kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 CPU: 0 PID: 27884 Comm: syz-executor.3 Not tainted 4.14.145 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888096884040 task.stack: ffff8880a8dd8000 RIP: 0010:qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708 hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 RSP: 0018:ffff8880a8ddf590 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005a13000 RDX: 0000000000000002 RSI: ffffffff84e2eec1 RDI: 0000000000000010 RBP: ffff8880a8ddf5a8 R08: ffff888096884040 R09: ffff8880968848e0 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805db6ee40 hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 R13: ffffffff84eaeb60 R14: 00000000fffffff4 R15: ffff88808ae88ce4 FS: 00007f33d82b3700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1e0ac94028 CR3: 0000000094277000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:471 qdisc_create+0x9e0/0xe60 net/sched/sch_api.c:1113 hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 tc_modify_qdisc+0x494/0x1270 net/sched/sch_api.c:1434 kobject: 'hidraw' (ffff88808d16fe80): kobject_add_internal: parent: '0000:0000:0000.0005', set: '(null)' kobject: 'hidraw0' (ffff88808df2b110): kobject_add_internal: parent: 'hidraw', set: 'devices' rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285 kobject: 'hidraw0' (ffff88808df2b110): kobject_uevent_env netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432 kobject: 'hidraw0' (ffff88808df2b110): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.0005/hidraw/hidraw0' hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz1 kobject: '0000:0000:0000.0005' (ffff88809d99b2b8): kobject_uevent_env rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline] netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312 netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xce/0x110 net/socket.c:656 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062 kobject: '0000:0000:0000.0005' (ffff88809d99b2b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.0005' __sys_sendmsg+0xb9/0x140 net/socket.c:2096 kobject: 'hidraw0' (ffff88808df2b110): kobject_uevent_env SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2103 kobject: 'hidraw0' (ffff88808df2b110): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:0000.0005/hidraw/hidraw0' do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 kobject: 'hidraw' (ffff88808d16fe80): kobject_cleanup, parent (null) RIP: 0033:0x459a09 RSP: 002b:00007f33d82b2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f33d82b2c90 RCX: 0000000000459a09 RDX: 0000000000000000 RSI: 0000000020009200 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 kobject: 'hidraw' (ffff88808d16fe80): calling ktype release R10: 0000000000000000 R11: 0000000000000246 R12: 00007f33d82b36d4 R13: 00000000004c7933 R14: 00000000004dd328 R15: 0000000000000008 Code: 0f 1f 44 00 00 55 48 89 e5 kobject: 'hidraw': free name 41 55 41 54 53 48 89 fb e8 2f f4 79 fc 48 8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c kobject: 'hidraw0' (ffff88808df2b110): kobject_cleanup, parent (null) 03 0f 8e 70 02 00 00 f6 43 10 01 74 kobject: 'hidraw0' (ffff88808df2b110): calling ktype release RIP: qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708 RSP: ffff8880a8ddf590 ---[ end trace 7878c3d57dc4bf4c ]--- kobject: 'hidraw0': free name