./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1439924170

<...>
Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts.
execve("./syz-executor1439924170", ["./syz-executor1439924170"], 0x7ffd4b525a30 /* 10 vars */) = 0
brk(NULL)                               = 0x555555a77000
brk(0x555555a77d00)                     = 0x555555a77d00
arch_prctl(ARCH_SET_FS, 0x555555a77380) = 0
set_tid_address(0x555555a77650)         = 5018
set_robust_list(0x555555a77660, 24)     = 0
rseq(0x555555a77ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1439924170", 4096) = 28
getrandom("\x80\x52\xf3\xff\x55\xb9\xec\xb5", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555a77d00
brk(0x555555a98d00)                     = 0x555555a98d00
brk(0x555555a99000)                     = 0x555555a99000
mprotect(0x7f3f67a50000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_ALG, SOCK_SEQPACKET, 0)       = 3
bind(3, {sa_family=AF_ALG, salg_type="hash", salg_feat=0, salg_mask=0, salg_name="rmd160-generic"}, 88) = 0
accept4(3, NULL, NULL, 0)               = 4
syzkaller login: [   38.261427][ T5018] BUG: Bad page state in process syz-executor143  pfn:10390
[   38.268824][ T5018] page:ffffea000040e400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10390
[   38.278998][ T5018] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   38.288823][ T5018] page_type: 0xffffffff()
[   38.293135][ T5018] raw: 00fff18000001042 ffffea000040e408 ffffea000040e408 0000000000000000
[   38.301754][ T5018] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   38.310357][ T5018] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   38.317615][ T5018] page_owner info is not present (never set?)
[   38.323790][ T5018] Modules linked in:
[   38.327690][ T5018] CPU: 1 PID: 5018 Comm: syz-executor143 Not tainted 6.5.0-rc1-syzkaller-00259-g831fe284d827 #0
[   38.338098][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   38.348147][ T5018] Call Trace:
[   38.351423][ T5018]  <TASK>
[   38.354429][ T5018]  dump_stack_lvl+0x125/0x1b0
[   38.359129][ T5018]  bad_page+0xb4/0x200
[   38.363194][ T5018]  ? zone_batchsize+0xa0/0xa0
[   38.367866][ T5018]  ? page_bad_reason+0x9d/0x190
[   38.372973][ T5018]  free_unref_page_prepare+0x598/0xb90
[   38.378432][ T5018]  ? mem_cgroup_swapin_charge_folio+0x300/0x300
[   38.384681][ T5018]  free_unref_page+0x33/0x3b0
[   38.389463][ T5018]  __folio_put+0xc5/0x140
[   38.393815][ T5018]  extract_iter_to_sg+0x1604/0x19e0
[   38.399104][ T5018]  ? sg_init_one+0x140/0x140
[   38.403687][ T5018]  ? gup_put_folio+0x71/0x2a0
[   38.408442][ T5018]  ? sanity_check_pinned_pages+0xf60/0xf60
[   38.414262][ T5018]  ? af_alg_free_sg+0xa1/0x260
[   38.419026][ T5018]  hash_sendmsg+0x459/0x1030
[   38.423607][ T5018]  ? hash_recvmsg_nokey+0x80/0x80
[   38.428616][ T5018]  sock_sendmsg+0xd9/0x180
[   38.433025][ T5018]  ____sys_sendmsg+0x6ac/0x940
[   38.437780][ T5018]  ? copy_msghdr_from_user+0x10b/0x160
[   38.443233][ T5018]  ? kernel_sendmsg+0x50/0x50
[   38.447911][ T5018]  ___sys_sendmsg+0x135/0x1d0
[   38.452578][ T5018]  ? do_recvmmsg+0x740/0x740
[   38.457193][ T5018]  ? lock_sync+0x190/0x190
