Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3836954imm;
        Sun, 13 May 2018 21:25:40 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqS6FuiDiugNATyPC9DDbrIkSh62+ByA48xE8d5V/ZVcQEqv77Trlr8imtGzPcA1YU5m4Fs
X-Received: by 2002:a62:991:: with SMTP id 17-v6mr8790331pfj.34.1526271940406;
        Sun, 13 May 2018 21:25:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526271940; cv=none;
        d=google.com; s=arc-20160816;
        b=qkymLhN+E3mDEDn0vp7yGllRUQt/2jHCe40IXesgjHdunI6zoD7x0xiKB9AF8VA0lx
         0ybyWJaPqpBx+476jjbr1dx56voOmQonxDm5+cYwgHA4ClsYOlGbLAWFs3XoqVjgaKts
         5InibVwcVbFs80WeBFVmsSItQe2mcxmng0CjkaKEmZMfKh8dadxe57CAYRupluk+6nrV
         KnSmIaBYvse9gk/zqBj4tm4CWXG8alWwxDS4RcKzIknjiPry3luewhD0Y3tXMN3jAf2x
         +OhlMMfgJLXyPU7/sFlZv5r556sj3jt82kF79HUXwyJlDGp2Rr7BI68eWQe6c9CGm6dK
         2wwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=u20G66NUVOk6eVjNqV3A4dSaclBEhJAl3htdo/19TIs=;
        b=WnV1rZbeMJA+CX77NOTydqIY9woy6VCEXfuaxelk/31pGp7Qij5xty9ZmPPMVKIupt
         eNaW3zWFsqcYl/vhnRuhVFyQAAi955TdjWBpvFvX1Cqxii1z5LAaWjCmvsrXKzBBTF8m
         ZrT9rlCWFVb+EV/GdYCARb//IiN+crYKDXcebmKPUTZ58M98JRFFi2u/pFCuUDkNFbIb
         /fPW+p1y3PXYX4KAbjdlVyGXGNfL7qysD3EYi+dczphh3jPzS65v2yzw41B6ItB25S/w
         7vz/JKB+i6ZFEQ0t9QklkTHQzPzMupVkigCT9Ond4NS+nHgSa7FT84WgYaSKaXjxh+h9
         NlEw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=f0IGqgyw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d65-v6si9005835pfj.243.2018.05.13.21.25.13;
        Sun, 13 May 2018 21:25:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=f0IGqgyw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751533AbeENEZE (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Mon, 14 May 2018 00:25:04 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:36860 "EHLO
        mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750760AbeENEZC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 May 2018 00:25:02 -0400
Received: by mail-pf0-f196.google.com with SMTP id w129-v6so5373487pfd.3;
        Sun, 13 May 2018 21:25:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=u20G66NUVOk6eVjNqV3A4dSaclBEhJAl3htdo/19TIs=;
        b=f0IGqgywp8N8vAl/k3GPu6cEg7j7w2qPUHvMKr1tHbNFzrN1rTVMBJ4+7juIT85rPx
         rEnR0AYlBrP7LIm2SISTKgoBUYgnwPz5rylAcjXF7cEX2L1AIEjFoix7/qHvXMSCYNo/
         m1M+nxq6RGtoWKfzfAC6Wai1t4w80rGRaWq3IeUA4uXGzokPBmJ+KvEQVaQi4NcBh7B1
         DxzRZFq5Hw6noI151DAT5eMEoDAT/cVQOkpQcO5GkaPcuhsmhe/c6MXGV6GXNusDS86R
         x+8k0mLVgXAfBMUwVOTBLRMkSmLh+PRNN8+FbeCHYIrb3WBFr2A+VU+83dpUjVhSs511
         DCFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=u20G66NUVOk6eVjNqV3A4dSaclBEhJAl3htdo/19TIs=;
        b=qr35HKxAmCq3jUGS9X7/bHnKbj4b0/QoqFF7VAVGGyJ1Pu7kLQKpOjNz7OlQRbnq7B
         jGjuIB2v8rIUMEe87a3wNAcRKQEIYRZVR2Js0hrJkXV1FC0P8Et/6knkdYsfx5LxrPTy
         aowGpE6U8/ECtpbH3lMij9xmdZEI3dJ48dpcnSwR0ZSzD0vG82SwuWTa1N0P2BdVmivy
         QV+VvVGLZLNM3uOGJcHeIkn+xqtyXXGpRZWB7QrtcVkDRmA1/XEp/HzDmFsjlaixYI0C
         ivhL+SnLIKFEecLshHrSVzJ2qcTnJBXrQbmVptIrEoxmfKF97UVxWxd5sPo+GOR4+DyU
         3i5A==
X-Gm-Message-State: ALKqPwcUSj7KVxngChsBdt+Z6a3+OYg9dJ2rF7ZN0/znkkkbQGfJugMk
        px6Q5P7loNOdnk4PgnpXL6c=
X-Received: by 2002:a63:9401:: with SMTP id m1-v6mr7130876pge.140.1526271901565;
        Sun, 13 May 2018 21:25:01 -0700 (PDT)
Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198])
        by smtp.gmail.com with ESMTPSA id 23-v6sm24023725pfs.147.2018.05.13.21.25.00
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 13 May 2018 21:25:00 -0700 (PDT)
Date:   Sun, 13 May 2018 21:27:07 -0700
From:   Eric Biggers <ebiggers3@gmail.com>
To:     syzbot <syzbot+b743957adcee51f5e0e3@syzkaller.appspotmail.com>
Cc:     davem@davemloft.net, dvyukov@google.com, jon.maloy@ericsson.com,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        syzkaller-bugs@googlegroups.com,
