=============================
WARNING: suspicious RCU usage
6.7.0-next-20240118-syzkaller #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:456 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor319/5063:
#0: ffffffff8f0b0128 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:697 [inline]
#0: ffffffff8f0b0128 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x250 drivers/net/tun.c:3499
#1: ffffffff8d7e0e38 (sysctl_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#1: ffffffff8d7e0e38 (sysctl_lock){+.+.}-{2:2}, at: start_unregistering fs/proc/proc_sysctl.c:313 [inline]
#1: ffffffff8d7e0e38 (sysctl_lock){+.+.}-{2:2}, at: drop_sysctl_table+0x17c/0x3c0 fs/proc/proc_sysctl.c:1498
#2: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#2: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2152 [inline]
#2: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_core+0x7cc/0x16b0 kernel/rcu/tree.c:2433
stack backtrace:
CPU: 1 PID: 5063 Comm: syz-executor319 Not tainted 6.7.0-next-20240118-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x20b/0x3b0 kernel/locking/lockdep.c:6712
hash_ip4_destroy+0x320/0x420 net/netfilter/ipset/ip_set_hash_gen.h:456
ip_set_destroy_set+0x65/0x100 net/netfilter/ipset/ip_set_core.c:1180
rcu_do_batch kernel/rcu/tree.c:2158 [inline]
rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2433
__do_softirq+0x218/0x8de kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:write_comp_data+0x0/0x90 kernel/kcov.c:230
Code: 48 8b 05 03 a7 77 7e 48 8b 80 f0 15 00 00 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <49> 89 d2 49 89 f8 49 89 f1 65 48 8b 15 cf a6 77 7e 65 8b 05 d0 a6
RSP: 0018:ffffc900036ef2e0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffffc900036ef368 RCX: ffffffff813c1ff2
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900036efa78
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000001
deref_stack_reg arch/x86/kernel/unwind_orc.c:403 [inline]
unwind_next_frame+0x1aa2/0x2390 arch/x86/kernel/unwind_orc.c:648
arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
__kasan_record_aux_stack+0xba/0x110 mm/kasan/generic.c:586
kvfree_call_rcu+0x74/0xbe0 kernel/rcu/tree.c:3402
drop_sysctl_table+0x1d4/0x3c0 fs/proc/proc_sysctl.c:1502
unregister_sysctl_table fs/proc/proc_sysctl.c:1523 [inline]
unregister_sysctl_table+0x41/0x60 fs/proc/proc_sysctl.c:1515
neigh_sysctl_unregister+0x5f/0x80 net/core/neighbour.c:3880
addrconf_ifdown.isra.0+0x1638/0x1c60 net/ipv6/addrconf.c:3949
addrconf_notify+0x223/0x18f0 net/ipv6/addrconf.c:3719
notifier_call_chain+0xb9/0x3e0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1966
call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
call_netdevice_notifiers net/core/dev.c:2018 [inline]
unregister_netdevice_many_notify+0x8ad/0x1a10 net/core/dev.c:11083
unregister_netdevice_many net/core/dev.c:11139 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11019
unregister_netdevice include/linux/netdevice.h:3195 [inline]
__tun_detach+0x1170/0x1470 drivers/net/tun.c:684
tun_detach drivers/net/tun.c:700 [inline]
tun_chr_close+0xc8/0x250 drivers/net/tun.c:3499
__fput+0x270/0xb80 fs/file_table.c:376
task_work_run+0x14e/0x250 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa7d/0x2ac0 kernel/exit.c:871
do_group_exit+0xd3/0x2a0 kernel/exit.c:1020
__do_sys_exit_group kernel/exit.c:1031 [inline]
__se_sys_exit_group kernel/exit.c:1029 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fd06eb0c289
Code: Unable to access opcode bytes at 0x7fd06eb0c25f.
RSP: 002b:00007fff0b955448 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd06eb0c289
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007fd06eb8d390 R08: ffffffffffffffb8 R09: bb1414ac00000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd06eb8d390
R13: 0000000000000000 R14: 00007fd06eb8ee60 R15: 00007fd06eadd4c0
</TASK>
----------------
Code disassembly (best guess):
0: 48 8b 05 03 a7 77 7e mov 0x7e77a703(%rip),%rax # 0x7e77a70a
7: 48 8b 80 f0 15 00 00 mov 0x15f0(%rax),%rax
e: c3 ret
f: cc int3
10: cc int3
11: cc int3
12: cc int3
13: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 90 nop
22: 90 nop
23: 90 nop
24: 90 nop
25: 90 nop
26: 90 nop
27: 90 nop
28: 90 nop
29: 90 nop
* 2a: 49 89 d2 mov %rdx,%r10 <-- trapping instruction
2d: 49 89 f8 mov %rdi,%r8
30: 49 89 f1 mov %rsi,%r9
33: 65 48 8b 15 cf a6 77 mov %gs:0x7e77a6cf(%rip),%rdx # 0x7e77a70a
3a: 7e
3b: 65 gs
3c: 8b .byte 0x8b
3d: 05 .byte 0x5
3e: d0 .byte 0xd0
3f: a6 cmpsb %es:(%rdi),%ds:(%rsi)