7:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 syzkaller daemon.err dhcpcd[202]Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 syzkaller daemon.err dhcpcd[202]: libudev: received NULL deviceAug 15 12:27:14 sAug 15 12:27:14 syzkaller daemonAug 15 12:27:14 syzkaller daemonAug 15 12:27:14 Aug 15 12:27:14 s[  477.817601][ T2814] ==================================================================
yzkaller daemonA[  477.826693][ T2814] BUG: KASAN: null-ptr-deref in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
yzkaller daemonA[  477.826693][ T2814] BUG: KASAN: null-ptr-deref in __tcf_idr_release net/sched/act_api.c:162 [inline]
yzkaller daemonA[  477.826693][ T2814] BUG: KASAN: null-ptr-deref in tcf_idrinfo_destroy+0xb9/0x220 net/sched/act_api.c:561
ug 15 12:27:14 s[  477.826729][ T2814] CPU: 0 PID: 2814 Comm: kworker/u4:4 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
yzkaller daemonA[  477.826800][ T2814]  dump_stack+0x15b/0x1b8 lib/dump_stack.c:118
ug 15 12:27:14 A[  477.895702][ T2814]  ? atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
ug 15 12:27:14 A[  477.895702][ T2814]  ? __tcf_idr_release net/sched/act_api.c:162 [inline]
ug 15 12:27:14 A[  477.895702][ T2814]  ? tcf_idrinfo_destroy+0xb9/0x220 net/sched/act_api.c:561
ug 15 12:27:14 s[  477.902243][ T2814]  ? atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
ug 15 12:27:14 s[  477.902243][ T2814]  ? __tcf_idr_release net/sched/act_api.c:162 [inline]
ug 15 12:27:14 s[  477.902243][ T2814]  ? tcf_idrinfo_destroy+0xb9/0x220 net/sched/act_api.c:561
yzkaller daemonA[  477.908794][ T2814]  __kasan_report+0xe4/0x120 mm/kasan/report.c:520
ug 15 12:27:14 s[  477.914749][ T2814]  ? atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
ug 15 12:27:14 s[  477.914749][ T2814]  ? __tcf_idr_release net/sched/act_api.c:162 [inline]
ug 15 12:27:14 s[  477.914749][ T2814]  ? tcf_idrinfo_destroy+0xb9/0x220 net/sched/act_api.c:561
yzkaller daemonA[  477.925641][ T2814]  check_memory_region_inline mm/kasan/generic.c:141 [inline]
yzkaller daemonA[  477.925641][ T2814]  check_memory_region+0x274/0x280 mm/kasan/generic.c:191
ug 15 12:27:14 A[  477.932133][ T2814]  __kasan_check_read+0x11/0x20 mm/kasan/common.c:93
ug 15 12:27:14 s[  477.943352][ T2814]  ? slab_free_hook mm/slub.c:1455 [inline]
ug 15 12:27:14 s[  477.943352][ T2814]  ? slab_free_freelist_hook+0xb7/0x180 mm/slub.c:1494
yzkaller daemonA[  477.950305][ T2814]  ? tcf_idr_check_alloc+0x4a0/0x4a0
ug 15 12:27:14 s[  477.961791][ T2814]  tc_action_net_exit include/net/act_api.h:145 [inline]
ug 15 12:27:14 s[  477.961791][ T2814]  police_exit_net+0xe3/0x150 net/sched/act_police.c:410
yzkaller daemonA[  477.967842][ T2814]  ? police_init_net+0x1f0/0x1f0
ug 15 12:27:14 s[  477.967880][ T2814]  ? ops_init+0x4a0/0x4a0
yzkaller kern.wA[  477.967916][ T2814]  process_one_work+0x73b/0xcc0 kernel/workqueue.c:2290
ug 15 12:27:14 A[  477.967939][ T2814]  ? atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:694 [inline]
ug 15 12:27:14 A[  477.967939][ T2814]  ? queued_spin_lock include/asm-generic/qspinlock.h:78 [inline]
ug 15 12:27:14 A[  477.967939][ T2814]  ? do_raw_spin_lock_flags include/linux/spinlock.h:193 [inline]
ug 15 12:27:14 A[  477.967939][ T2814]  ? __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
ug 15 12:27:14 A[  477.967939][ T2814]  ? _raw_spin_lock_irqsave+0xb0/0x110 kernel/locking/spinlock.c:159
ug 15 12:27:14 s[  478.025205][ T2814]  ? kthread_blkcg+0xd0/0xd0
yzkaller kern.nA[  478.035559][ T2814] ==================================================================
ug 15 12:27:14 syzkaller daemon.err dhcpcd[202]Aug 15 12:27:14 syzkaller kern.notice kernel: [ Aug 15 12:27:14 syzkaller daemonAug 15 12:27:14 s[  478.062389][ T2814] kasan: CONFIG_KASAN_INLINE enabled
yzkaller kern.nA[  478.068885][ T2814] kasan: GPF could be caused by NULL-ptr deref or user memory access
