program: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000140)={0x1, 0x1, 0x2}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(r3, &(0x7f0000000000)="a9d97cb72db9296a8f641779020547c83c", 0x11, 0x0, &(0x7f0000000080)={0x11, 0x7, 0x0, 0x1, 0x5, 0x6, @remote}, 0x14) r4 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r8, 0x0, 0x0}, 0x10) [ 75.099717][ T4668] Bluetooth: hci0: command tx timeout [ 75.436081][ T5319] [ 75.437447][ T5319] ============================= [ 75.439691][ T5319] WARNING: suspicious RCU usage [ 75.441432][ T5319] syzkaller #0 Not tainted [ 75.443150][ T5319] ----------------------------- [ 75.445601][ T5319] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 75.449280][ T5319] [ 75.449280][ T5319] other info that might help us debug this: [ 75.449280][ T5319] [ 75.453882][ T5319] [ 75.453882][ T5319] rcu_scheduler_active = 2, debug_locks = 1 [ 75.458024][ T5319] 1 lock held by syz.0.0/5319: [ 75.460178][ T5319] #0: ffffffff8df3d800 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80 [ 75.464847][ T5319] [ 75.464847][ T5319] stack backtrace: [ 75.467030][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.467042][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.467048][ T5319] Call Trace: [ 75.467052][ T5319] [ 75.467056][ T5319] dump_stack_lvl+0x189/0x250 [ 75.467072][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.467083][ T5319] ? __pfx__printk+0x10/0x10 [ 75.467096][ T5319] lockdep_rcu_suspicious+0x140/0x1d0 [ 75.467107][ T5319] get_callchain_entry+0x2b6/0x3c0 [ 75.467117][ T5319] get_perf_callchain+0xb3/0x6f0 [ 75.467126][ T5319] ? __pfx___schedule+0x10/0x10 [ 75.467136][ T5319] ? __pfx_get_perf_callchain+0x10/0x10 [ 75.467148][ T5319] __bpf_get_stack+0x3fa/0xa60 [ 75.467159][ T5319] ? __pfx___bpf_get_stack+0x10/0x10 [ 75.467169][ T5319] bpf_get_stack+0x33/0x50 [ 75.467180][ T5319] ? bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 75.467188][ T5319] bpf_get_stack_raw_tp+0x1a9/0x220 [ 75.467200][ T5319] bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 75.467208][ T5319] bpf_prog_run_pin_on_cpu+0x143/0x470 [ 75.467222][ T5319] bpf_prog_test_run_syscall+0x312/0x4b0 [ 75.467234][ T5319] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 75.467245][ T5319] ? __fget_files+0x2a/0x420 [ 75.467258][ T5319] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 75.467275][ T5319] bpf_prog_test_run+0x2c7/0x340 [ 75.467289][ T5319] __sys_bpf+0x562/0x860 [ 75.467301][ T5319] ? __pfx___sys_bpf+0x10/0x10 [ 75.467309][ T5319] ? rcu_is_watching+0x15/0xb0 [ 75.467334][ T5319] ? rcu_is_watching+0x15/0xb0 [ 75.467352][ T5319] __x64_sys_bpf+0x7c/0x90 [ 75.467368][ T5319] do_syscall_64+0xfa/0xfa0 [ 75.467378][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.467387][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.467394][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 75.467402][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.467409][ T5319] RIP: 0033:0x7ff07b38efc9 [ 75.467417][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.467423][ T5319] RSP: 002b:00007ff07c1a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 75.467432][ T5319] RAX: ffffffffffffffda RBX: 00007ff07b5e6090 RCX: 00007ff07b38efc9 [ 75.467438][ T5319] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 75.467442][ T5319] RBP: 00007ff07b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.467446][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.467450][ T5319] R13: 00007ff07b5e6128 R14: 00007ff07b5e6090 R15: 00007ffe3fa33e88 [ 75.467461][ T5319]