./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2858732789

<...>
Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts.
execve("./syz-executor2858732789", ["./syz-executor2858732789"], 0x7ffe1804fbb0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555d4a000
brk(0x555555d4ac40)                     = 0x555555d4ac40
arch_prctl(ARCH_SET_FS, 0x555555d4a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2858732789", 4096) = 28
brk(0x555555d6bc40)                     = 0x555555d6bc40
brk(0x555555d6c000)                     = 0x555555d6c000
mprotect(0x7fa269676000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_ALG, SOCK_SEQPACKET, 0)       = 3
bind(3, {sa_family=AF_ALG, salg_type="hash", salg_feat=0, salg_mask=0, salg_name="rmd160-generic"}, 88) = 0
accept4(3, NULL, NULL, 0)               = 4
syzkaller login: [   55.881953][ T5023] BUG: Bad page state in process syz-executor285  pfn:103b0
[   55.889449][ T5023] page:ffffea000040ec00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0
[   55.899660][ T5023] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   55.909540][ T5023] page_type: 0xffffffff()
[   55.913890][ T5023] raw: 00fff18000001042 ffffea000040ec08 ffffea000040ec08 0000000000000000
[   55.922539][ T5023] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   55.931171][ T5023] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   55.943490][ T5023] page_owner info is not present (never set?)
[   55.949777][ T5023] Modules linked in:
[   55.953682][ T5023] CPU: 1 PID: 5023 Comm: syz-executor285 Not tainted 6.4.0-syzkaller-12042-g9d0aba98316d #0
[   55.963823][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   55.973870][ T5023] Call Trace:
[   55.977226][ T5023]  <TASK>
[   55.980157][ T5023]  dump_stack_lvl+0x136/0x150
[   55.984874][ T5023]  bad_page+0x71/0x1a0
[   55.988941][ T5023]  free_unref_page_prepare+0x6ff/0xcb0
[   55.994396][ T5023]  ? folio_activate_fn+0x11d0/0x11d0
[   55.999676][ T5023]  free_unref_page+0x33/0x370
[   56.004372][ T5023]  ? rmd160_transform+0x1d/0x1d90
[   56.009407][ T5023]  __folio_put+0xc5/0x140
[   56.013724][ T5023]  extract_iter_to_sg+0x15a7/0x1960
[   56.018934][ T5023]  ? sg_init_one+0x140/0x140
[   56.023536][ T5023]  ? gup_put_folio+0x71/0x290
[   56.028225][ T5023]  ? sanity_check_pinned_pages+0xf10/0xf10
[   56.034036][ T5023]  ? lock_downgrade+0x690/0x690
[   56.038948][ T5023]  ? af_alg_free_sg+0xa1/0x260
[   56.043724][ T5023]  ? iov_iter_npages+0x102/0x4b0
[   56.048685][ T5023]  hash_sendmsg+0x52c/0x1150
[   56.053307][ T5023]  ? hash_recvmsg_nokey+0x90/0x90
[   56.058335][ T5023]  sock_sendmsg+0xde/0x190
[   56.062770][ T5023]  ____sys_sendmsg+0x739/0x920
[   56.067545][ T5023]  ? copy_msghdr_from_user+0xfc/0x150
[   56.072930][ T5023]  ? kernel_sendmsg+0x50/0x50
[   56.077643][ T5023]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.083640][ T5023]  ___sys_sendmsg+0x110/0x1b0
[   56.088353][ T5023]  ? do_recvmmsg+0x6f0/0x6f0
[   56.092967][ T5023]  ? lock_sync+0x190/0x190
[   56.097391][ T5023]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   56.102595][ T5023]  ? do_raw_spin_lock+0x124/0x2b0
[   56.107660][ T5023]  ? spin_bug+0x1c0/0x1c0
[   56.111999][ T5023]  ? _raw_spin_lock_irq+0x45/0x50
[   56.117064][ T5023]  ? __fget_light+0x201/0x270
[   56.121775][ T5023]  __sys_sendmsg+0xf7/0x1c0
[   56.126282][ T5023]  ? __sys_sendmsg_sock+0x40/0x40
[   56.131307][ T5023]  ? lock_downgrade+0x690/0x690
[   56.136216][ T5023]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.141423][ T5023]  ? _raw_spin_unlock_irq+0x2e/0x50
[   56.146631][ T5023]  ? ptrace_notify+0xfe/0x140
[   56.151320][ T5023]  do_syscall_64+0x39/0xb0
