaller.appspot.com/bug?extid=9f092552ba9a5efca5df I submitted a patch to l2tp to workaround this by having l2tp refuse to use a UDP socket with SO_REUSEPORT set. But this isn't the right fix. Can BPF be changed to store its metadata elsewhere such that other socket users which use sk_user_data can co-exist with BPF? The email thread discussing this is at: https://lore.kernel.org/netdev/20200706.124536.774178117550894539.da...@davemloft.net/
