=============================
WARNING: suspicious RCU usage
6.8.0-rc2-syzkaller-00251-g6897cea71837 #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor.2/11768:
 #0: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #0: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
 #0: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465

stack backtrace:
CPU: 1 PID: 11768 Comm: syz-executor.2 Not tainted 6.8.0-rc2-syzkaller-00251-g6897cea71837 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
 hash_netportnet6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
 ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
 ip_set_destroy_set_rcu+0x6a/0xe0 net/netfilter/ipset/ip_set_core.c:1190
 rcu_do_batch kernel/rcu/tree.c:2190 [inline]
 rcu_core+0xd76/0x1810 kernel/rcu/tree.c:2465
 __do_softirq+0x2bb/0x942 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:finish_task_switch+0x1ea/0x850 kernel/sched/core.c:5274
Code: c9 50 e8 d9 c9 0b 00 48 83 c4 08 4c 89 f7 e8 3d 37 00 00 0f 1f 44 00 00 4c 89 f7 e8 60 d5 0b 0a e8 1b 4d 35 00 fb 48 8b 5d c0 <48> 8d bb d8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc900056a7968 EFLAGS: 00000286
RAX: 19d2b891b3c5ed00 RBX: ffff88802c6c3b80 RCX: ffffffff94481303
RDX: dffffc0000000000 RSI: ffffffff8baab560 RDI: ffffffff8bfe67e0
RBP: ffffc900056a79b0 R08: ffffffff8f85546f R09: 1ffffffff1f0aa8d
R10: dffffc0000000000 R11: fffffbfff1f0aa8e R12: dffffc0000000000
R13: 1ffff110172a7ad7 R14: ffff8880b953c940 R15: ffff8880b953d6b8
 context_switch kernel/sched/core.c:5403 [inline]
 __schedule+0x17d9/0x49f0 kernel/sched/core.c:6727
 __schedule_loop kernel/sched/core.c:6802 [inline]
 schedule+0x149/0x260 kernel/sched/core.c:6817
 do_nanosleep+0x196/0x600 kernel/time/hrtimer.c:2047
 hrtimer_nanosleep+0x226/0x470 kernel/time/hrtimer.c:2100
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1396 [inline]
 __se_sys_clock_nanosleep+0x32a/0x3c0 kernel/time/posix-timers.c:1373
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fe09dca91b5
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8
RSP: 002b:00007fe09decfac0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00007fe09decfc90 RCX: 00007fe09dca91b5
RDX: 00007fe09decfb00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fe09decfa47
R10: 0000000000000000 R11: 0000000000000293 R12: 00007fe09ddac050
R13: 0000000000000028 R14: 00007fe09ddac050 R15: 00007fe09dc34bb0
 </TASK>

=============================
WARNING: suspicious RCU usage
6.8.0-rc2-syzkaller-00251-g6897cea71837 #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor.1/18207:
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: release_task+0xd5/0x1810 kernel/exit.c:250
 #1: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #1: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #1: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: release_task+0xd5/0x1810 kernel/exit.c:250
 #2: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #2: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
 #2: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465

stack backtrace:
CPU: 1 PID: 18207 Comm: syz-executor.1 Not tainted 6.8.0-rc2-syzkaller-00251-g6897cea71837 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
 hash_netiface6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
 ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
 ip_set_destroy_set_rcu+0x6a/0xe0 net/netfilter/ipset/ip_set_core.c:1190
 rcu_do_batch kernel/rcu/tree.c:2190 [inline]
 rcu_core+0xd76/0x1810 kernel/rcu/tree.c:2465
 __do_softirq+0x2bb/0x942 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline]
RIP: 0010:rcu_is_watching+0x2e/0xb0 kernel/rcu/tree.c:700
Code: 41 57 41 56 53 65 ff 05 78 f1 88 7e e8 ab ad eb 09 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 40 f9 ad 8d <4c> 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 7c b4 7a 00
RSP: 0018:ffffc900142577c0 EFLAGS: 00000297
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81713840
RDX: 0000000000000000 RSI: ffffffff8bfe67c0 RDI: ffffffff8bfe6780
RBP: ffffc90014257910 R08: ffffffff8f85546f R09: 1ffffffff1f0aa8d
R10: dffffc0000000000 R11: fffffbfff1f0aa8e R12: 1ffff9200284af08
R13: ffffffff81583a05 R14: ffffffff8dadf948 R15: dffffc0000000000
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0xbf/0x9d0 kernel/locking/lockdep.c:5765
 rcu_lock_release include/linux/rcupdate.h:308 [inline]
 rcu_read_unlock include/linux/rcupdate.h:783 [inline]
 release_task+0x345/0x1810 kernel/exit.c:251
 exit_notify kernel/exit.c:767 [inline]
 do_exit+0x1a62/0x2740 kernel/exit.c:891
 do_group_exit+0x206/0x2c0 kernel/exit.c:1020
 get_signal+0x176d/0x1850 kernel/signal.c:2893
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:105 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
 syscall_exit_to_user_mode+0xc8/0x370 kernel/entry/common.c:212
 do_syscall_64+0x108/0x240 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f061707dda9
Code: Unable to access opcode bytes at 0x7f061707dd7f.
RSP: 002b:00007f0617dd7178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f06171abf88 RCX: 00007f061707dda9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f06171abf88
RBP: 00007f06171abf80 R08: 00007f0617dd76c0 R09: 00007f0617dd76c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f06171abf8c
R13: 000000000000000b R14: 00007f06172cf960 R15: 00007f06172cfa48
 </TASK>
----------------
Code disassembly (best guess):
   0:	c9                   	leave
   1:	50                   	push   %rax
   2:	e8 d9 c9 0b 00       	call   0xbc9e0
   7:	48 83 c4 08          	add    $0x8,%rsp
   b:	4c 89 f7             	mov    %r14,%rdi
   e:	e8 3d 37 00 00       	call   0x3750
  13:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 60 d5 0b 0a       	call   0xa0bd580
  20:	e8 1b 4d 35 00       	call   0x354d40
  25:	fb                   	sti
  26:	48 8b 5d c0          	mov    -0x40(%rbp),%rbx
* 2a:	48 8d bb d8 15 00 00 	lea    0x15d8(%rbx),%rdi <-- trapping instruction
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	49                   	rex.WB
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah