input: syz1 as /devices/virtual/input/input1177
input: syz1 as /devices/virtual/input/input1179
kasan: CONFIG_KASAN_INLINE enabled
binder: 15364:15366 ioctl c018620c 0 returned -14
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI
Modules linked in:
CPU: 1 PID: 15351 Comm: syz-executor.0 Not tainted 4.14.101+ #14
task: ffff88819d505e00 task.stack: ffff88819ec70000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:radix_tree_load_root lib/radix-tree.c:602 [inline]
RIP: 0010:__radix_tree_lookup+0x43/0x220 lib/radix-tree.c:1040
RSP: 0018:ffff88819ec777a0 EFLAGS: 00010216
RAX: dffffc0000000203 RBX: 1ffff11033d8eeff RCX: 000000000000274c
RDX: ffffffff82806d2f RSI: ffffc90000581000 RDI: 0000000000001010
RBP: dffffc0000000000 R08: 0000000000007a39 R09: 0000000000040045
R10: ffff88819d506658 R11: 0000000000000001 R12: 000000000000f3bf
R13: 0000000000000000 R14: 0000000000001010 R15: ffff88819ec77838
FS:  00007f0fde042700(0000) GS:ffff8881d7700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffebc4d3958 CR3: 00000001c5f7c003 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 radix_tree_delete_item+0x96/0x1a0 lib/radix-tree.c:2043
 idr_remove_ext include/linux/idr.h:144 [inline]
 idr_remove include/linux/idr.h:149 [inline]
 kernfs_put fs/kernfs/dir.c:542 [inline]
 kernfs_put+0x1b8/0x480 fs/kernfs/dir.c:506
 kernfs_create_dir_ns+0x10c/0x130 fs/kernfs/dir.c:1013
 sysfs_create_dir_ns+0xb7/0x1d0 fs/sysfs/dir.c:55
 create_dir lib/kobject.c:71 [inline]
 kobject_add_internal+0x27f/0x830 lib/kobject.c:229
Code: 00 00 00 00 00 fc ff df 53 48 83 ec 20 48 89 44 24 10 48 c1 e8 03 48 01 e8 48 89 54 24 08 48 89 04 24 e8 b1 33 b0 fe 48 8b 04 24 <80> 38 00 0f 85 a3 01 00 00 49 8b 5e 08 48 89 d8 83 e0 03 48 83 
RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff88819ec777a0
RIP: radix_tree_load_root lib/radix-tree.c:602 [inline] RSP: ffff88819ec777a0
RIP: __radix_tree_lookup+0x43/0x220 lib/radix-tree.c:1040 RSP: ffff88819ec777a0
---[ end trace 63ddfb054299645b ]---