syzbot

 sign-in | mailing list | source | docs
🐞 Open [1165] 🐞 Fixed [4324] 🐞 Invalid [9670] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING: lock held when returning to user space in tcp_setsockopt (2)

Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: b29fcfb54cd7 mptcp: full disconnect implementation
First crash: 415d, last: 409d

Cause bisection: introduced by (bisect log) :
commit 40947e13997a1cba4e875893ca6e5d5e61a0689d
Author: Florian Westphal <fw@strlen.de>
Date: Fri Feb 12 23:59:56 2021 +0000

  mptcp: schedule worker when subflow is closed

Crash: WARNING: lock held when returning to user space in tcp_setsockopt (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit b29fcfb54cd70caca5b11c80d8d238854938884a
Author: Paolo Abeni <pabeni@redhat.com>
Date: Fri Jan 7 00:20:16 2022 +0000

  mptcp: full disconnect implementation

similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: lock held when returning to user space in tcp_setsockopt 1 517d 517d 0/24 auto-closed as invalid on 2021/11/06 22:39

Sample crash report:
================================================
WARNING: lock held when returning to user space!
5.16.0-rc5-syzkaller #0 Not tainted
------------------------------------------------
syz-executor376/4302 is leaving the kernel with locks still held!
1 lock held by syz-executor376/4302:
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1645 [inline]
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: do_tcp_setsockopt net/ipv4/tcp.c:3370 [inline]
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1645 [inline] net/ipv4/tcp.c:3658
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: do_tcp_setsockopt net/ipv4/tcp.c:3370 [inline] net/ipv4/tcp.c:3658
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_setsockopt+0x5b8/0x2520 net/ipv4/tcp.c:3658 net/ipv4/tcp.c:3658

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-net-this-kasan-gce 2021/12/19 07:37 net 60ec7fcfe768 44068e19 .config console log report syz C WARNING: lock held when returning to user space in tcp_setsockopt
ci-upstream-net-kasan-gce 2021/12/19 09:53 net-next f85b244ee395 44068e19 .config console log report syz C WARNING: lock held when returning to user space in tcp_setsockopt
ci-upstream-net-this-kasan-gce 2021/12/23 12:52 net d1652b70d07c 6caa12e4 .config console log report info WARNING: lock held when returning to user space in tcp_setsockopt
ci-upstream-net-this-kasan-gce 2021/12/19 20:50 net 60ec7fcfe768 44068e19 .config console log report info WARNING: lock held when returning to user space in tcp_setsockopt
ci-upstream-net-this-kasan-gce 2021/12/19 07:09 net 60ec7fcfe768 44068e19 .config console log report info WARNING: lock held when returning to user space in tcp_setsockopt
ci-upstream-net-kasan-gce 2021/12/25 05:36 net-next 7467d716583e 6caa12e4 .config console log report info WARNING: lock held when returning to user space in tcp_setsockopt
* Struck through repros no longer work on HEAD.