[   56.155761][ T5023]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.161673][ T5023] RIP: 0033:0x7fa269609bf9
[   56.166090][ T5023] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.185714][ T5023] RSP: 002b:00007ffc8eb67078 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.194139][ T5023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa269609bf9
[   56.202117][ T5023] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   56.210092][ T5023] RBP: 00007fa2695cdda0 R08: 0000000000000000 R09: 0000000000000000
[   56.218088][ T5023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2695cde30
[   56.226074][ T5023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.234104][ T5023]  </TASK>
[   56.237460][ T5023] Disabling lock debugging due to kernel taint
[   56.243628][ T5023] page:ffffea000040ec00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0
[   56.253962][ T5023] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   56.263820][ T5023] page_type: 0xffffffff()
[   56.268196][ T5023] raw: 00fff18000001042 ffffea000040ec08 ffffea000040ec08 0000000000000000
[   56.276811][ T5023] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   56.285405][ T5023] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   56.293096][ T5023] page_owner info is not present (never set?)
[   56.299517][ T5023] ------------[ cut here ]------------
[   56.304988][ T5023] kernel BUG at include/linux/mm.h:1010!
[   56.310606][ T5023] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   56.316658][ T5023] CPU: 1 PID: 5023 Comm: syz-executor285 Tainted: G    B              6.4.0-syzkaller-12042-g9d0aba98316d #0
[   56.328177][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   56.338214][ T5023] RIP: 0010:extract_iter_to_sg+0x16f0/0x1960
[   56.344193][ T5023] Code: 6e ff e9 48 fe ff ff 48 8b 44 24 60 48 89 44 24 18 e9 41 f4 ff ff e8 3f 9e 70 fd 48 c7 c6 e0 3a c7 8a 48 89 ef e8 20 e0 ac fd <0f> 0b e8 89 ce c3 fd e9 9e f9 ff ff e8 9f ce c3 fd e9 a9 f0 ff ff
[   56.363973][ T5023] RSP: 0018:ffffc900039ef8b8 EFLAGS: 00010293
[   56.370056][ T5023] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   56.378029][ T5023] RDX: ffff88802771bb80 RSI: ffffffff84144140 RDI: ffffffff8c379a08
[   56.386011][ T5023] RBP: ffffea000040ec00 R08: 0000000000000000 R09: fffffbfff1d54d7a
[   56.393989][ T5023] R10: ffffffff8eaa6bd7 R11: 0000000000000001 R12: ffff888020706000
[   56.401979][ T5023] R13: ffffea000040ec34 R14: 0000000000000000 R15: 0000000000000000
[   56.409971][ T5023] FS:  0000555555d4a300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   56.418905][ T5023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.425493][ T5023] CR2: 000000000045ad50 CR3: 0000000078827000 CR4: 00000000003506e0
[   56.433468][ T5023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.441458][ T5023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.449545][ T5023] Call Trace:
[   56.452823][ T5023]  <TASK>
[   56.455753][ T5023]  ? die+0x32/0x90
[   56.459483][ T5023]  ? do_trap+0x1b2/0x3f0
[   56.463733][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.469134][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.474745][ T5023]  ? do_error_trap+0xb1/0x170
[   56.479433][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.484817][ T5023]  ? handle_invalid_op+0x2c/0x30
[   56.489764][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.495145][ T5023]  ? exc_invalid_op+0x2f/0x50
[   56.499823][ T5023]  ? asm_exc_invalid_op+0x1a/0x20
[   56.504860][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.510251][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.515630][ T5023]  ? extract_iter_to_sg+0x16f0/0x1960
