=============================
WARNING: suspicious RCU usage
6.8.0-rc2-syzkaller-00251-g6897cea71837 #0 Not tainted
-----------------------------
net/netfilter/ipset/ip_set_hash_gen.h:455 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
9 locks held by syz-executor.3/5083:
 #0: ffffffff8e1d56b0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mmap kernel/fork.c:635 [inline]
 #0: ffffffff8e1d56b0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1685 [inline]
 #0: ffffffff8e1d56b0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x271/0x21b0 kernel/fork.c:1734
 #1: ffff888079c46a20 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:124 [inline]
 #1: ffff888079c46a20 (&mm->mmap_lock){++++}-{3:3}, at: dup_mmap kernel/fork.c:636 [inline]
 #1: ffff888079c46a20 (&mm->mmap_lock){++++}-{3:3}, at: dup_mm kernel/fork.c:1685 [inline]
 #1: ffff888079c46a20 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x291/0x21b0 kernel/fork.c:1734
 #2: ffff888014c827a0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: mmap_write_lock_nested include/linux/mmap_lock.h:115 [inline]
 #2: ffff888014c827a0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: dup_mmap kernel/fork.c:645 [inline]
 #2: ffff888014c827a0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: dup_mm kernel/fork.c:1685 [inline]
 #2: ffff888014c827a0 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3cb/0x21b0 kernel/fork.c:1734
 #3: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #3: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #3: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 mm/pgtable-generic.c:285
 #4: ffff88802651d528 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff88802651d528 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: __pte_offset_map_lock+0x1ba/0x300 mm/pgtable-generic.c:373
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #5: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 mm/pgtable-generic.c:285
 #6: ffff888023b07648 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_pte_range mm/memory.c:1059 [inline]
 #6: ffff888023b07648 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_pmd_range mm/memory.c:1187 [inline]
 #6: ffff888023b07648 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_pud_range mm/memory.c:1224 [inline]
 #6: ffff888023b07648 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_p4d_range mm/memory.c:1248 [inline]
 #6: ffff888023b07648 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_page_range+0x108a/0x4240 mm/memory.c:1346
 #7: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #7: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #7: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: page_ext_get+0x20/0x2a0 mm/page_ext.c:508
 #8: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #8: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2184 [inline]
 #8: ffffffff8e130ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xcfc/0x1810 kernel/rcu/tree.c:2465

stack backtrace:
CPU: 0 PID: 5083 Comm: syz-executor.3 Not tainted 6.8.0-rc2-syzkaller-00251-g6897cea71837 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
 hash_netportnet6_destroy+0xf0/0x2c0 net/netfilter/ipset/ip_set_hash_gen.h:455
 ip_set_destroy_set net/netfilter/ipset/ip_set_core.c:1180 [inline]
 ip_set_destroy_set_rcu+0x6a/0xe0 net/netfilter/ipset/ip_set_core.c:1190
 rcu_do_batch kernel/rcu/tree.c:2190 [inline]
 rcu_core+0xd76/0x1810 kernel/rcu/tree.c:2465
 __do_softirq+0x2bb/0x942 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:page_table_check_set+0x25c/0x700 mm/page_table_check.c:121
Code: df be 04 00 00 00 e8 23 49 f4 ff 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 fc 00 00 00 8b 2b <31> ff 89 ee e8 4b 7d 95 ff 85 ed 0f 85 8f 01 00 00 48 8d 7b 04 be
RSP: 0018:ffffc900043772f0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff8880174d5108 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880174d5108
RBP: 0000000000000000 R08: ffff8880174d510b R09: 1ffff11002e9aa21
R10: dffffc0000000000 R11: ffffed1002e9aa22 R12: 1ffffffff2896abc
R13: 0000000000000000 R14: ffff8880174d50c0 R15: 0000000000000000
 __page_table_check_ptes_set+0x220/0x280 mm/page_table_check.c:196
 page_table_check_ptes_set include/linux/page_table_check.h:74 [inline]
 set_ptes include/linux/pgtable.h:241 [inline]
 copy_present_pte mm/memory.c:993 [inline]
 copy_pte_range mm/memory.c:1102 [inline]
 copy_pmd_range mm/memory.c:1187 [inline]
 copy_pud_range mm/memory.c:1224 [inline]
 copy_p4d_range mm/memory.c:1248 [inline]
 copy_page_range+0x2c7e/0x4240 mm/memory.c:1346
 dup_mmap kernel/fork.c:745 [inline]
 dup_mm kernel/fork.c:1685 [inline]
 copy_mm+0x12f4/0x21b0 kernel/fork.c:1734
 copy_process+0x1d73/0x3fc0 kernel/fork.c:2497
 kernel_clone+0x222/0x840 kernel/fork.c:2902
 __do_sys_clone kernel/fork.c:3045 [inline]
 __se_sys_clone kernel/fork.c:3029 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:3029
 do_syscall_64+0xf9/0x240
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fa7d1a7add3
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007fffbcf379e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7d1a7add3
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000555556631750 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
----------------
Code disassembly (best guess):
   0:	df be 04 00 00 00    	fistpll 0x4(%rsi)
   6:	e8 23 49 f4 ff       	call   0xfff4492e
   b:	48 89 d8             	mov    %rbx,%rax
   e:	48 c1 e8 03          	shr    $0x3,%rax
  12:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  19:	fc ff df
  1c:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
  20:	84 c0                	test   %al,%al
  22:	0f 85 fc 00 00 00    	jne    0x124
  28:	8b 2b                	mov    (%rbx),%ebp
* 2a:	31 ff                	xor    %edi,%edi <-- trapping instruction
  2c:	89 ee                	mov    %ebp,%esi
  2e:	e8 4b 7d 95 ff       	call   0xff957d7e
  33:	85 ed                	test   %ebp,%ebp
  35:	0f 85 8f 01 00 00    	jne    0x1ca
  3b:	48 8d 7b 04          	lea    0x4(%rbx),%rdi
  3f:	be                   	.byte 0xbe