============================= WARNING: suspicious RCU usage 4.15.0-rc8+ #196 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor4/30772: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] inet_csk_wait_for_connect net/ipv4/inet_connection_sock.c:409 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] inet_csk_accept+0x4f0/0xd70 net/ipv4/inet_connection_sock.c:456 stack backtrace: CPU: 0 PID: 30772 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #196 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 inet_csk_accept+0x99c/0xd70 net/ipv4/inet_connection_sock.c:480 inet_accept+0x12c/0x930 net/ipv4/af_inet.c:699 SYSC_accept4+0x38d/0x870 net/socket.c:1545 SyS_accept4+0x2c/0x40 net/socket.c:1496 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452e99 RSP: 002b:00007f3efc954c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000120 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e99 RDX: 00000000200b3ffc RSI: 000000002028b000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000080800 R11: 0000000000000212 R12: 00000000006ee0a0 R13: 00000000ffffffff R14: 00007f3efc9556d4 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc8+ #196 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor4/30772: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] inet_csk_wait_for_connect net/ipv4/inet_connection_sock.c:409 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000053d69543>] inet_csk_accept+0x4f0/0xd70 net/ipv4/inet_connection_sock.c:456 stack backtrace: CPU: 0 PID: 30772 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #196 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 inet_csk_accept+0x99c/0xd70 net/ipv4/inet_connection_sock.c:480 inet_accept+0x12c/0x930 net/ipv4/af_inet.c:699 SYSC_accept4+0x38d/0x870 net/socket.c:1545 SyS_accept4+0x2c/0x40 net/socket.c:1496 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452e99 RSP: 002b:00007f3efc954c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000120 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e99 RDX: 00000000200b3ffc RSI: 000000002028b000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000080800 R11: 0000000000000212 R12: 00000000006ee0a0 R13: 00000000ffffffff R14: 00007f3efc9556d4 R15: 0000000000000000 netlink: 'syz-executor3': attribute type 2 has an invalid length. netlink: 'syz-executor3': attribute type 2 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11096 sclass=netlink_route_socket pig=31418 comm=syz-executor0 net_ratelimit: 1 callbacks suppressed IPv4: Oversized IP packet from 127.0.0.1 sctp: [Deprecated]: syz-executor6 (pid 31676) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 31676) Use of int in max_burst socket option. Use struct sctp_assoc_value instead Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 10 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1804 sclass=netlink_route_socket pig=32317 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1804 sclass=netlink_route_socket pig=32320 comm=syz-executor2 netlink: 14 bytes leftover after parsing attributes in process `syz-executor0'. ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz0! netlink: 'syz-executor7': attribute type 16 has an invalid length. netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 176 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 'syz-executor4': attribute type 2 has an invalid length. l2tp_ppp: tunl 59: get L2TP stats netlink: 'syz-executor4': attribute type 2 has an invalid length. netlink: 176 bytes leftover after parsing attributes in process `syz-executor0'. sctp: [Deprecated]: syz-executor5 (pid 929) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead TCP: request_sock_TCP: Possible SYN flooding on port 20009. Sending cookies. Check SNMP counters. sctp: [Deprecated]: syz-executor5 (pid 939) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor6 (pid 1024) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 1024) Use of int in maxseg socket option. Use struct sctp_assoc_value instead