=============================
WARNING: suspicious RCU usage
6.7.0-next-20240118-syzkaller #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:456 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
6 locks held by modprobe/27372:
#0: ffff888029d6da68 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:663 [inline]
#0: ffff888029d6da68 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x1e2/0x950 mm/memory.c:5609
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: do_fault_around mm/memory.c:4698 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: do_read_fault mm/memory.c:4732 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: do_fault mm/memory.c:4871 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: do_pte_missing mm/memory.c:3748 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: handle_pte_fault mm/memory.c:5147 [inline]
#1: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: __handle_mm_fault+0x35e4/0x4c70 mm/memory.c:5288
#2: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#2: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#2: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x178/0x1290 mm/filemap.c:3532
#3: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#3: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#3: ffffffff8d5aec20 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x42/0x540 mm/pgtable-generic.c:285
#4: ffff8880269779a8 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff8880269779a8 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: __pte_offset_map_lock+0xf1/0x300 mm/pgtable-generic.c:373
#5: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#5: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2152 [inline]
#5: ffffffff8d5aeb00 (rcu_callback){....}-{0:0}, at: rcu_core+0x7cc/0x16b0 kernel/rcu/tree.c:2433
stack backtrace:
CPU: 0 PID: 27372 Comm: modprobe Not tainted 6.7.0-next-20240118-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x20b/0x3b0 kernel/locking/lockdep.c:6712
hash_ip4_destroy+0x320/0x420 net/netfilter/ipset/ip_set_hash_gen.h:456
ip_set_destroy_set+0x65/0x100 net/netfilter/ipset/ip_set_core.c:1180
rcu_do_batch kernel/rcu/tree.c:2158 [inline]
rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2433
__do_softirq+0x218/0x8de kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb9/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_is_held_type+0x107/0x150 kernel/locking/lockdep.c:5830
Code: 00 00 b8 ff ff ff ff 65 0f c1 05 cc 0a 4a 75 83 f8 01 75 2d 9c 58 f6 c4 02 75 43 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 45 31 ed eb
RSP: 0000:ffffc9000a7a7aa8 EFLAGS: 00000282
RAX: 0000000000000046 RBX: ffff8880233746e0 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8aecc000 RDI: ffffffff8b4ea780
RBP: ffff888028ae68f8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000005 R12: ffff888023373b80
R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000005
lock_is_held include/linux/lockdep.h:231 [inline]
xa_entry include/linux/xarray.h:1216 [inline]
xas_next_entry+0x29d/0x3c0 include/linux/xarray.h:1702
next_uptodate_folio+0x29/0x550 mm/filemap.c:3395
filemap_map_pages+0x534/0x1290 mm/filemap.c:3568
do_fault_around mm/memory.c:4699 [inline]
do_read_fault mm/memory.c:4732 [inline]
do_fault mm/memory.c:4871 [inline]
do_pte_missing mm/memory.c:3748 [inline]
handle_pte_fault mm/memory.c:5147 [inline]
__handle_mm_fault+0x3676/0x4c70 mm/memory.c:5288
handle_mm_fault+0x476/0xa00 mm/memory.c:5453
do_user_addr_fault+0x309/0x1020 arch/x86/mm/fault.c:1364
handle_page_fault arch/x86/mm/fault.c:1507 [inline]
exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1563
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f258b5c2c39
Code: 10 8b 54 24 ec 66 89 50 04 eb 19 b9 07 00 00 00 48 89 c7 48 8d 74 24 08 f3 a4 eb 08 48 8b 54 24 10 48 89 10 4a 8d 44 00 ff c3 <48> 8b 0d 80 12 12 00 48 8d 05 59 10 00 00 8b 91 b8 00 00 00 89 d6
RSP: 002b:00007ffd8ceed478 EFLAGS: 00010246
RAX: 00007f258b5c2c39 RBX: 00007f258b542000 RCX: 00000000000c0000
RDX: 0000000000000000 RSI: 00000000000016f9 RDI: 0000000000000000
RBP: 00007ffd8ceed580 R08: 00007ffd8cee0000 R09: 00007f258b7e7ab0
R10: 00007f258b546ab8 R11: 0000000000000025 R12: 00007f258b7b65c0
R13: 00007f258b7dbeda R14: 00007f258b6e3c98 R15: 00007f258b546ab8
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: b8 ff ff ff ff mov $0xffffffff,%eax
7: 65 0f c1 05 cc 0a 4a xadd %eax,%gs:0x754a0acc(%rip) # 0x754a0adb
e: 75
f: 83 f8 01 cmp $0x1,%eax
12: 75 2d jne 0x41
14: 9c pushf
15: 58 pop %rax
16: f6 c4 02 test $0x2,%ah
19: 75 43 jne 0x5e
1b: 48 f7 04 24 00 02 00 testq $0x200,(%rsp)
22: 00
23: 74 01 je 0x26
25: fb sti
26: 48 83 c4 08 add $0x8,%rsp
* 2a: 44 89 e8 mov %r13d,%eax <-- trapping instruction
2d: 5b pop %rbx
2e: 5d pop %rbp
2f: 41 5c pop %r12
31: 41 5d pop %r13
33: 41 5e pop %r14
35: 41 5f pop %r15
37: c3 ret
38: cc int3
39: cc int3
3a: cc int3
3b: cc int3
3c: 45 31 ed xor %r13d,%r13d
3f: eb .byte 0xeb