[   38.461603][ T5018]  ? ptrace_stop.part.0+0x4b4/0x8f0
[   38.466805][ T5018]  ? __fget_light+0x1fc/0x260
[   38.471495][ T5018]  __sys_sendmsg+0x117/0x1e0
[   38.476093][ T5018]  ? __sys_sendmsg_sock+0x30/0x30
[   38.481111][ T5018]  ? ptrace_notify+0xf4/0x130
[   38.485809][ T5018]  ? lockdep_hardirqs_on+0x7d/0x100
[   38.491000][ T5018]  ? _raw_spin_unlock_irq+0x2e/0x50
[   38.496222][ T5018]  ? ptrace_notify+0xf4/0x130
[   38.500890][ T5018]  do_syscall_64+0x38/0xb0
[   38.505294][ T5018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.511197][ T5018] RIP: 0033:0x7f3f679dd3a9
[   38.515599][ T5018] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   38.535200][ T5018] RSP: 002b:00007fff5a2fde68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.543605][ T5018] RAX: ffffffffffffffda RBX: 00007fff5a2fe038 RCX: 00007f3f679dd3a9
[   38.551574][ T5018] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   38.559532][ T5018] RBP: 00007f3f67a50610 R08: 00007fff5a2fe038 R09: 00007fff5a2fe038
[   38.567491][ T5018] R10: 00007fff5a2fe038 R11: 0000000000000246 R12: 0000000000000001
[   38.575453][ T5018] R13: 00007fff5a2fe028 R14: 0000000000000001 R15: 0000000000000001
[   38.583422][ T5018]  </TASK>
[   38.586976][ T5018] Disabling lock debugging due to kernel taint
[   38.593172][ T5018] page:ffffea000040e400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10390
[   38.603365][ T5018] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   38.613194][ T5018] page_type: 0xffffffff()
[   38.617512][ T5018] raw: 00fff18000001042 ffffea000040e408 ffffea000040e408 0000000000000000
[   38.626219][ T5018] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   38.634860][ T5018] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   38.642655][ T5018] page_owner info is not present (never set?)
[   38.649060][ T5018] ------------[ cut here ]------------
[   38.654497][ T5018] kernel BUG at include/linux/mm.h:1010!
[   38.660182][ T5018] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   38.666252][ T5018] CPU: 0 PID: 5018 Comm: syz-executor143 Tainted: G    B              6.5.0-rc1-syzkaller-00259-g831fe284d827 #0
[   38.678208][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   38.688243][ T5018] RIP: 0010:extract_iter_to_sg+0x1768/0x19e0
[   38.694210][ T5018] Code: a0 69 fd 49 8d 5e ff e9 28 fe ff ff 4c 8b 6c 24 28 e9 12 f4 ff ff e8 17 a0 69 fd 48 c7 c6 e0 a7 c7 8a 48 89 df e8 08 49 a6 fd <0f> 0b e8 a1 8d bd fd e9 ca f8 ff ff 4c 89 ef e8 b4 8d bd fd e9 2c
[   38.713897][ T5018] RSP: 0018:ffffc90003bef898 EFLAGS: 00010293
[   38.719976][ T5018] RAX: 0000000000000000 RBX: ffffea000040e400 RCX: 0000000000000000
[   38.727936][ T5018] RDX: ffff888079673b80 RSI: ffffffff841cced8 RDI: 0000000000000000
[   38.735898][ T5018] RBP: dffffc0000000000 R08: 0000000000000000 R09: fffffbfff1d56fca
[   38.743882][ T5018] R10: ffffffff8eab7e57 R11: 0000000000000001 R12: ffffea000040e434
[   38.751841][ T5018] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888079a14000