[g 15 12:27:14 s  478.068919][ T2814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
y[zkaller daemonA  478.068956][ T2814] RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
y[zkaller daemonA  478.068956][ T2814] RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline]
y[zkaller daemonA  478.068956][ T2814] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
y[zkaller daemonA  478.068956][ T2814] RIP: 0010:__tcf_idr_release net/sched/act_api.c:162 [inline]
y[zkaller daemonA  478.068956][ T2814] RIP: 0010:tcf_idrinfo_destroy+0xc0/0x220 net/sched/act_api.c:561
u[g 15 12:27:14 A  478.068976][ T2814] RSP: 0018:ffff8881ea4dfb60 EFLAGS: 00010202
ug 15 12:27:14 s[  478.068992][ T2814] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff
y[zkaller daemonA  478.069013][ T2814] R10: fffffbfff0ca7a5c R11: 1ffffffff0ca7a5c R12: fffffffffffffff0
ug 15 12:27:14 s[  478.181475][ T2814] R13: 0000000000000010 R14: ffffffff861b59f0 R15: dffffc0000000000
yzkaller kern.nA[  478.181495][ T2814] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
ug 15 12:27:14 A  478.181515][ T2814] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[g 15 12:27:14 s  478.181528][ T2814] Call Trace:
yzkaller kern.nA[  478.181564][ T2814]  ? tcf_idr_check_alloc+0x4a0/0x4a0
[g 15 12:27:14 s  478.181589][ T2814]  tc_action_net_exit include/net/act_api.h:145 [inline]
[g 15 12:27:14 s  478.181589][ T2814]  police_exit_net+0xe3/0x150 net/sched/act_police.c:410
y[zkaller daemonA  478.181618][ T2814]  ops_exit_list net/core/net_namespace.c:187 [inline]
y[zkaller daemonA  478.181618][ T2814]  cleanup_net+0x5fd/0xb40 net/core/net_namespace.c:612
ug 15 12:27:14 s[  478.271169][ T2814]  ? __kasan_check_write+0x14/0x20 mm/kasan/common.c:99
y[zkaller kern.nA  478.271201][ T2814]  ? read_word_at_a_time+0x12/0x20 include/linux/compiler.h:349
u[g 15 12:27:14 A  478.271227][ T2814]  process_one_work+0x73b/0xcc0 kernel/workqueue.c:2290
u[g 15 12:27:14 s  478.271257][ T2814]  ? atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:694 [inline]
u[g 15 12:27:14 s  478.271257][ T2814]  ? queued_spin_lock include/asm-generic/qspinlock.h:78 [inline]
u[g 15 12:27:14 s  478.271257][ T2814]  ? do_raw_spin_lock_flags include/linux/spinlock.h:193 [inline]
u[g 15 12:27:14 s  478.271257][ T2814]  ? __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
u[g 15 12:27:14 s  478.271257][ T2814]  ? _raw_spin_lock_irqsave+0xb0/0x110 kernel/locking/spinlock.c:159
[zkaller kern.nA  478.271290][ T2814]  ? worker_clr_flags+0x190/0x190
ug 15 12:27:14 A[  478.320653][ T2814]  ? kthread_blkcg+0xd0/0xd0
ug 15 12:27:14 s[  478.320668][ T2814]  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
yzkaller kern.nA[  478.320685][ T2814] Modules linked in:
ug 15 12:27:14 A[  478.343159][ T2814] RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
ug 15 12:27:14 A[  478.343159][ T2814] RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline]
ug 15 12:27:14 A[  478.343159][ T2814] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
ug 15 12:27:14 A[  478.343159][ T2814] RIP: 0010:__tcf_idr_release net/sched/act_api.c:162 [inline]
ug 15 12:27:14 A[  478.343159][ T2814] RIP: 0010:tcf_idrinfo_destroy+0xc0/0x220 net/sched/act_api.c:561
ug 15 12:27:14 A[  478.350297][ T2814] Code: 40 e8 b4 6b af 00 48 85 c0 0f 84 1a 01 00 00 49 89 c4 4c 8d 68 20 4c 89 ef be 04 00 00 00 e8 37 05 1b fe 4c 89 e8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 ba 00 00 00 45 8b 6d 00 31 ff 44 89 ee
ug 15 12:27:14 A[  478.371321][ T2814] RSP: 0018:ffff8881ea4dfb60 EFLAGS: 00010202
ug 15 12:27:14 A[  478.378729][ T2814] RAX: 0000000000000002 RBX: ffff8881d737e520 RCX: ffff8881e75ccec0
ug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 Aug 15 12:27:14 syzkaller daemonAug 15 12:27:14 Aug 15 12:27:14 A[  478.397196][ T2814] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff
ug 15 12:27:14 A[  478.405770][ T2814] RBP: ffff8881ea4dfc08 R08: 0000000000000004 R09: 0000000000000003