syzbot

 sign-in | mailing list | source | docs
🐞 Open [976] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12471] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: lock held when returning to user space in tcp_setsockopt (2)

Status: fixed on 2022/03/08 16:11
Subsystems: net
[Documentation on labels]
Fix commit: b29fcfb54cd7 mptcp: full disconnect implementation
First crash: 851d, last: 845d
Cause bisection: introduced by (bisect log) :
commit 40947e13997a1cba4e875893ca6e5d5e61a0689d
Author: Florian Westphal <fw@strlen.de>
Date: Fri Feb 12 23:59:56 2021 +0000

  mptcp: schedule worker when subflow is closed

Crash: WARNING: lock held when returning to user space in tcp_setsockopt (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit b29fcfb54cd70caca5b11c80d8d238854938884a
Author: Paolo Abeni <pabeni@redhat.com>
Date: Fri Jan 7 00:20:16 2022 +0000

  mptcp: full disconnect implementation

  
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: lock held when returning to user space in tcp_setsockopt net 1 953d 953d 0/26 auto-closed as invalid on 2021/11/06 22:39

Sample crash report:
================================================
WARNING: lock held when returning to user space!
5.16.0-rc5-syzkaller #0 Not tainted
------------------------------------------------
syz-executor376/4302 is leaving the kernel with locks still held!
1 lock held by syz-executor376/4302:
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1645 [inline]
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: do_tcp_setsockopt net/ipv4/tcp.c:3370 [inline]
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1645 [inline] net/ipv4/tcp.c:3658
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: do_tcp_setsockopt net/ipv4/tcp.c:3370 [inline] net/ipv4/tcp.c:3658
 #0: ffff8880789a1aa0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_setsockopt+0x5b8/0x2520 net/ipv4/tcp.c:3658 net/ipv4/tcp.c:3658

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/19 07:37 net-old 60ec7fcfe768 44068e19 .config console log report syz C ci-upstream-net-this-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
2021/12/19 09:53 net-next-old f85b244ee395 44068e19 .config console log report syz C ci-upstream-net-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
2021/12/23 12:52 net-old d1652b70d07c 6caa12e4 .config console log report info ci-upstream-net-this-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
2021/12/19 20:50 net-old 60ec7fcfe768 44068e19 .config console log report info ci-upstream-net-this-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
2021/12/19 07:09 net-old 60ec7fcfe768 44068e19 .config console log report info ci-upstream-net-this-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
2021/12/25 05:36 net-next-old 7467d716583e 6caa12e4 .config console log report info ci-upstream-net-kasan-gce WARNING: lock held when returning to user space in tcp_setsockopt
* Struck through repros no longer work on HEAD.