input: syz1 as /devices/virtual/input/input8
BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0
PGD 800000015033d067 P4D 800000015033d067 PUD 15033a067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 13892 Comm: syz-executor7 Not tainted 4.19.0-rc1+ #40
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:slab_equal_or_root mm/slab.h:228 [inline]
RIP: 0010:cache_from_obj mm/slab.h:374 [inline]
RIP: 0010:kmem_cache_free+0x2ce/0x2b60 mm/slub.c:2988
Code: e1 4c 31 e9 48 f7 d0 48 21 c8 0f 84 45 06 00 00 4d 39 ec 0f 84 47 01 00 00 49 8d 9c 24 d0 00 00 00 4d 85 f6 0f 85 a8 06 00 00 <4c> 8b 2b 48 89 df e8 77 6d 03 00 48 8b 00 48 0b 45 b0 74 16 4c 89
RSP: 0018:ffff8801ae7df820 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000000
RDX: ffffffff8a544000 RSI: 0000000000000001 RDI: ffffea0006000018
RBP: ffff8801ae7df980 R08: 0000000000000000 R09: 0000000000000000
R10: 000077ff80000000 R11: ffffffff83d9cd90 R12: 0000000000000000
R13: ffff8801d18e1c80 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000002594940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000d0 CR3: 000000013f984000 CR4: 00000000001406e0
Call Trace:
sk_prot_free net/core/sock.c:1503 [inline]
__sk_destruct+0x8d3/0x970 net/core/sock.c:1587
sk_destruct net/core/sock.c:1595 [inline]
__sk_free+0x5bb/0x660 net/core/sock.c:1606
sk_free net/core/sock.c:1617 [inline]
sock_put include/net/sock.h:1691 [inline]
sk_common_release+0x366/0x570 net/core/sock.c:3089
udp_lib_close+0x37/0x40 include/net/udp.h:206
inet_release+0x242/0x2a0 net/ipv4/af_inet.c:428
inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:457
__sock_release net/socket.c:579 [inline]
sock_close+0x13f/0x400 net/socket.c:1139
__fput+0x4cf/0xc20 fs/file_table.c:278
____fput+0x37/0x40 fs/file_table.c:309
task_work_run+0x22e/0x2b0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:166 [inline]
prepare_exit_to_usermode+0x33e/0x410 arch/x86/entry/common.c:197
syscall_return_slowpath+0xdb/0x700 arch/x86/entry/common.c:268
do_syscall_64+0xde/0x100 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x410c51
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:0000000000a3fdc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000410c51
RDX: 0000000000000000 RSI: 0000000000730f50 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffffffffff
R10: 00000000009300a0 R11: 0000000000000293 R12: 0000000000000009
R13: 0000000000050833 R14: 00000000000000af R15: badc0ffeebadface
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
CR2: 00000000000000d0
---[ end trace 34d91df350386101 ]---
RIP: 0010:slab_equal_or_root mm/slab.h:228 [inline]
RIP: 0010:cache_from_obj mm/slab.h:374 [inline]
RIP: 0010:kmem_cache_free+0x2ce/0x2b60 mm/slub.c:2988
Code: e1 4c 31 e9 48 f7 d0 48 21 c8 0f 84 45 06 00 00 4d 39 ec 0f 84 47 01 00 00 49 8d 9c 24 d0 00 00 00 4d 85 f6 0f 85 a8 06 00 00 <4c> 8b 2b 48 89 df e8 77 6d 03 00 48 8b 00 48 0b 45 b0 74 16 4c 89
RSP: 0018:ffff8801ae7df820 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000000
RDX: ffffffff8a544000 RSI: 0000000000000001 RDI: ffffea0006000018
RBP: ffff8801ae7df980 R08: 0000000000000000 R09: 0000000000000000
R10: 000077ff80000000 R11: ffffffff83d9cd90 R12: 0000000000000000
R13: ffff8801d18e1c80 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000002594940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000d0 CR3: 000000013f984000 CR4: 00000000001406e0