=============================
WARNING: suspicious RCU usage
6.10.0-rc2-syzkaller-00022-g32f88d65f01b #0 Not tainted
-----------------------------
net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
5 locks held by kswapd0/111:
 #0: ffffffff8dd3a9a0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xa88/0x1970 mm/vmscan.c:6924
 #1: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #1: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: list_lru_count_one+0x3a/0x320 mm/list_lru.c:171
 #2: ffffc90000598cb0 ((&p->forward_delay_timer)){+.-.}-{0:0}, at: call_timer_fn+0x11a/0x610 kernel/time/timer.c:1789
 #3: ffff88801d880cb8 (&br->lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #3: ffff88801d880cb8 (&br->lock){+.-.}-{2:2}, at: br_forward_delay_timer_expired+0x4f/0x560 net/bridge/br_stp_timer.c:86
 #4: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #4: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #4: ffffffff8dbb5160 (rcu_read_lock){....}-{1:2}, at: br_mst_set_state+0x114/0x750 net/bridge/br_mst.c:105

stack backtrace:
CPU: 1 PID: 111 Comm: kswapd0 Not tainted 6.10.0-rc2-syzkaller-00022-g32f88d65f01b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:114
 lockdep_rcu_suspicious+0x20b/0x3b0 kernel/locking/lockdep.c:6712
 nbp_vlan_group net/bridge/br_private.h:1599 [inline]
 br_mst_set_state+0x5c8/0x750 net/bridge/br_mst.c:106
 br_set_state+0x542/0x880 net/bridge/br_stp.c:47
 br_forward_delay_timer_expired+0x312/0x560 net/bridge/br_stp_timer.c:88
 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1843 [inline]
 __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417
 __run_timer_base kernel/time/timer.c:2428 [inline]
 __run_timer_base kernel/time/timer.c:2421 [inline]
 run_timer_base+0x111/0x190 kernel/time/timer.c:2437
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2447
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_release+0x3ba/0x6c0 kernel/locking/lockdep.c:5762
Code: 7e 83 f8 01 0f 85 f5 01 00 00 9c 58 f6 c4 02 0f 85 e0 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc90001137588 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 20341b884a02928f RCX: ffffc900011375d8
RDX: 1ffff110036bb15a RSI: ffffffff8b2cbbc0 RDI: ffffffff8b8fbfa0
RBP: 1ffff92000226eb3 R08: 0000000000000000 R09: fffffbfff1fc5812
R10: ffffffff8fe2c097 R11: 0000000000000002 R12: 0000000000000002
R13: 0000000000000003 R14: ffff88801b5d8ad8 R15: ffff88801b5d8000
 rcu_lock_release include/linux/rcupdate.h:339 [inline]
 rcu_read_unlock include/linux/rcupdate.h:812 [inline]
 xa_load+0x14f/0x2c0 lib/xarray.c:1481
 list_lru_from_memcg_idx mm/list_lru.c:56 [inline]
 list_lru_from_memcg_idx mm/list_lru.c:53 [inline]
 list_lru_count_one+0x1bb/0x320 mm/list_lru.c:172
 list_lru_shrink_count include/linux/list_lru.h:156 [inline]
 super_cache_count+0x175/0x300 fs/super.c:263
 do_shrink_slab+0x82/0x11c0 mm/shrinker.c:382
 shrink_slab_memcg mm/shrinker.c:548 [inline]
 shrink_slab+0xa87/0x1310 mm/shrinker.c:626
 shrink_one+0x493/0x7c0 mm/vmscan.c:4790
 shrink_many mm/vmscan.c:4851 [inline]
 lru_gen_shrink_node+0x89f/0x1750 mm/vmscan.c:4951
 shrink_node mm/vmscan.c:5910 [inline]
 kswapd_shrink_node mm/vmscan.c:6720 [inline]
 balance_pgdat+0x1105/0x1970 mm/vmscan.c:6911
 kswapd+0x5ea/0xbf0 mm/vmscan.c:7180
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
bridge0: port 1(bridge_slave_0) entered learning state
----------------
Code disassembly (best guess):
   0:	7e 83                	jle    0xffffff85
   2:	f8                   	clc
   3:	01 0f                	add    %ecx,(%rdi)
   5:	85 f5                	test   %esi,%ebp
   7:	01 00                	add    %eax,(%rax)
   9:	00 9c 58 f6 c4 02 0f 	add    %bl,0xf02c4f6(%rax,%rbx,2)
  10:	85 e0                	test   %esp,%eax
  12:	01 00                	add    %eax,(%rax)
  14:	00 48 f7             	add    %cl,-0x9(%rax)
  17:	04 24                	add    $0x24,%al
  19:	00 02                	add    %al,(%rdx)
  1b:	00 00                	add    %al,(%rax)
  1d:	74 01                	je     0x20
  1f:	fb                   	sti
  20:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  27:	fc ff df
* 2a:	48 01 c5             	add    %rax,%rbp <-- trapping instruction
  2d:	48 c7 45 00 00 00 00 	movq   $0x0,0x0(%rbp)
  34:	00
  35:	c7 45 08 00 00 00 00 	movl   $0x0,0x8(%rbp)
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	84                   	.byte 0x84
  3f:	24                   	.byte 0x24