=============================
WARNING: suspicious RCU usage
6.9.0-syzkaller-12116-g782471db6c72 #0 Not tainted
-----------------------------
net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
7 locks held by syz-executor.1/15908:
#0: ffffffff8f5d9bd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
#1: ffffffff8f37a3f0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1179
#2: ffffffff8f37a5b0 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1184
#3: ffff88807b040f30 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:943
#4: ffffc90000007c00 ((&p->forward_delay_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1789
#5: ffff88802bce4cb8 (&br->lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff88802bce4cb8 (&br->lock){+.-.}-{2:2}, at: br_forward_delay_timer_expired+0x50/0x440 net/bridge/br_stp_timer.c:86
#6: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#6: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#6: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: br_mst_set_state+0x171/0x7a0 net/bridge/br_mst.c:105
stack backtrace:
CPU: 0 PID: 15908 Comm: syz-executor.1 Not tainted 6.9.0-syzkaller-12116-g782471db6c72 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
nbp_vlan_group net/bridge/br_private.h:1599 [inline]
br_mst_set_state+0x29e/0x7a0 net/bridge/br_mst.c:106
br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47
br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88
call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1843 [inline]
__run_timers kernel/time/timer.c:2417 [inline]
__run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
run_timer_base kernel/time/timer.c:2437 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__sanitizer_cov_trace_cmp4+0x81/0x90 kernel/kcov.c:279
Code: 8d 42 28 4c 39 c8 77 22 89 f8 89 f6 49 ff c2 4c 89 11 48 c7 44 0a 08 04 00 00 00 48 89 44 0a 10 48 89 74 0a 18 4c 89 44 0a 20 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffc900031d6ea0 EFLAGS: 00000297
RAX: 0000000000000002 RBX: 00000000000ac000 RCX: 00000000000ac001
RDX: ffff888023375a00 RSI: 0000000000077f81 RDI: 00000000000ac000
RBP: 0000000000077f81 R08: ffffffff8140e1a4 R09: ffffc900031d7070
R10: 0000000000000003 R11: ffffffff8181cdd0 R12: ffffc900031d6f80
R13: 00000000000ac001 R14: ffffffff8bc00000 R15: ffffffff887f81ae
orc_find arch/x86/kernel/unwind_orc.c:211 [inline]
unwind_next_frame+0x244/0x2a00 arch/x86/kernel/unwind_orc.c:494
arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:312 [inline]
__kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3940 [inline]
slab_alloc_node mm/slub.c:4000 [inline]
kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4007
__kernfs_new_node+0xd8/0x870 fs/kernfs/dir.c:624
----------------
Code disassembly (best guess):
0: 8d 42 28 lea 0x28(%rdx),%eax
3: 4c 39 c8 cmp %r9,%rax
6: 77 22 ja 0x2a
8: 89 f8 mov %edi,%eax
a: 89 f6 mov %esi,%esi
c: 49 ff c2 inc %r10
f: 4c 89 11 mov %r10,(%rcx)
12: 48 c7 44 0a 08 04 00 movq $0x4,0x8(%rdx,%rcx,1)
19: 00 00
1b: 48 89 44 0a 10 mov %rax,0x10(%rdx,%rcx,1)
20: 48 89 74 0a 18 mov %rsi,0x18(%rdx,%rcx,1)
25: 4c 89 44 0a 20 mov %r8,0x20(%rdx,%rcx,1)
* 2a: c3 ret <-- trapping instruction
2b: cc int3
2c: cc int3
2d: cc int3
2e: cc int3
2f: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
36: 00 00 00
39: 90 nop
3a: 90 nop
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop