=============================
WARNING: suspicious RCU usage
6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0 Not tainted
-----------------------------
net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
5 locks held by syz-executor.1/7765:
#0: ffff88807c0127a0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:146 [inline]
#0: ffff88807c0127a0 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x1be/0xd60 mm/mmap.c:3251
#1: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#1: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#1: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 mm/pgtable-generic.c:285
#2: ffff888064928c18 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff888064928c18 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: __pte_offset_map_lock+0x1ba/0x300 mm/pgtable-generic.c:373
#3: ffffc90000007c00 ((&p->forward_delay_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1790
#4: ffff8880608eccb8 (&br->lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff8880608eccb8 (&br->lock){+.-.}-{2:2}, at: br_forward_delay_timer_expired+0x50/0x440 net/bridge/br_stp_timer.c:86
stack backtrace:
CPU: 0 PID: 7765 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
nbp_vlan_group net/bridge/br_private.h:1599 [inline]
br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105
br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47
br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88
call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
expire_timers kernel/time/timer.c:1844 [inline]
__run_timers kernel/time/timer.c:2418 [inline]
__run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
run_timer_base kernel/time/timer.c:2438 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
__do_softirq+0x2c6/0x980 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:122 [inline]
RIP: 0010:lock_acquire+0x144/0x550 kernel/locking/lockdep.c:5730
Code: 8b 05 b0 fc 8f 7e 85 c0 0f 85 8f 01 00 00 65 48 8b 1c 25 c0 d3 03 00 48 81 c3 d4 0a 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 e5 02 00 00 83 3b 00 0f 85 62 01 00 00 4c 8d bc 24 80
RSP: 0018:ffffc900041af380 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: ffff888027cc64d4 RCX: ffffffff81728d84
RDX: 0000000000000000 RSI: ffffffff8c1f7ec0 RDI: ffffffff8c1f7e80
RBP: ffffc900041af4d0 R08: ffffffff8fa8fb6f R09: 1ffffffff1f51f6d
R10: dffffc0000000000 R11: fffffbfff1f51f6e R12: 1ffff92000835e78
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000011
rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
rcu_read_lock include/linux/rcupdate.h:781 [inline]
__lruvec_stat_mod_folio+0x9a/0x300 mm/memcontrol.c:907
__folio_remove_rmap mm/rmap.c:1553 [inline]
folio_remove_rmap_ptes+0x2ea/0x540 mm/rmap.c:1590
zap_present_folio_ptes mm/memory.c:1503 [inline]
zap_present_ptes mm/memory.c:1563 [inline]
zap_pte_range mm/memory.c:1605 [inline]
zap_pmd_range mm/memory.c:1722 [inline]
zap_pud_range mm/memory.c:1751 [inline]
zap_p4d_range mm/memory.c:1772 [inline]
unmap_page_range+0x1d68/0x4870 mm/memory.c:1793
unmap_vmas+0x3cc/0x5f0 mm/memory.c:1883
exit_mmap+0x2cb/0xd60 mm/mmap.c:3267
__mmput+0x115/0x3c0 kernel/fork.c:1346
exit_mm+0x220/0x310 kernel/exit.c:569
do_exit+0x99e/0x27e0 kernel/exit.c:865
do_group_exit+0x207/0x2c0 kernel/exit.c:1027
__do_sys_exit_group kernel/exit.c:1038 [inline]
__se_sys_exit_group kernel/exit.c:1036 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe32a67dca9
Code: Unable to access opcode bytes at 0x7fe32a67dc7f.
RSP: 002b:00007fe32a8cfd38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fe32a67dca9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 00007fe32a600000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
vkms_vblank_simulate: vblank timer overrun
bridge0: port 1(bridge_slave_0) entered learning state
bridge0: port 2(bridge_slave_1) entered learning state
----------------
Code disassembly (best guess):
0: 8b 05 b0 fc 8f 7e mov 0x7e8ffcb0(%rip),%eax # 0x7e8ffcb6
6: 85 c0 test %eax,%eax
8: 0f 85 8f 01 00 00 jne 0x19d
e: 65 48 8b 1c 25 c0 d3 mov %gs:0x3d3c0,%rbx
15: 03 00
17: 48 81 c3 d4 0a 00 00 add $0xad4,%rbx
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
25: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax
* 2a: 84 c0 test %al,%al <-- trapping instruction
2c: 0f 85 e5 02 00 00 jne 0x317
32: 83 3b 00 cmpl $0x0,(%rbx)
35: 0f 85 62 01 00 00 jne 0x19d
3b: 4c rex.WR
3c: 8d .byte 0x8d
3d: bc .byte 0xbc
3e: 24 80 and $0x80,%al