[   56.521032][ T5023]  ? sg_init_one+0x140/0x140
[   56.525629][ T5023]  ? gup_put_folio+0x71/0x290
[   56.530309][ T5023]  ? sanity_check_pinned_pages+0xf10/0xf10
[   56.536122][ T5023]  ? lock_downgrade+0x690/0x690
[   56.540995][ T5023]  ? af_alg_free_sg+0xa1/0x260
[   56.545772][ T5023]  ? iov_iter_npages+0x102/0x4b0
[   56.550716][ T5023]  hash_sendmsg+0x52c/0x1150
[   56.555313][ T5023]  ? hash_recvmsg_nokey+0x90/0x90
[   56.560333][ T5023]  sock_sendmsg+0xde/0x190
[   56.564757][ T5023]  ____sys_sendmsg+0x739/0x920
[   56.569527][ T5023]  ? copy_msghdr_from_user+0xfc/0x150
[   56.574910][ T5023]  ? kernel_sendmsg+0x50/0x50
[   56.579602][ T5023]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.585848][ T5023]  ___sys_sendmsg+0x110/0x1b0
[   56.590536][ T5023]  ? do_recvmmsg+0x6f0/0x6f0
[   56.595222][ T5023]  ? lock_sync+0x190/0x190
[   56.599650][ T5023]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   56.604863][ T5023]  ? do_raw_spin_lock+0x124/0x2b0
[   56.609890][ T5023]  ? spin_bug+0x1c0/0x1c0
[   56.614225][ T5023]  ? _raw_spin_lock_irq+0x45/0x50
[   56.619256][ T5023]  ? __fget_light+0x201/0x270
[   56.623942][ T5023]  __sys_sendmsg+0xf7/0x1c0
[   56.628441][ T5023]  ? __sys_sendmsg_sock+0x40/0x40
[   56.633479][ T5023]  ? lock_downgrade+0x690/0x690
[   56.638345][ T5023]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.643544][ T5023]  ? _raw_spin_unlock_irq+0x2e/0x50
[   56.648765][ T5023]  ? ptrace_notify+0xfe/0x140
[   56.653440][ T5023]  do_syscall_64+0x39/0xb0
[   56.657869][ T5023]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.663772][ T5023] RIP: 0033:0x7fa269609bf9
[   56.668193][ T5023] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.687799][ T5023] RSP: 002b:00007ffc8eb67078 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.696397][ T5023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa269609bf9
[   56.704365][ T5023] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   56.712344][ T5023] RBP: 00007fa2695cdda0 R08: 0000000000000000 R09: 0000000000000000
[   56.720311][ T5023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2695cde30
[   56.728393][ T5023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.736364][ T5023]  </TASK>
[   56.739377][ T5023] Modules linked in:
[   56.743390][ T5023] ---[ end trace 0000000000000000 ]---
[   56.748939][ T5023] RIP: 0010:extract_iter_to_sg+0x16f0/0x1960
[   56.755132][ T5023] Code: 6e ff e9 48 fe ff ff 48 8b 44 24 60 48 89 44 24 18 e9 41 f4 ff ff e8 3f 9e 70 fd 48 c7 c6 e0 3a c7 8a 48 89 ef e8 20 e0 ac fd <0f> 0b e8 89 ce c3 fd e9 9e f9 ff ff e8 9f ce c3 fd e9 a9 f0 ff ff
[   56.774840][ T5023] RSP: 0018:ffffc900039ef8b8 EFLAGS: 00010293
[   56.780943][ T5023] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   56.788941][ T5023] RDX: ffff88802771bb80 RSI: ffffffff84144140 RDI: ffffffff8c379a08
[   56.797055][ T5023] RBP: ffffea000040ec00 R08: 0000000000000000 R09: fffffbfff1d54d7a
[   56.805128][ T5023] R10: ffffffff8eaa6bd7 R11: 0000000000000001 R12: ffff888020706000
[   56.813107][ T5023] R13: ffffea000040ec34 R14: 0000000000000000 R15: 0000000000000000
[   56.821205][ T5023] FS:  0000555555d4a300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   56.830165][ T5023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.836856][ T5023] CR2: 00007f3bf01f2308 CR3: 0000000078827000 CR4: 00000000003506f0
[   56.844884][ T5023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.853052][ T5023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.861210][ T5023] Kernel panic - not syncing: Fatal exception
[   56.867479][ T5023] Kernel Offset: disabled
[   56.871909][ T5023] Rebooting in 86400 seconds..