=============================
WARNING: suspicious RCU usage
5.15.173-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
6 locks held by kworker/u4:7/4421:
 #0: ffff88814c62f938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
 #1: ffffc90002e27d20 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
 #2: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312
 #3: ffff88801e74d148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: net_tx_action+0x73a/0x8e0 net/core/dev.c:5096
 #4: ffff88801e74d108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #4: ffff88801e74d108 (&sch->q.lock){+.-.}-{2:2}, at: sch_direct_xmit+0x370/0x5e0 net/sched/sch_generic.c:354
 #5: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311

stack backtrace:
CPU: 0 PID: 4421 Comm: kworker/u4:7 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 qdisc_lookup+0xa8/0x630 net/sched/sch_api.c:304
 qdisc_tree_reduce_backlog+0x212/0x4f0 net/sched/sch_api.c:800
 cake_dequeue+0x2297/0x4600 net/sched/sch_cake.c:2179
 qdisc_peek_dequeued+0x6f/0x220 include/net/sch_generic.h:1100
 tbf_dequeue+0x80/0xd60 net/sched/sch_tbf.c:259
 dequeue_skb net/sched/sch_generic.c:292 [inline]
 qdisc_restart net/sched/sch_generic.c:397 [inline]
 __qdisc_run+0x253/0x1e90 net/sched/sch_generic.c:415
 qdisc_run+0x10d/0x320 include/net/pkt_sched.h:132
 net_tx_action+0x73a/0x8e0 net/core/dev.c:5096
 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558
 __do_softirq kernel/softirq.c:592 [inline]
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:641
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:653
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:103 [inline]
RIP: 0010:__local_bh_enable_ip+0x16c/0x1f0 kernel/softirq.c:390
Code: 8a e8 28 f9 e6 08 65 66 8b 05 30 0e b6 7e 66 85 c0 75 57 bf 01 00 00 00 e8 01 f2 09 00 e8 4c 67 39 00 fb 65 8b 05 1c e5 b4 7e <85> c0 75 05 e8 eb 01 b3 ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
RSP: 0018:ffffc90002e27aa0 EFLAGS: 00000286
RAX: 0000000080000000 RBX: 1ffff920005c4f58 RCX: ffffffff81632d68
RDX: dffffc0000000000 RSI: ffffffff8a8b2a80 RDI: ffffffff8ad90540
RBP: ffffc90002e27b50 R08: dffffc0000000000 R09: fffffbfff20ec83e
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff920005c4f5c R14: ffffc90002e27ae0 R15: 0000000000000201
 spin_unlock_bh include/linux/spinlock.h:408 [inline]
 batadv_nc_purge_paths+0x30e/0x3b0 net/batman-adv/network-coding.c:475
 batadv_nc_worker+0x30b/0x5b0 net/batman-adv/network-coding.c:726
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
----------------
Code disassembly (best guess):
   0:	8a e8                	mov    %al,%ch
   2:	28 f9                	sub    %bh,%cl
   4:	e6 08                	out    %al,$0x8
   6:	65 66 8b 05 30 0e b6 	mov    %gs:0x7eb60e30(%rip),%ax        # 0x7eb60e3e
   d:	7e
   e:	66 85 c0             	test   %ax,%ax
  11:	75 57                	jne    0x6a
  13:	bf 01 00 00 00       	mov    $0x1,%edi
  18:	e8 01 f2 09 00       	call   0x9f21e
  1d:	e8 4c 67 39 00       	call   0x39676e
  22:	fb                   	sti
  23:	65 8b 05 1c e5 b4 7e 	mov    %gs:0x7eb4e51c(%rip),%eax        # 0x7eb4e546
* 2a:	85 c0                	test   %eax,%eax <-- trapping instruction
  2c:	75 05                	jne    0x33
  2e:	e8 eb 01 b3 ff       	call   0xffb3021e
  33:	48 c7 44 24 20 0e 36 	movq   $0x45e0360e,0x20(%rsp)
  3a:	e0 45
  3c:	49                   	rex.WB
  3d:	c7                   	.byte 0xc7
  3e:	04 1c                	add    $0x1c,%al