May 18 00:04:37 syzkaller kern.warn kerne[  150.454874][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
l: [  149.864835[  150.465176][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
May 18 00:04:37 syzkaller kern.warn kernel: [[  150.488683][    T9] ==================================================================
  149.894868][  [  150.497096][    T9] BUG: KASAN: null-ptr-deref in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
  149.894868][  [  150.497096][    T9] BUG: KASAN: null-ptr-deref in __tcf_idr_release net/sched/act_api.c:162 [inline]
  149.894868][  [  150.497096][    T9] BUG: KASAN: null-ptr-deref in tcf_idrinfo_destroy+0xb9/0x220 net/sched/act_api.c:561
T432] asix 5-1:0[  150.513734][    T9] 
.0 (unnamed net_[  150.527173][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
device) (uniniti[  150.538612][    T9] Workqueue: netns cleanup_net
alized): Failed [  150.548037][    T9]  __dump_stack+0x1e/0x20 lib/dump_stack.c:77
to write reg ind[  150.558051][    T9]  ? thaw_kernel_threads+0x220/0x220
ex 0x0000: -71
May 18 00:04:37 [  150.581641][    T9]  __kasan_report+0xe4/0x120 mm/kasan/report.c:520
syzkaller kern.e[  150.592796][    T9]  kasan_report+0x30/0x60 mm/kasan/common.c:653
rr kernel: [  14[  150.603623][    T9]  __kasan_check_read+0x11/0x20 mm/kasan/common.c:93
9.905885][  T432[  150.614884][    T9]  ? slab_free_hook mm/slub.c:1455 [inline]
9.905885][  T432[  150.614884][    T9]  ? slab_free_freelist_hook+0xb7/0x180 mm/slub.c:1494
] asix 5-1:0.0 ([  150.627101][    T9]  ? tc_action_net_exit include/net/act_api.h:146 [inline]
] asix 5-1:0.0 ([  150.627101][    T9]  ? gact_exit_net+0xfd/0x150 net/sched/act_gact.c:284
unnamed net_devi[  150.637644][    T9]  ? gact_init_net+0x1f0/0x1f0
ce) (uninitializ[  150.648216][    T9]  ? __kasan_check_write+0x14/0x20 mm/kasan/common.c:99
ed): Failed to e[  150.659065][    T9]  ? read_word_at_a_time+0x12/0x20 include/linux/compiler.h:349
nable software M[  150.669727][    T9]  process_one_work+0x73b/0xcc0 kernel/workqueue.c:2290
II access
May 1[  150.675947][    T9]  worker_thread+0xa5c/0x13b0 kernel/workqueue.c:2436
8 00:04:37 syzka[  150.682007][    T9]  kthread+0x31e/0x3a0 kernel/kthread.c:288
ller kern.warn k[  150.692467][    T9]  ? kthread_blkcg+0xd0/0xd0
ernel: [  149.93[  150.702839][    T9] ==================================================================
4845][  T432] as[  150.718548][    T9] kasan: CONFIG_KASAN_INLINE enabled
ix 5-1:0.0 (unna[  150.719556][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
med net_device) [  150.736439][    T9] kasan: GPF could be caused by NULL-ptr deref or user memory access
([uninitialized):  150.736486][    T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Tainted: G    B             5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
 Failed to read [  150.736492][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
reg index 0x0000[  150.736528][    T9] RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
reg index 0x0000[  150.736528][    T9] RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline]
reg index 0x0000[  150.736528][    T9] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
reg index 0x0000[  150.736528][    T9] RIP: 0010:__tcf_idr_release net/sched/act_api.c:162 [inline]
reg index 0x0000[  150.736528][    T9] RIP: 0010:tcf_idrinfo_destroy+0xc0/0x220 net/sched/act_api.c:561
: -71
May 18 00[  150.736545][    T9] RSP: 0018:ffff8881f5dcfb60 EFLAGS: 00010202
:04:37 syzkaller[  150.736557][    T9] RAX: 0000000000000002 RBX: ffff8881f35cee20 RCX: ffff8881f5dc5e80
 kern.warn kerne[  150.736563][    T9] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff
l: [  149.964831[  150.736580][    T9] R10: fffffbfff0ca7a5c R11: 1ffffffff0ca7a5c R12: fffffffffffffff0
][  T432] asix 5[  150.736596][    T9] R13: 0000000000000010 R14: ffffffff861b5dd0 R15: dffffc0000000000
-1:0.0 (unnamed [  150.754848][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
net_device) (uni[  150.765252][    T9] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
nitialized): Fai[  150.765260][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
led to write reg[  150.765267][    T9] CR2: 0000200001000000 CR3: 00000001ec918000 CR4: 00000000003406b0
 [index 0x0000: -  150.765289][    T9] Call Trace:
7[1
May 18 00:04  150.765325][    T9]  ? tcf_idr_check_alloc+0x4a0/0x4a0
:[37 syzkaller ke  150.765354][    T9]  tc_action_net_exit include/net/act_api.h:145 [inline]
:[37 syzkaller ke  150.765354][    T9]  gact_exit_net+0xe3/0x150 net/sched/act_gact.c:284
rn.err kernel: [[  150.765367][    T9]  ? gact_init_net+0x1f0/0x1f0
 [ 149.976031][    150.765401][    T9]  ? __kasan_check_write+0x14/0x20 mm/kasan/common.c:99
T432] asix 5-1:0[  150.765433][    T9]  ? read_word_at_a_time+0x12/0x20 include/linux/compiler.h:349
[.0 (unnamed net_  150.781462][    T9]  ? strscpy+0x9b/0x290 lib/string.c:209
d[evice) (uniniti  150.781493][    T9]  worker_thread+0xa5c/0x13b0 kernel/workqueue.c:2436
a[lized): Failed   150.781527][    T9]  ? worker_clr_flags+0x190/0x190
t[o enable softwa  150.781552][    T9]  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
r[e MII access
M  150.781764][    T9] ---[ end trace 33f73f1bfffb8b3b ]---
a[y 18 00:04:37 s  150.825095][    T9] RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
a[y 18 00:04:37 s  150.825095][    T9] RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline]
a[y 18 00:04:37 s  150.825095][    T9] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
a[y 18 00:04:37 s  150.825095][    T9] RIP: 0010:__tcf_idr_release net/sched/act_api.c:162 [inline]
a[y 18 00:04:37 s  150.825095][    T9] RIP: 0010:tcf_idrinfo_destroy+0xc0/0x220 net/sched/act_api.c:561
[yzkaller kern.wa  150.825116][    T9] RSP: 0018:ffff8881f5dcfb60 EFLAGS: 00010202
r[n kernel: [  15  150.825137][    T9] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff
0[.004836][  T432  150.825156][    T9] R10: fffffbfff0ca7a5c R11: 1ffffffff0ca7a5c R12: fffffffffffffff0
][ asix 5-1:0.0 (  150.825174][    T9] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
u[nnamed net_devi  150.825190][    T9] CR2: 0000200001000000 CR3: 00000001ec918000 CR4: 00000000003406b0
c[e) (uninitializ  150.864853][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ed): Failed to r  150.882929][  T432] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
ead reg index 0x[  151.186951][    T9] Kernel Offset: disabled