Bluetooth: hci0: command 0x040f tx timeout ============================= WARNING: suspicious RCU usage 5.15.188-syzkaller #0 Not tainted ----------------------------- net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 12 locks held by kworker/1:15/4252: #0: ffff88814c5f4538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1 #1: ffffc9000306fd00 ((work_completion)(&(&idev->mc_dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285 #2: ffff888078650530 (&idev->mc_lock){+.+.}-{3:3}, at: mld_dad_work+0x35/0x270 net/ipv6/mcast.c:2267 #3: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311 #4: ffffffff8c11c3c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312 #5: ffffffff8c11c3c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312 #6: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311 #7: ffffffff8c11c3c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312 #8: ffffffff8c11c3c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312 #9: ffff88807d7b7148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: neigh_hh_output include/net/neighbour.h:493 [inline] #9: ffff88807d7b7148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: neigh_output include/net/neighbour.h:507 [inline] #9: ffff88807d7b7148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: ip_finish_output2+0xc69/0x1080 net/ipv4/ip_output.c:228 #10: ffff88807d7b7108 (&sch->q.lock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline] #10: ffff88807d7b7108 (&sch->q.lock){+...}-{2:2}, at: sch_direct_xmit+0x305/0x4a0 net/sched/sch_generic.c:354 #11: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311 stack backtrace: CPU: 1 PID: 4252 Comm: kworker/1:15 Not tainted 5.15.188-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: mld mld_dad_work Call Trace: dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106 qdisc_lookup+0xa6/0x650 net/sched/sch_api.c:304 qdisc_tree_reduce_backlog+0x190/0x430 net/sched/sch_api.c:788 codel_qdisc_dequeue+0x1523/0x2100 net/sched/sch_codel.c:102 qdisc_peek_dequeued+0x6e/0x1f0 include/net/sch_generic.h:1115 tbf_dequeue+0x7d/0xce0 net/sched/sch_tbf.c:265 dequeue_skb net/sched/sch_generic.c:292 [inline] qdisc_restart net/sched/sch_generic.c:397 [inline] __qdisc_run+0x237/0x1480 net/sched/sch_generic.c:415 __dev_xmit_skb net/core/dev.c:3942 [inline] __dev_queue_xmit+0xeb9/0x2ed0 net/core/dev.c:4253 neigh_hh_output include/net/neighbour.h:493 [inline] neigh_output include/net/neighbour.h:507 [inline] ip_finish_output2+0xc69/0x1080 net/ipv4/ip_output.c:228 iptunnel_xmit+0x525/0x960 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x1b7/0x280 net/ipv4/udp_tunnel_core.c:175 geneve_xmit_skb drivers/net/geneve.c:1006 [inline] geneve_xmit+0x24dd/0x3070 drivers/net/geneve.c:1119 __netdev_start_xmit include/linux/netdevice.h:5027 [inline] netdev_start_xmit include/linux/netdevice.h:5041 [inline] xmit_one net/core/dev.c:3649 [inline] dev_hard_start_xmit+0x2a5/0x7e0 net/core/dev.c:3665 __dev_queue_xmit+0x19df/0x2ed0 net/core/dev.c:4288 neigh_hh_output include/net/neighbour.h:493 [inline] neigh_output include/net/neighbour.h:507 [inline] ip6_finish_output2+0x1035/0x1500 net/ipv6/ip6_output.c:130 dst_output include/net/dst.h:452 [inline] NF_HOOK+0x15f/0x430 include/linux/netfilter.h:302 mld_sendpack+0x713/0xc30 net/ipv6/mcast.c:1826 mld_dad_work+0x41/0x270 net/ipv6/mcast.c:2268 process_one_work+0x863/0x1000 kernel/workqueue.c:2310 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287