        tipc-discussion@lists.sourceforge.net, ying.xue@windriver.com
Subject: Re: WARNING: suspicious RCU usage in tipc_bearer_find
Message-ID: <20180514042707.GK677@sol.localdomain>
References: <94eb2c1984003ba8ef0564cc8333@google.com>
 <94eb2c06cb284308e30564ccf9b9@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <94eb2c06cb284308e30564ccf9b9@google.com>
User-Agent: Mutt/1.9.5 (2018-04-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Feb 09, 2018 at 12:00:01PM -0800, syzbot wrote:
> syzbot has found reproducer for the following crash on net-next commit
> 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +0000)
> Merge tag 'usercopy-v4.16-rc1' of
> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
> 
> So far this crash happened 13 times on net-next, upstream.
> C reproducer is attached.
> syzkaller reproducer is attached.
> Raw console output is attached.
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached.
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+b743957adcee51f5e0e3@syzkaller.appspotmail.com
> It will help syzbot understand when the bug is fixed.
> 
> 
> audit: type=1400 audit(1518206230.395:8): avc:  denied  { create } for
> pid=4164 comm="syzkaller756462"
> scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tclass=netlink_generic_socket permissive=1
> =============================
> audit: type=1400 audit(1518206230.396:9): avc:  denied  { write } for
> pid=4164 comm="syzkaller756462"
> scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tclass=netlink_generic_socket permissive=1
> WARNING: suspicious RCU usage
> 4.15.0+ #221 Not tainted
> -----------------------------
> net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 2, debug_locks = 1
> 2 locks held by syzkaller756462/4164:
>  #0:  (cb_lock){++++}, at: [<000000003bb01113>] genl_rcv+0x19/0x40
> net/netlink/genetlink.c:634
>  #1:  (genl_mutex){+.+.}, at: [<000000002e321e71>] genl_lock
> net/netlink/genetlink.c:33 [inline]
>  #1:  (genl_mutex){+.+.}, at: [<000000002e321e71>] genl_rcv_msg+0x115/0x140
> net/netlink/genetlink.c:622
> 
> stack backtrace:
> CPU: 0 PID: 4164 Comm: syzkaller756462 Not tainted 4.15.0+ #221
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:17 [inline]
>  dump_stack+0x194/0x257 lib/dump_stack.c:53
>  lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592
>  tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177
>  tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729
>  __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline]
>  tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335
>  tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline]
>  tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201
>  genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599
>  genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624
>  netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2442
>  genl_rcv+0x28/0x40 net/netlink/genetlink.c:635
>  netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
>  netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
>  netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
>  sock_sendmsg_nosec net/socket.c:630 [inline]
>  sock_sendmsg+0xca/0x110 net/socket.c:640
>  ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046
>  __sys_sendmsg+0xe5/0x210 net/socket.c:2080
>  SYSC_sendmsg net/socket.c:2091 [inline]
>  SyS_sendmsg+0x2d/0x50 net/socket.c:2087
>  entry_SYSCALL_64_fastpath+0x29/0xa0
> RIP: 0033:0x43fd69
> RSP: 002b:00007fff09979378 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
> RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd69
> RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000003
> RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401690
> R13: 0000000000401720 R14: 0000000000000000 R15: 0000000
> 

This was fixed by commit ed4ffdfec26df:

#syz fix: tipc: Fix missing RTNL lock protection during setting link properties

- Eric