flags: 0x2fffc0000000000()
raw: 02fffc0000000000 ffffea0006731c08 ffffea000672d408 0000000000000000
raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:519!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
kobject: 'loop0' (0000000080df63e0): fill_kobj_path: path = '/devices/virtual/block/loop0'
CPU: 0 PID: 9067 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #220
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:put_page_testzero include/linux/mm.h:519 [inline]
RIP: 0010:put_page include/linux/mm.h:942 [inline]
RIP: 0010:__skb_frag_unref include/linux/skbuff.h:2790 [inline]
RIP: 0010:skb_release_data+0x6bd/0x880 net/core/skbuff.c:564
Code: e8 38 2e 70 fb 48 8b bd 10 ff ff ff e8 ec ca fe ff e9 16 fb ff ff e8 22 2e 70 fb 48 c7 c6 c0 a1 c5 88 4c 89 ef e8 23 da a1 fb <0f> 0b e8 0c 2e 70 fb 4c 8d 6b ff e9 b0 fc ff ff e8 fe 2d 70 fb 4c
RSP: 0018:ffff8801dac06be0 EFLAGS: 00010246
kobject: 'hwsim6' (00000000c20f9b68): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6'
RAX: 0000000000000000 RBX: ffffea0006923234 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff81b08edd RDI: ffffed003b580d6d
RBP: ffff8801dac06d00 R08: ffff88019e1ea500 R09: 0000000000000002
R10: 0000000000000000 R11: ffff88019e1ea500 R12: dffffc0000000000
R13: ffffea0006923200 R14: ffff8801c37539b0 R15: 0000000000000000
FS:  00000000015d6940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb234c5b518 CR3: 00000001cfb70000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kobject: 'ieee80211' (000000009d9a75da): kobject_add_internal: parent: 'hwsim6', set: '(null)'
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
kobject: 'phy6' (000000007085c970): kobject_add_internal: parent: 'ieee80211', set: 'devices'
 skb_release_all+0x4a/0x60 net/core/skbuff.c:627
 __kfree_skb+0x15/0x20 net/core/skbuff.c:641
 sk_wmem_free_skb include/net/sock.h:1448 [inline]
 tcp_write_queue_purge+0x2b6/0x8b0 net/ipv4/tcp.c:2520
kobject: 'phy6' (000000007085c970): kobject_uevent_env
 tcp_reset+0x17d/0x600 net/ipv4/tcp_input.c:4069
 tcp_validate_incoming+0xa41/0x16a0 net/ipv4/tcp_input.c:5432
kobject: 'phy6' (000000007085c970): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/ieee80211/phy6'
 tcp_rcv_state_process+0xc26/0x4ffe net/ipv4/tcp_input.c:6068
kobject: 'rfkill8' (0000000052a14ad2): kobject_add_internal: parent: 'phy6', set: 'devices'
kobject: 'rfkill8' (0000000052a14ad2): kobject_uevent_env
 tcp_v6_do_rcv+0x894/0x13c0 net/ipv6/tcp_ipv6.c:1351
 tcp_v6_rcv+0x2f7c/0x38a0 net/ipv6/tcp_ipv6.c:1555
kobject: 'rfkill8' (0000000052a14ad2): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/ieee80211/phy6/rfkill8'
 ip6_input_finish+0x3fc/0x1aa0 net/ipv6/ip6_input.c:383
ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
 NF_HOOK include/linux/netfilter.h:287 [inline]
 ip6_input+0xe9/0x600 net/ipv6/ip6_input.c:426
kobject: 'loop4' (000000005c2703c0): kobject_uevent_env
kobject: 'loop4' (000000005c2703c0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'net' (00000000ca8babf3): kobject_add_internal: parent: 'hwsim6', set: '(null)'
kobject: 'loop3' (00000000fc37d7b6): kobject_uevent_env
 dst_input include/net/dst.h:450 [inline]
 ip6_rcv_finish+0x17a/0x330 net/ipv6/ip6_input.c:76
kobject: 'loop3' (00000000fc37d7b6): fill_kobj_path: path = '/devices/virtual/block/loop3'
 NF_HOOK include/linux/netfilter.h:287 [inline]
 ipv6_rcv+0x11e/0x650 net/ipv6/ip6_input.c:271
kobject: 'wlan0' (000000002f3cb402): kobject_add_internal: parent: 'net', set: 'devices'
kobject: 'wlan0' (000000002f3cb402): kobject_uevent_env
 __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4894
kobject: 'wlan0' (000000002f3cb402): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0'
 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5004
 process_backlog+0x217/0x760 net/core/dev.c:5808
 napi_poll net/core/dev.c:6228 [inline]
 net_rx_action+0x7c5/0x1950 net/core/dev.c:6294
kobject: 'queues' (00000000367e0800): kobject_add_internal: parent: 'wlan0', set: '<NULL>'
kobject: 'queues' (00000000367e0800): kobject_uevent_env
kobject: 'queues' (00000000367e0800): kobject_uevent_env: filter function caused the event to drop!
