=============================
WARNING: suspicious RCU usage
6.9.0-rc6-syzkaller-01554-g252aa6d53931 #0 Not tainted
-----------------------------
net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
5 locks held by syz-fuzzer/5103:
 #0: ffff888053619ad8 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1595 [inline]
 #0: ffff888053619ad8 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1347
 #1: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #1: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x5f/0x1b70 net/ipv4/ip_output.c:470
 #2: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #2: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #2: ffffffff8e334ea0 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1380 net/ipv4/ip_output.c:228
 #3: ffffc90000a08ca0 ((&p->forward_delay_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1790
 #4: ffff888066ac4cb8 (&br->lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff888066ac4cb8 (&br->lock){+.-.}-{2:2}, at: br_forward_delay_timer_expired+0x50/0x440 net/bridge/br_stp_timer.c:86

stack backtrace:
CPU: 1 PID: 5103 Comm: syz-fuzzer Not tainted 6.9.0-rc6-syzkaller-01554-g252aa6d53931 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
 nbp_vlan_group net/bridge/br_private.h:1599 [inline]
 br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105
 br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47
 br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1844 [inline]
 __run_timers kernel/time/timer.c:2418 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
 run_timer_base kernel/time/timer.c:2438 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
 __do_softirq+0x2c6/0x980 kernel/softirq.c:554
 do_softirq+0x11b/0x1e0 kernel/softirq.c:455
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:851 [inline]
 __dev_queue_xmit+0x16c9/0x3d30 net/core/dev.c:4421
 dev_queue_xmit include/linux/netdevice.h:3097 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip_finish_output2+0xd41/0x1380 net/ipv4/ip_output.c:235
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 __ip_queue_xmit+0x118c/0x1b70 net/ipv4/ip_output.c:535
 __tcp_transmit_skb+0x2557/0x3b80 net/ipv4/tcp_output.c:1466
 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]
 tcp_write_xmit+0x18b3/0x69d0 net/ipv4/tcp_output.c:2829
 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3014
 tcp_sendmsg_locked+0x4313/0x4d70 net/ipv4/tcp.c:1316
 tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1348
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x1a6/0x270 net/socket.c:745
 sock_write_iter+0x2dd/0x400 net/socket.c:1160
 call_write_iter include/linux/fs.h:2110 [inline]
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0xa84/0xcb0 fs/read_write.c:590
 ksys_write+0x1a0/0x2c0 fs/read_write.c:643
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x40720e
Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
RSP: 002b:000000c0006a3738 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000040720e
RDX: 000000000000000c RSI: 000000c00047e7a0 RDI: 0000000000000003
RBP: 000000c0006a3778 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000c0006a38b8
R13: 0000000000000003 R14: 000000c0000bd520 R15: 0000000000000003
 </TASK>
bridge0: port 1(bridge_slave_0) entered learning state
bridge0: port 2(bridge_slave_1) entered learning state
bridge0: port 3(team0) entered learning state