program: socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x24000041) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_emit_ethernet(0x22, &(0x7f0000000240)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x2, 0x0, 0x14, 0x67, 0x0, 0x2, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x25}}}}}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r4, 0x0, 0x0}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg$inet(r6, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendto$inet(r6, &(0x7f0000000700), 0x0, 0x40040, 0x0, 0x0) [ 85.026372][ T4689] Bluetooth: hci0: command tx timeout [ 85.386075][ T5352] [ 85.387266][ T5352] ============================= [ 85.389783][ T5352] WARNING: suspicious RCU usage [ 85.392587][ T5352] 6.16.0-syzkaller #0 Not tainted [ 85.394882][ T5352] ----------------------------- [ 85.397070][ T5352] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 85.401051][ T5352] [ 85.401051][ T5352] other info that might help us debug this: [ 85.401051][ T5352] [ 85.405887][ T5352] [ 85.405887][ T5352] rcu_scheduler_active = 2, debug_locks = 1 [ 85.409450][ T5352] 1 lock held by syz.0.0/5352: [ 85.411558][ T5352] #0: ffffffff8e13f2c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80 [ 85.415692][ T5352] [ 85.415692][ T5352] stack backtrace: [ 85.418143][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 85.418163][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.418172][ T5352] Call Trace: [ 85.418181][ T5352] [ 85.418189][ T5352] dump_stack_lvl+0x189/0x250 [ 85.418211][ T5352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.418236][ T5352] ? __pfx__printk+0x10/0x10 [ 85.418262][ T5352] lockdep_rcu_suspicious+0x140/0x1d0 [ 85.418280][ T5352] get_callchain_entry+0x2b6/0x3c0 [ 85.418345][ T5352] get_perf_callchain+0xa1/0x6b0 [ 85.418365][ T5352] ? __pfx_get_perf_callchain+0x10/0x10 [ 85.418381][ T5352] ? futex_unqueue+0x22/0x240 [ 85.418398][ T5352] ? futex_unqueue+0x211/0x240 [ 85.418409][ T5352] ? __futex_wait+0x1d1/0x3e0 [ 85.418416][ T5352] ? __futex_wait+0x34f/0x3e0 [ 85.418423][ T5352] __bpf_get_stack+0x3fc/0xa60 [ 85.418435][ T5352] ? __pfx___bpf_get_stack+0x10/0x10 [ 85.418442][ T5352] ? __lock_acquire+0xab9/0xd20 [ 85.418451][ T5352] bpf_get_stack+0x33/0x50 [ 85.418458][ T5352] ? bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e [ 85.418465][ T5352] bpf_get_stack_raw_tp+0x1a9/0x220 [ 85.418477][ T5352] bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e [ 85.418483][ T5352] bpf_prog_run_pin_on_cpu+0x6a/0x150 [ 85.418495][ T5352] bpf_prog_test_run_syscall+0x312/0x4b0 [ 85.418507][ T5352] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 85.418521][ T5352] ? __fget_files+0x2a/0x420 [ 85.418538][ T5352] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 85.418553][ T5352] bpf_prog_test_run+0x2c7/0x340 [ 85.418570][ T5352] __sys_bpf+0x4a4/0x860 [ 85.418583][ T5352] ? __pfx___sys_bpf+0x10/0x10 [ 85.418598][ T5352] ? rcu_is_watching+0x15/0xb0 [ 85.418625][ T5352] ? rcu_is_watching+0x15/0xb0 [ 85.418637][ T5352] __x64_sys_bpf+0x7c/0x90 [ 85.418647][ T5352] do_syscall_64+0xfa/0x3b0 [ 85.418686][ T5352] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.418695][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.418708][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 85.418722][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.418733][ T5352] RIP: 0033:0x7f9bef58e9a9 [ 85.418745][ T5352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.418771][ T5352] RSP: 002b:00007f9bf0335038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 85.418785][ T5352] RAX: ffffffffffffffda RBX: 00007f9bef7b6160 RCX: 00007f9bef58e9a9 [ 85.418793][ T5352] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 85.418800][ T5352] RBP: 00007f9bef610d69 R08: 0000000000000000 R09: 0000000000000000 [ 85.418806][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.418812][ T5352] R13: 0000000000000000 R14: 00007f9bef7b6160 R15: 00007ffcf959a9a8 [ 85.418830][ T5352]