=============================
WARNING: suspicious RCU usage
6.15.0-rc1-syzkaller-g2fe2b96c3818 #0 Not tainted
-----------------------------
net/sched/sch_generic.c:1285 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by kworker/u8:7/6550:
 #0: ffff0000d3caa948 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 kernel/workqueue.c:3212
 #1: ffff8000a58c7b80 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 kernel/workqueue.c:3212
 #2: ffff800090127de0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:330

stack backtrace:
CPU: 0 UID: 0 PID: 6550 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-syzkaller-g2fe2b96c3818 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: bond0 bond_mii_monitor
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 lockdep_rcu_suspicious+0x1a8/0x2c0 kernel/locking/lockdep.c:6865
 dev_deactivate_queue+0xac/0x1e4 net/sched/sch_generic.c:1285
 netdev_for_each_tx_queue include/linux/netdevice.h:2650 [inline]
 dev_deactivate_many+0x130/0xb70 net/sched/sch_generic.c:1361
 dev_deactivate+0x13c/0x1fc net/sched/sch_generic.c:1398
 linkwatch_do_dev+0x100/0x1a8 net/core/link_watch.c:184
 linkwatch_sync_dev+0x150/0x16c net/core/link_watch.c:272
 ethtool_op_get_link+0x20/0x5c net/ethtool/ioctl.c:63
 bond_check_dev_link+0x1ac/0x3f4 drivers/net/bonding/bond_main.c:864
 bond_miimon_inspect drivers/net/bonding/bond_main.c:2734 [inline]
 bond_mii_monitor+0x3d8/0x28b4 drivers/net/bonding/bond_main.c:2956
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xf08 kernel/workqueue.c:3400
 kthread+0x674/0x7dc kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862

=============================
WARNING: suspicious RCU usage
6.15.0-rc1-syzkaller-g2fe2b96c3818 #0 Not tainted
-----------------------------
./include/linux/rtnetlink.h:163 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by kworker/u8:7/6550:
 #0: ffff0000d3caa948 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 kernel/workqueue.c:3212
 #1: ffff8000a58c7b80 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 kernel/workqueue.c:3212
 #2: ffff800090127de0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:330

stack backtrace:
CPU: 0 UID: 0 PID: 6550 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-syzkaller-g2fe2b96c3818 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: bond0 bond_mii_monitor
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 lockdep_rcu_suspicious+0x1a8/0x2c0 kernel/locking/lockdep.c:6865
 dev_ingress_queue include/linux/rtnetlink.h:163 [inline]
 dev_deactivate_many+0x208/0xb70 net/sched/sch_generic.c:1363
 dev_deactivate+0x13c/0x1fc net/sched/sch_generic.c:1398
 linkwatch_do_dev+0x100/0x1a8 net/core/link_watch.c:184
 linkwatch_sync_dev+0x150/0x16c net/core/link_watch.c:272
 ethtool_op_get_link+0x20/0x5c net/ethtool/ioctl.c:63
 bond_check_dev_link+0x1ac/0x3f4 drivers/net/bonding/bond_main.c:864
 bond_miimon_inspect drivers/net/bonding/bond_main.c:2734 [inline]
 bond_mii_monitor+0x3d8/0x28b4 drivers/net/bonding/bond_main.c:2956
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xf08 kernel/workqueue.c:3400
 kthread+0x674/0x7dc kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Unable to handle kernel paging request at virtual address ffffffff00000000
KASAN: maybe wild-memory-access in range [0x0003fff800000000-0x0003fff800000007]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001a45f1000
[ffffffff00000000] pgd=0000000000000000, p4d=00000001a8280403, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1]  SMP
Modules linked in:
CPU: 0 UID: 0 PID: 6550 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-syzkaller-g2fe2b96c3818 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: bond0 bond_mii_monitor
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : dev_deactivate_queue+0xe8/0x1e4 net/sched/sch_generic.c:1287
lr : dev_deactivate_queue+0x7c/0x1e4 net/sched/sch_generic.c:1285
sp : ffff8000a58c7410
x29: ffff8000a58c7410 x28: dfff800000000000 x27: 0000000000000001
x26: ffff800098957b58 x25: ffff8000989576e8 x24: ffff800098957ba0
x23: ffff80009341a000 x22: dfff800000000000 x21: ffffffff00000000
x20: ffff0000c1093810 x19: ffff8000a58c7480 x18: 1fffe000366ddab6
x17: ffff800123861000 x16: ffff8000806ad4b4 x15: 0000000000000009
x14: 1ffff00010000fb2 x13: ffff8000a58c8000 x12: ffff8000a58c7400
x11: ffff8000a58c7430 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff8000a58c7480 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 dev_deactivate_queue+0xe8/0x1e4 net/sched/sch_generic.c:1287 (P)
 dev_deactivate_many+0x2c4/0xb70 net/sched/sch_generic.c:1364
 dev_deactivate+0x13c/0x1fc net/sched/sch_generic.c:1398
 linkwatch_do_dev+0x100/0x1a8 net/core/link_watch.c:184
 linkwatch_sync_dev+0x150/0x16c net/core/link_watch.c:272
 ethtool_op_get_link+0x20/0x5c net/ethtool/ioctl.c:63
 bond_check_dev_link+0x1ac/0x3f4 drivers/net/bonding/bond_main.c:864
 bond_miimon_inspect drivers/net/bonding/bond_main.c:2734 [inline]
 bond_mii_monitor+0x3d8/0x28b4 drivers/net/bonding/bond_main.c:2956
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xf08 kernel/workqueue.c:3400
 kthread+0x674/0x7dc kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Code: 38766908 34000068 aa1503e0 978b0d1e (f94002a8) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	38766908 	ldrb	w8, [x8, x22]
   4:	34000068 	cbz	w8, 0x10
   8:	aa1503e0 	mov	x0, x21
   c:	978b0d1e 	bl	0xfffffffffe2c3484
* 10:	f94002a8 	ldr	x8, [x21] <-- trapping instruction