=============================
WARNING: suspicious RCU usage
6.8.0-rc3-syzkaller #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
6 locks held by syz-executor.0/5089:
#0: ffff88807cd2e420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
#1: ffff88803a10d400 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:837 [inline]
#1: ffff88803a10d400 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_unlinkat+0x26a/0x830 fs/namei.c:4385
#2: ffff88803a15ca00 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#2: ffff88803a15ca00 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: vfs_unlink+0xe4/0x600 fs/namei.c:4323
#3: ffff88807cd32950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203c/0x22a0 fs/jbd2/transaction.c:463
#4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#4: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: ext4_get_group_desc+0x113/0x4b0 fs/ext4/balloc.c:288
#5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
#5: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465
stack backtrace:
CPU: 0 PID: 5089 Comm: syz-executor.0 Not tainted 6.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
hash_netportnet6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
ip_set_destroy_set_rcu+0x6a/0xe0 net/netfilter/ipset/ip_set_core.c:1190
rcu_do_batch kernel/rcu/tree.c:2190 [inline]
rcu_core+0xd76/0x1810 kernel/rcu/tree.c:2465
__do_softirq+0x2bb/0x942 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_acquire+0x25a/0x530 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 a4 21 81 00 f6 44 24 61 02 0f 85 8e 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90003baf5c0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff92000775ec4 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8baac6c0 RDI: ffffffff8bfd9360
RBP: ffffc90003baf708 R08: ffffffff92c52427 R09: 1ffffffff258a484
R10: dffffc0000000000 R11: fffffbfff258a485 R12: 1ffff92000775ec0
R13: dffffc0000000000 R14: ffffc90003baf620 R15: 0000000000000246
rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
rcu_read_lock include/linux/rcupdate.h:750 [inline]
ext4_get_group_desc+0x133/0x4b0 fs/ext4/balloc.c:288
__ext4_get_inode_loc+0x26b/0xe30 fs/ext4/inode.c:4348
ext4_get_inode_loc fs/ext4/inode.c:4497 [inline]
ext4_reserve_inode_write+0x182/0x360 fs/ext4/inode.c:5728
ext4_orphan_add+0x9f2/0x1220 fs/ext4/orphan.c:144
__ext4_unlink+0x699/0xb30 fs/ext4/namei.c:3291
ext4_unlink+0x1af/0x560 fs/ext4/namei.c:3322
vfs_unlink+0x365/0x600 fs/namei.c:4334
do_unlinkat+0x4ae/0x830 fs/namei.c:4398
__do_sys_unlink fs/namei.c:4446 [inline]
__se_sys_unlink fs/namei.c:4444 [inline]
__x64_sys_unlink+0x49/0x60 fs/namei.c:4444
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fd21d47d557
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc994022d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd21d47d557
RDX: 00007ffc99402300 RSI: 00007ffc99402390 RDI: 00007ffc99402390
RBP: 00007ffc99402390 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc99403450
R13: 00007fd21d4c93b9 R14: 00000000000c9194 R15: 0000000000000003
----------------
Code disassembly (best guess):
0: 2b 00 sub (%rax),%eax
2: 74 08 je 0xc
4: 4c 89 f7 mov %r14,%rdi
7: e8 a4 21 81 00 call 0x8121b0
c: f6 44 24 61 02 testb $0x2,0x61(%rsp)
11: 0f 85 8e 01 00 00 jne 0x1a5
17: 41 f7 c7 00 02 00 00 test $0x200,%r15d
1e: 74 01 je 0x21
20: fb sti
21: 48 c7 44 24 40 0e 36 movq $0x45e0360e,0x40(%rsp)
28: e0 45
* 2a: 4b c7 44 25 00 00 00 movq $0x0,0x0(%r13,%r12,1) <-- trapping instruction
31: 00 00
33: 43 c7 44 25 09 00 00 movl $0x0,0x9(%r13,%r12,1)
3a: 00 00
3c: 43 rex.XB
3d: c7 .byte 0xc7
3e: 44 rex.R
3f: 25 .byte 0x25