=============================
WARNING: suspicious RCU usage
6.8.0-rc3-syzkaller #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
6 locks held by syz-executor.0/5089:
 #0: ffff88807cd2e420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff88803a10d400 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:837 [inline]
 #1: ffff88803a10d400 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_unlinkat+0x26a/0x830 fs/namei.c:4385
 #2: ffff88803a15ca00 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
 #2: ffff88803a15ca00 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: vfs_unlink+0xe4/0x600 fs/namei.c:4323
 #3: ffff88807cd32950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203c/0x22a0 fs/jbd2/transaction.c:463
 #4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: ext4_get_group_desc+0x113/0x4b0 fs/ext4/balloc.c:288
 #5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
 #5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465

stack backtrace:
CPU: 0 PID: 5089 Comm: syz-executor.0 Not tainted 6.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
 hash_netportnet6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
 ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
 ip_set_destroy_set_rcu+0x6a/0xe0 net/netfilter/ipset/ip_set_core.c:1190
 rcu_do_batch kernel/rcu/tree.c:2190 [inline]
 rcu_core+0xd76/0x1810 kernel/rcu/tree.c:2465
 __do_softirq+0x2bb/0x942 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_acquire+0x25a/0x530 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 a4 21 81 00 f6 44 24 61 02 0f 85 8e 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90003baf5c0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff92000775ec4 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8baac6c0 RDI: ffffffff8bfd9360
RBP: ffffc90003baf708 R08: ffffffff92c52427 R09: 1ffffffff258a484
R10: dffffc0000000000 R11: fffffbfff258a485 R12: 1ffff92000775ec0
R13: dffffc0000000000 R14: ffffc90003baf620 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 rcu_read_lock include/linux/rcupdate.h:750 [inline]
 ext4_get_group_desc+0x133/0x4b0 fs/ext4/balloc.c:288
 __ext4_get_inode_loc+0x26b/0xe30 fs/ext4/inode.c:4348
 ext4_get_inode_loc fs/ext4/inode.c:4497 [inline]
 ext4_reserve_inode_write+0x182/0x360 fs/ext4/inode.c:5728
 ext4_orphan_add+0x9f2/0x1220 fs/ext4/orphan.c:144
 __ext4_unlink+0x699/0xb30 fs/ext4/namei.c:3291
 ext4_unlink+0x1af/0x560 fs/ext4/namei.c:3322
 vfs_unlink+0x365/0x600 fs/namei.c:4334
 do_unlinkat+0x4ae/0x830 fs/namei.c:4398
 __do_sys_unlink fs/namei.c:4446 [inline]
 __se_sys_unlink fs/namei.c:4444 [inline]
 __x64_sys_unlink+0x49/0x60 fs/namei.c:4444
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fd21d47d557
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc994022d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd21d47d557
RDX: 00007ffc99402300 RSI: 00007ffc99402390 RDI: 00007ffc99402390
RBP: 00007ffc99402390 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc99403450
R13: 00007fd21d4c93b9 R14: 00000000000c9194 R15: 0000000000000003
 </TASK>
----------------
Code disassembly (best guess):
   0:	2b 00                	sub    (%rax),%eax
   2:	74 08                	je     0xc
   4:	4c 89 f7             	mov    %r14,%rdi
   7:	e8 a4 21 81 00       	call   0x8121b0
   c:	f6 44 24 61 02       	testb  $0x2,0x61(%rsp)
  11:	0f 85 8e 01 00 00    	jne    0x1a5
  17:	41 f7 c7 00 02 00 00 	test   $0x200,%r15d
  1e:	74 01                	je     0x21
  20:	fb                   	sti
  21:	48 c7 44 24 40 0e 36 	movq   $0x45e0360e,0x40(%rsp)
  28:	e0 45
* 2a:	4b c7 44 25 00 00 00 	movq   $0x0,0x0(%r13,%r12,1) <-- trapping instruction
  31:	00 00
  33:	43 c7 44 25 09 00 00 	movl   $0x0,0x9(%r13,%r12,1)
  3a:	00 00
  3c:	43                   	rex.XB
  3d:	c7                   	.byte 0xc7
  3e:	44                   	rex.R
  3f:	25                   	.byte 0x25