program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r2) ioctl$SIOCSIFHWADDR(r2, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r5}, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0xb6f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x2, 0x12, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@map_fd={0x18, 0x7}, @generic={0x3, 0xb, 0xb, 0x1, 0x8001}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x7, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) syz_usb_connect$cdc_ecm(0x2, 0x62, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000020000082505a1a440000102030109025000010100000009040000030806"], 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200)=@usbdevfs_connect) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='fib6_table_lookup\x00', r6}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x89f1, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0xc, &(0x7f0000000c80)=ANY=[@ANYBLOB="180100001100000000000000000000001812000022bdf8e571671d8018ae50d5aa926bdea4c8b711350855db51399b0081fef30571d6aba46b3b1d9a0cbf24fc2fed74bfb52b7409f71fa699fc078687176c486006da52386731f9b77221337e3242288237bfb5f2b1ce9845ad995367e9402281db3169f440707aa756111b666189cafc74fcf60583b2931f400f8e0e7f5eb8893a95270dc381f9cc8b2ff35e13dac1b7fe321461be24ccae8acd4a3fae38d1d202c3ffe6a4afdb1cd5da389687b5e658ec36a7d70dd0757c04e11c392cd0d576e9d7fb96fc2b5162c9b54d473abfb4dbf795", @ANYRES16=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x7, &(0x7f0000000780)=ANY=[@ANYBLOB="1802000007000000000000000080000018110000", @ANYRES32, @ANYBLOB="0001000000000000b70200000022000085000000860000009500000000000000"], 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r10}, 0x10) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r11}, 0xc) [ 87.971524][ T4682] Bluetooth: hci0: command tx timeout [ 88.371180][ T5339] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 88.523947][ T5339] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 88.528715][ T5339] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 88.537805][ T5339] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 88.542319][ T5339] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.545931][ T5339] usb 5-1: Product: syz [ 88.547705][ T5339] usb 5-1: Manufacturer: syz [ 88.549773][ T5339] usb 5-1: SerialNumber: syz [ 88.566984][ T5339] usb-storage 5-1:1.0: USB Mass Storage device detected [ 88.766011][ T5341] usb-storage 5-1:1.0: USB Mass Storage device detected [ 88.824927][ T5341] [ 88.826181][ T5341] ============================= [ 88.828364][ T5341] WARNING: suspicious RCU usage [ 88.830565][ T5341] syzkaller #0 Not tainted [ 88.832893][ T5341] ----------------------------- [ 88.835079][ T5341] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 88.838691][ T5341] [ 88.838691][ T5341] other info that might help us debug this: [ 88.838691][ T5341] [ 88.843482][ T5341] [ 88.843482][ T5341] rcu_scheduler_active = 2, debug_locks = 1 [ 88.847100][ T5341] 1 lock held by syz.0.0/5341: [ 88.849108][ T5341] #0: ffffffff8e141bc0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80 [ 88.853805][ T5341] [ 88.853805][ T5341] stack backtrace: [ 88.856407][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 88.856423][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.856430][ T5341] Call Trace: [ 88.856436][ T5341] [ 88.856444][ T5341] dump_stack_lvl+0x189/0x250 [ 88.856464][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.856478][ T5341] ? __pfx__printk+0x10/0x10 [ 88.856494][ T5341] ? __lock_acquire+0x6b6/0x2cf0 [ 88.856516][ T5341] lockdep_rcu_suspicious+0x140/0x1d0 [ 88.856533][ T5341] get_callchain_entry+0x2b6/0x3c0 [ 88.856589][ T5341] get_perf_callchain+0xb3/0x820 [ 88.856606][ T5341] ? __pfx_get_perf_callchain+0x10/0x10 [ 88.856622][ T5341] ? futex_unqueue+0x22/0x240 [ 88.856634][ T5341] ? futex_unqueue+0x22/0x240 [ 88.856642][ T5341] ? futex_unqueue+0x22/0x240 [ 88.856656][ T5341] __bpf_get_stack+0x45b/0xaa0 [ 88.856678][ T5341] ? __pfx___bpf_get_stack+0x10/0x10 [ 88.856700][ T5341] bpf_get_stack+0x33/0x50 [ 88.856714][ T5341] ? bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 88.856725][ T5341] bpf_get_stack_raw_tp+0x1a9/0x220 [ 88.856742][ T5341] bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 88.856754][ T5341] bpf_prog_run_pin_on_cpu+0x143/0x480 [ 88.856771][ T5341] bpf_prog_test_run_syscall+0x312/0x4b0 [ 88.856784][ T5341] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 88.856796][ T5341] ? __fget_files+0x2a/0x420 [ 88.856811][ T5341] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 88.856822][ T5341] bpf_prog_test_run+0x2c7/0x340 [ 88.856840][ T5341] __sys_bpf+0x562/0x860 [ 88.856855][ T5341] ? __pfx___sys_bpf+0x10/0x10 [ 88.856868][ T5341] ? ktime_get+0x1d2/0x200 [ 88.856904][ T5341] ? rcu_is_watching+0x15/0xb0 [ 88.856925][ T5341] __x64_sys_bpf+0x7c/0x90 [ 88.856940][ T5341] do_syscall_64+0xfa/0xf80 [ 88.856991][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.857003][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 88.857018][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.857029][ T5341] RIP: 0033:0x7fbbbb18f7c9 [ 88.857040][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.857049][ T5341] RSP: 002b:00007fbbbc06b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 88.857061][ T5341] RAX: ffffffffffffffda RBX: 00007fbbbb3e5fa0 RCX: 00007fbbbb18f7c9 [ 88.857069][ T5341] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 88.857074][ T5341] RBP: 00007fbbbb213f91 R08: 0000000000000000 R09: 0000000000000000 [ 88.857081][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.857086][ T5341] R13: 00007fbbbb3e6038 R14: 00007fbbbb3e5fa0 R15: 00007ffd901b3bb8 [ 88.857105][ T5341] [ 88.982235][ T5339] usb 5-1: USB disconnect, device number 2