kobject: 'rx-0' (00000000a20cb4c3): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: 'rx-0' (00000000a20cb4c3): kobject_uevent_env
kobject: 'rx-0' (00000000a20cb4c3): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0/queues/rx-0'
 __do_softirq+0x30b/0xad8 kernel/softirq.c:292
kobject: 'tx-0' (00000000a71c085c): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: 'tx-0' (00000000a71c085c): kobject_uevent_env
kobject: 'tx-0' (00000000a71c085c): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0/queues/tx-0'
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1047
 </IRQ>
 do_softirq.part.13+0x126/0x160 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x21d/0x260 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 inet_csk_listen_stop+0x26d/0xa40 net/ipv4/inet_connection_sock.c:993
kobject: 'tx-1' (0000000031c2fc03): kobject_add_internal: parent: 'queues', set: 'queues'
 tcp_close+0xf4f/0x1300 net/ipv4/tcp.c:2324
kobject: 'tx-1' (0000000031c2fc03): kobject_uevent_env
kobject: 'tx-1' (0000000031c2fc03): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0/queues/tx-1'
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:428
 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:458
 __sock_release+0xd7/0x250 net/socket.c:579
 sock_close+0x19/0x20 net/socket.c:1139
kobject: 'tx-2' (00000000353ed9f9): kobject_add_internal: parent: 'queues', set: 'queues'
 __fput+0x385/0xa30 fs/file_table.c:278
kobject: 'tx-2' (00000000353ed9f9): kobject_uevent_env
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
kobject: 'tx-2' (00000000353ed9f9): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0/queues/tx-2'
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
kobject: 'tx-3' (00000000646c15f1): kobject_add_internal: parent: 'queues', set: 'queues'
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410e91
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007fff8593d7a0 EFLAGS: 00000293
kobject: 'tx-3' (00000000646c15f1): kobject_uevent_env
 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000410e91
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: 00007fff8593d6d0 R11: 0000000000000293 R12: 000000000000000a
R13: 00000000000269dc R14: 000000000000005c R15: badc0ffeebadface
Modules linked in:
kobject: 'tx-3' (00000000646c15f1): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim6/net/wlan0/queues/tx-3'
---[ end trace 93fc2e76ff67c6e7 ]---
kobject: 'hwsim7' (000000000ef9e22f): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices'
RIP: 0010:put_page_testzero include/linux/mm.h:519 [inline]
RIP: 0010:put_page include/linux/mm.h:942 [inline]
RIP: 0010:__skb_frag_unref include/linux/skbuff.h:2790 [inline]
RIP: 0010:skb_release_data+0x6bd/0x880 net/core/skbuff.c:564
Code: e8 38 2e 70 fb 48 8b bd 10 ff ff ff e8 ec ca fe ff e9 16 fb ff ff e8 22 2e 70 fb 48 c7 c6 c0 a1 c5 88 4c 89 ef e8 23 da a1 fb <0f> 0b e8 0c 2e 70 fb 4c 8d 6b ff e9 b0 fc ff ff e8 fe 2d 70 fb 4c
kobject: 'hwsim7' (000000000ef9e22f): kobject_uevent_env
RSP: 0018:ffff8801dac06be0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffea0006923234 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff81b08edd RDI: ffffed003b580d6d
RBP: ffff8801dac06d00 R08: ffff88019e1ea500 R09: 0000000000000002
R10: 0000000000000000 R11: ffff88019e1ea500 R12: dffffc0000000000
R13: ffffea0006923200 R14: ffff8801c37539b0 R15: 0000000000000000
FS:  00000000015d6940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
kobject: 'hwsim7' (000000000ef9e22f): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim7'
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb234c5b518 CR3: 00000001cfb70000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400