=============================
WARNING: suspicious RCU usage
syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
6 locks held by kworker/u4:7/4310:
 #0: ffff88802b7e4138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000453fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: 
ffffffff8c11c460
 (rcu_read_lock
){....}-{1:2}
, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312
 #3: 
ffff88805fe36948
 (
dev->qdisc_running_key ?: &qdisc_running_key
){+...}-{0:0}
, at: net_tx_action+0x6bc/0x870 net/core/dev.c:5128
 #4: ffff88805fe36908
 (
&sch->q.lock
){+.-.}-{2:2}
, at: spin_lock include/linux/spinlock.h:363 [inline]
, at: sch_direct_xmit+0x305/0x4a0 net/sched/sch_generic.c:354
 #5: 
ffffffff8c11c460
 (
rcu_read_lock
){....}-{1:2}
, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311

stack backtrace:
CPU: 1 PID: 4310 Comm: kworker/u4:7 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <IRQ>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 qdisc_lookup+0xa6/0x650 net/sched/sch_api.c:304
 qdisc_tree_reduce_backlog+0x190/0x430 net/sched/sch_api.c:793
 cake_dequeue+0x1b8f/0x4aa0 net/sched/sch_cake.c:2199
 qdisc_peek_dequeued+0x6e/0x1f0 include/net/sch_generic.h:1115
 tbf_dequeue+0x7d/0xce0 net/sched/sch_tbf.c:265
 dequeue_skb net/sched/sch_generic.c:292 [inline]
 qdisc_restart net/sched/sch_generic.c:397 [inline]
 __qdisc_run+0x237/0x1480 net/sched/sch_generic.c:415
 qdisc_run+0x103/0x2f0 include/net/pkt_sched.h:132
 net_tx_action+0x6bc/0x870 net/core/dev.c:5128
 handle_softirqs+0x328/0x820 kernel/softirq.c:576
 do_softirq+0x13b/0x200 kernel/softirq.c:477
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x174/0x1b0 kernel/softirq.c:401
 spin_unlock_bh include/linux/spinlock.h:408 [inline]
 batadv_nc_purge_paths+0x316/0x3b0 net/batman-adv/network-coding.c:475
 batadv_nc_worker+0x2e7/0x5c0 net/batman-adv/network-coding.c:724
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
vkms_vblank_simulate: vblank timer overrun