Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. syzkaller login: [ 33.119807] page:ffffea0002c59e00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 33.177812] flags: 0xfff00000000000() [ 33.181656] raw: 00fff00000000000 ffffea0002c0a408 ffffea0002520208 0000000000000000 [ 33.212073] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.228559] page dumped because: VM_BUG_ON_PAGE(((unsigned int) page_ref_count(page) + 127u <= 127u)) [ 33.258051] ------------[ cut here ]------------ [ 33.262817] kernel BUG at include/linux/mm.h:936! [ 33.269264] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 33.274652] CPU: 0 PID: 8115 Comm: syz-executor383 Not tainted 4.19.211-syzkaller #0 [ 33.282615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.291982] RIP: 0010:do_tcp_sendpages+0x154e/0x1910 [ 33.297088] Code: 74 24 48 41 89 86 24 09 00 00 e8 9d e9 04 00 e9 db ee ff ff e8 53 53 8a fa 48 8b 7c 24 78 48 c7 c6 80 e2 55 89 e8 02 e5 b1 fa <0f> 0b e8 3b 53 8a fa 49 8d 44 24 ff 48 89 44 24 78 e9 86 f5 ff ff [ 33.315985] RSP: 0018:ffff888092637668 EFLAGS: 00010293 [ 33.321334] RAX: ffff888092e26080 RBX: ffff88809826ad40 RCX: 0000000000000000 [ 33.328586] RDX: 0000000000000000 RSI: ffffffff86d8322e RDI: ffffea0002c59e38 [ 33.335838] RBP: 000000000000007f R08: 0000000000000059 R09: 0000000000000000 [ 33.343089] R10: 0000000000000005 R11: 0000000000000000 R12: ffffea0002c59e34 [ 33.350339] R13: dffffc0000000000 R14: ffff88809c7b4040 R15: 00000000000009f8 [ 33.357594] FS: 00007f78378fb700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 33.365801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.371663] CR2: 0000000020000048 CR3: 00000000a0125000 CR4: 00000000003406f0 [ 33.378917] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.386171] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.393422] Call Trace: [ 33.396005] ? sk_stream_alloc_skb+0x850/0x850 [ 33.400576] tls_push_sg+0x1e6/0x7c0 [ 33.404278] tls_push_record+0xb4e/0x1370 [ 33.408418] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.412987] tls_sk_proto_close+0x8cf/0xc20 [ 33.417381] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 33.422466] ? tcp_check_oom+0x520/0x520 [ 33.426603] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.431166] ? tls_write_space+0x320/0x320 [ 33.435385] ? ip_mc_drop_socket+0x16/0x260 [ 33.439690] inet_release+0xd7/0x1e0 [ 33.443388] inet6_release+0x4c/0x70 [ 33.447087] __sock_release+0xcd/0x2a0 [ 33.450960] ? __sock_release+0x2a0/0x2a0 [ 33.455093] sock_close+0x15/0x20 [ 33.458531] __fput+0x2ce/0x890 [ 33.461893] task_work_run+0x148/0x1c0 [ 33.465766] do_exit+0xbf3/0x2be0 [ 33.469205] ? futex_wake+0x159/0x480 [ 33.472991] ? mm_update_next_owner+0x650/0x650 [ 33.477645] ? get_signal+0x388/0x1f70 [ 33.481526] ? lock_downgrade+0x720/0x720 [ 33.485678] ? lock_acquire+0x170/0x3c0 [ 33.489643] do_group_exit+0x125/0x310 [ 33.493520] get_signal+0x3f2/0x1f70 [ 33.497312] ? inet_sendmsg+0x13a/0x5a0 [ 33.501269] ? security_socket_sendmsg+0x83/0xb0 [ 33.506011] do_signal+0x8f/0x1670 [ 33.509539] ? __ia32_sys_getpeername+0xb0/0xb0 [ 33.514193] ? setup_sigcontext+0x820/0x820 [ 33.518502] ? vm_mmap_pgoff+0x1c0/0x200 [ 33.522563] ? vma_is_stack_for_current+0xc0/0xc0 [ 33.527390] ? do_dup2+0x450/0x450 [ 33.530913] ? __se_sys_futex+0x28f/0x3b0 [ 33.535045] ? __se_sys_futex+0x298/0x3b0 [ 33.539184] ? do_futex+0x1880/0x1880 [ 33.542971] ? exit_to_usermode_loop+0x36/0x2a0 [ 33.547628] exit_to_usermode_loop+0x204/0x2a0 [ 33.552202] do_syscall_64+0x538/0x620 [ 33.556078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.561250] RIP: 0033:0x7f783796b7a9 [ 33.564949] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.583931] RSP: 002b:00007f78378fb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 33.591621] RAX: fffffffffffffe00 RBX: 00007f78379f44d8 RCX: 00007f783796b7a9 [ 33.598874] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f78379f44d8 [ 33.606124] RBP: 00007f78379f44d0 R08: 0000000000000000 R09: 0000000000000000 [ 33.613376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78379f44dc [ 33.620628] R13: 00007fffde637d6f R14: 00007f78378fb300 R15: 0000000000022000 [ 33.627882] Modules linked in: [ 33.812697] ---[ end trace bcb1dca3ec45a63f ]--- [ 33.825385] RIP: 0010:do_tcp_sendpages+0x154e/0x1910 [ 33.832529] Code: 74 24 48 41 89 86 24 09 00 00 e8 9d e9 04 00 e9 db ee ff ff e8 53 53 8a fa 48 8b 7c 24 78 48 c7 c6 80 e2 55 89 e8 02 e5 b1 fa <0f> 0b e8 3b 53 8a fa 49 8d 44 24 ff 48 89 44 24 78 e9 86 f5 ff ff [ 33.873257] RSP: 0018:ffff888092637668 EFLAGS: 00010293 [ 33.885227] RAX: ffff888092e26080 RBX: ffff88809826ad40 RCX: 0000000000000000 [ 33.902170] RDX: 0000000000000000 RSI: ffffffff86d8322e RDI: ffffea0002c59e38 [ 33.920661] RBP: 000000000000007f R08: 0000000000000059 R09: 0000000000000000 [ 33.937441] R10: 0000000000000005 R11: 0000000000000000 R12: ffffea0002c59e34 [ 33.953481] R13: dffffc0000000000 R14: ffff88809c7b4040 R15: 00000000000009f8 [ 33.970405] FS: 00007f78378fb700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 33.979473] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.985428] CR2: 0000000020000048 CR3: 00000000a1088000 CR4: 00000000003406f0 [ 33.993745] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.002059] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.011884] Kernel panic - not syncing: Fatal exception [ 34.017439] Kernel Offset: disabled [ 34.021058] Rebooting in 86400 seconds..