=============================
WARNING: suspicious RCU usage
6.8.0-rc3-syzkaller-00010-g6d280f4d760e #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
4 locks held by syz-executor.2/5115:
 #0: ffff88803065a420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff88803065a610 (sb_internal){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1639 [inline]
 #1: ffff88803065a610 (sb_internal){.+.+}-{0:0}, at: sb_start_intwrite include/linux/fs.h:1822 [inline]
 #1: ffff88803065a610 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2e3/0xf30 fs/ext4/inode.c:212
 #2: ffff88803065e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203c/0x22a0 fs/jbd2/transaction.c:463
 #3: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #3: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
 #3: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465

stack backtrace:
CPU: 0 PID: 5115 Comm: syz-executor.2 Not tainted 6.8.0-rc3-syzkaller-00010-g6d280f4d760e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
 hash_netportnet6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
 ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
 ip_set_destroy_set_rcu+0x6c/0xe0 net/netfilter/ipset/ip_set_core.c:1190
 rcu_do_batch kernel/rcu/tree.c:2190 [inline]
 rcu_core+0xd78/0x1810 kernel/rcu/tree.c:2465
 __do_softirq+0x2bd/0x942 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:72 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:104 [inline]
RIP: 0010:lock_acquire+0x199/0x530 kernel/locking/lockdep.c:5750
Code: 00 00 00 00 00 00 9c 8f 84 24 80 00 00 00 42 80 3c 2b 00 74 08 4c 89 ff e8 e4 6f 84 00 48 8d 5c 24 60 4c 8b bc 24 80 00 00 00 <fa> 48 c7 c7 40 c2 aa 8b e8 da 69 f5 09 65 ff 05 f3 77 91 7e 45 31
RSP: 0018:ffffc900045d7600 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffc900045d7660 RCX: ffffffff817111f4
RDX: 0000000000000000 RSI: ffffffff8bfe6780 RDI: ffffffff8bfe6740
RBP: ffffc900045d7758 R08: ffffffff8f85576f R09: 1ffffffff1f0aaed
R10: dffffc0000000000 R11: fffffbfff1f0aaee R12: 1ffff920008baec8
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000246
 fs_reclaim_acquire+0xae/0x130 mm/page_alloc.c:3709
 might_alloc include/linux/sched/mm.h:303 [inline]
 bdev_getblk+0x42/0x610 fs/buffer.c:1425
 __getblk include/linux/buffer_head.h:355 [inline]
 sb_getblk include/linux/buffer_head.h:361 [inline]
 __ext4_get_inode_loc+0x54a/0xe30 fs/ext4/inode.c:4369
 ext4_get_inode_loc fs/ext4/inode.c:4497 [inline]
 ext4_reserve_inode_write+0x182/0x360 fs/ext4/inode.c:5728
 __ext4_mark_inode_dirty+0x1db/0x870 fs/ext4/inode.c:5905
 ext4_evict_inode+0x839/0xf30 fs/ext4/inode.c:251
 evict+0x2aa/0x630 fs/inode.c:665
 do_unlinkat+0x512/0x830 fs/namei.c:4405
 __do_sys_unlink fs/namei.c:4446 [inline]
 __se_sys_unlink fs/namei.c:4444 [inline]
 __x64_sys_unlink+0x49/0x60 fs/namei.c:4444
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fc74307d557
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe85221508 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc74307d557
RDX: 00007ffe85221530 RSI: 00007ffe852215c0 RDI: 00007ffe852215c0
RBP: 00007ffe852215c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe85222680
R13: 00007fc7430c93b9 R14: 000000000010281d R15: 0000000000000003
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	00 00                	add    %al,(%rax)
   6:	9c                   	pushf
   7:	8f 84 24 80 00 00 00 	pop    0x80(%rsp)
   e:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1)
  13:	74 08                	je     0x1d
  15:	4c 89 ff             	mov    %r15,%rdi
  18:	e8 e4 6f 84 00       	call   0x847001
  1d:	48 8d 5c 24 60       	lea    0x60(%rsp),%rbx
  22:	4c 8b bc 24 80 00 00 	mov    0x80(%rsp),%r15
  29:	00
* 2a:	fa                   	cli <-- trapping instruction
  2b:	48 c7 c7 40 c2 aa 8b 	mov    $0xffffffff8baac240,%rdi
  32:	e8 da 69 f5 09       	call   0x9f56a11
  37:	65 ff 05 f3 77 91 7e 	incl   %gs:0x7e9177f3(%rip)        # 0x7e917831
  3e:	45                   	rex.RB
  3f:	31                   	.byte 0x31