=============================
WARNING: suspicious RCU usage
6.7.0-next-20240118-syzkaller #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:456 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by udevd/4511:
 #0: ffffffff8defad70 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #0: ffffffff8defad70 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #0: ffffffff8defad70 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock security/tomoyo/common.h:1108 [inline]
 #0: ffffffff8defad70 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x164/0x3b0 security/tomoyo/file.c:767
 #1: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #1: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2152 [inline]
 #1: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_core+0x7cc/0x16b0 kernel/rcu/tree.c:2433

stack backtrace:
CPU: 1 PID: 4511 Comm: udevd Not tainted 6.7.0-next-20240118-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x20b/0x3b0 kernel/locking/lockdep.c:6712
 hash_ip4_destroy+0x320/0x420 net/netfilter/ipset/ip_set_hash_gen.h:456
 ip_set_destroy_set+0x65/0x100 net/netfilter/ipset/ip_set_core.c:1180
 rcu_do_batch kernel/rcu/tree.c:2158 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2433
 __do_softirq+0x218/0x8de kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb9/0x120 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:stack_access_ok+0x101/0x270 arch/x86/kernel/unwind_orc.c:398
Code: da 48 89 ef e8 70 e2 f3 ff 31 ff 41 89 c6 89 c6 e8 a4 19 50 00 45 85 f6 74 1e 45 31 f6 e8 b7 1e 50 00 44 89 f0 48 83 c4 10 5b <5d> 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 9c 1e 50 00 48 89 da
RSP: 0018:ffffc9000323f348 EFLAGS: 00000282
RAX: 0000000000000001 RBX: ffffc9000323f3f8 RCX: ffffffff813c0366
RDX: ffff88807b891dc0 RSI: ffffffff813c03c9 RDI: 0000000000000005
RBP: ffffc9000323fdb0 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000323f400
R13: ffffc9000323f408 R14: 0000000000000001 R15: ffffc90003240000
 deref_stack_reg arch/x86/kernel/unwind_orc.c:403 [inline]
 unwind_next_frame+0xd89/0x2390 arch/x86/kernel/unwind_orc.c:585
 arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
 poison_slab_object mm/kasan/common.c:241 [inline]
 __kasan_slab_free+0x121/0x1c0 mm/kasan/common.c:257
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2121 [inline]
 slab_free mm/slub.c:4299 [inline]
 kfree+0x129/0x370 mm/slub.c:4409
 tomoyo_check_open_permission+0x19d/0x3b0 security/tomoyo/file.c:786
 tomoyo_file_open security/tomoyo/tomoyo.c:333 [inline]
 tomoyo_file_open+0xaf/0xe0 security/tomoyo/tomoyo.c:328
 security_file_open+0x78/0x630 security/security.c:2932
 do_dentry_open+0x583/0x18c0 fs/open.c:940
 do_open fs/namei.c:3639 [inline]
 path_openat+0x1dfb/0x2990 fs/namei.c:3796
 do_filp_open+0x1dc/0x430 fs/namei.c:3823
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1404
 do_sys_open fs/open.c:1419 [inline]
 __do_sys_openat fs/open.c:1435 [inline]
 __se_sys_openat fs/open.c:1430 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1430
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fe4379169a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffea310a290 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fe4379169a4
RDX: 0000000000080000 RSI: 00007ffea310a3c8 RDI: 00000000ffffff9c
RBP: 00007ffea310a3c8 R08: 0000000000000008 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000
R13: 00005644ca07db42 R14: 0000000000000001 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	da 48 89             	fimull -0x77(%rax)
   3:	ef                   	out    %eax,(%dx)
   4:	e8 70 e2 f3 ff       	call   0xfff3e279
   9:	31 ff                	xor    %edi,%edi
   b:	41 89 c6             	mov    %eax,%r14d
   e:	89 c6                	mov    %eax,%esi
  10:	e8 a4 19 50 00       	call   0x5019b9
  15:	45 85 f6             	test   %r14d,%r14d
  18:	74 1e                	je     0x38
  1a:	45 31 f6             	xor    %r14d,%r14d
  1d:	e8 b7 1e 50 00       	call   0x501ed9
  22:	44 89 f0             	mov    %r14d,%eax
  25:	48 83 c4 10          	add    $0x10,%rsp
  29:	5b                   	pop    %rbx
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	41 5d                	pop    %r13
  2f:	41 5e                	pop    %r14
  31:	41 5f                	pop    %r15
  33:	c3                   	ret
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	cc                   	int3
  38:	e8 9c 1e 50 00       	call   0x501ed9
  3d:	48 89 da             	mov    %rbx,%rdx