page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1122 RIP: 0be2:0x4ce1fa RSP: 5086c0:000000000078bf00 EFLAGS: 00000008 ================================================================== Mem-Info: BUG: KASAN: null-ptr-deref in memset include/linux/string.h:332 [inline] BUG: KASAN: null-ptr-deref in choke_reset+0x1fc/0x330 net/sched/sch_choke.c:330 active_anon:584784 inactive_anon:12407 isolated_anon:0 active_file:12726 inactive_file:5876 isolated_file:0 unevictable:0 dirty:299 writeback:0 unstable:0 slab_reclaimable:17483 slab_unreclaimable:157214 mapped:61320 shmem:12702 pagetables:22112 bounce:0 free:703733 free_pcp:722 free_cma:0 Write of size 8 at addr (null) by task syz-executor.3/14900 CPU: 1 PID: 14900 Comm: syz-executor.3 Not tainted 4.14.180-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x13e/0x194 lib/dump_stack.c:58 kasan_report_error mm/kasan/report.c:349 [inline] kasan_report mm/kasan/report.c:409 [inline] kasan_report.cold+0x127/0x2ae mm/kasan/report.c:393 memset+0x20/0x40 mm/kasan/kasan.c:285 Node 0 active_anon:1778564kB inactive_anon:16204kB active_file:136kB inactive_file:2464kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:219500kB dirty:148kB writeback:0kB shmem:17224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 759808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes memset include/linux/string.h:332 [inline] choke_reset+0x1fc/0x330 net/sched/sch_choke.c:330 qdisc_destroy+0x104/0x310 net/sched/sch_generic.c:723 notify_and_destroy+0x93/0xb0 net/sched/sch_api.c:885 qdisc_graft+0x7b6/0xcd0 net/sched/sch_api.c:940 Node 1 active_anon:560572kB inactive_anon:33424kB active_file:50768kB inactive_file:21040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25780kB dirty:1048kB writeback:0kB shmem:33584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 47104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no tc_modify_qdisc+0x99e/0x1181 net/sched/sch_api.c:1446 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315 Node 0 DMA free:10332kB min:220kB low:272kB high:324kB active_anon:2468kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433 lowmem_reserve[]: netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x620 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x733/0xbe0 net/netlink/af_netlink.c:1878 0 2557 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xc5/0x100 net/socket.c:656 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062 2557 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 2557 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 2557 RIP: 0033:0x45ca29 RSP: 002b:00007fd28b59ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000500f80 RCX: 000000000045ca29 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000008 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000a05 R14: 00000000004ccddd R15: 00007fd28b59b6d4 ================================================================== Node 0 DMA32 free:46160kB min:36272kB low:45340kB high:54408kB active_anon:1776096kB inactive_anon:16204kB active_file:136kB inactive_file:2464kB unevictable:0kB writepending:148kB present:3129332kB managed:2621260kB mlocked:0kB kernel_stack:19072kB pagetables:57860kB bounce:0kB free_pcp:1496kB local_pcp:696kB free_cma:0kB overlayfs: filesystem on './file0' not supported as upperdir lowmem_reserve[]: 0 0 0 0 0 Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:344kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:2758816kB min:53612kB low:67012kB high:80412kB active_anon:560548kB inactive_anon:33424kB active_file:50768kB inactive_file:21040kB unevictable:0kB writepending:944kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15456kB pagetables:30548kB bounce:0kB free_pcp:1392kB local_pcp:672kB free_cma:0kB