[   38.759886][ T5018] FS:  0000555555a77380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   38.768891][ T5018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.775460][ T5018] CR2: 00007fd2923f2308 CR3: 000000007a961000 CR4: 0000000000350ef0
[   38.783417][ T5018] Call Trace:
[   38.786680][ T5018]  <TASK>
[   38.789615][ T5018]  ? die+0x31/0x80
[   38.793329][ T5018]  ? do_trap+0x1ab/0x3b0
[   38.797565][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.802931][ T5018]  ? do_error_trap+0x9e/0x160
[   38.807599][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.812989][ T5018]  ? handle_invalid_op+0x2c/0x30
[   38.817917][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.823301][ T5018]  ? exc_invalid_op+0x2d/0x40
[   38.827965][ T5018]  ? asm_exc_invalid_op+0x1a/0x20
[   38.832978][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.838341][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.843702][ T5018]  ? extract_iter_to_sg+0x1768/0x19e0
[   38.849068][ T5018]  ? sg_init_one+0x140/0x140
[   38.853649][ T5018]  ? gup_put_folio+0x71/0x2a0
[   38.858316][ T5018]  ? sanity_check_pinned_pages+0xf60/0xf60
[   38.864113][ T5018]  ? af_alg_free_sg+0xa1/0x260
[   38.868874][ T5018]  hash_sendmsg+0x459/0x1030
[   38.873451][ T5018]  ? hash_recvmsg_nokey+0x80/0x80
[   38.878520][ T5018]  sock_sendmsg+0xd9/0x180
[   38.883100][ T5018]  ____sys_sendmsg+0x6ac/0x940
[   38.887856][ T5018]  ? copy_msghdr_from_user+0x10b/0x160
[   38.893308][ T5018]  ? kernel_sendmsg+0x50/0x50
[   38.897980][ T5018]  ___sys_sendmsg+0x135/0x1d0
[   38.902653][ T5018]  ? do_recvmmsg+0x740/0x740
[   38.907324][ T5018]  ? lock_sync+0x190/0x190
[   38.911732][ T5018]  ? ptrace_stop.part.0+0x4b4/0x8f0
[   38.916924][ T5018]  ? __fget_light+0x1fc/0x260
[   38.921599][ T5018]  __sys_sendmsg+0x117/0x1e0
[   38.926180][ T5018]  ? __sys_sendmsg_sock+0x30/0x30
[   38.931195][ T5018]  ? ptrace_notify+0xf4/0x130
[   38.935863][ T5018]  ? lockdep_hardirqs_on+0x7d/0x100
[   38.941051][ T5018]  ? _raw_spin_unlock_irq+0x2e/0x50
[   38.946242][ T5018]  ? ptrace_notify+0xf4/0x130
[   38.950906][ T5018]  do_syscall_64+0x38/0xb0
[   38.955309][ T5018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.961197][ T5018] RIP: 0033:0x7f3f679dd3a9
[   38.965595][ T5018] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   38.985276][ T5018] RSP: 002b:00007fff5a2fde68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.993848][ T5018] RAX: ffffffffffffffda RBX: 00007fff5a2fe038 RCX: 00007f3f679dd3a9
[   39.001814][ T5018] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   39.009774][ T5018] RBP: 00007f3f67a50610 R08: 00007fff5a2fe038 R09: 00007fff5a2fe038
[   39.017730][ T5018] R10: 00007fff5a2fe038 R11: 0000000000000246 R12: 0000000000000001
[   39.025695][ T5018] R13: 00007fff5a2fe028 R14: 0000000000000001 R15: 0000000000000001
[   39.033656][ T5018]  </TASK>
[   39.036656][ T5018] Modules linked in:
[   39.040702][ T5018] ---[ end trace 0000000000000000 ]---
[   39.046183][ T5018] RIP: 0010:extract_iter_to_sg+0x1768/0x19e0
[   39.052216][ T5018] Code: a0 69 fd 49 8d 5e ff e9 28 fe ff ff 4c 8b 6c 24 28 e9 12 f4 ff ff e8 17 a0 69 fd 48 c7 c6 e0 a7 c7 8a 48 89 df e8 08 49 a6 fd <0f> 0b e8 a1 8d bd fd e9 ca f8 ff ff 4c 89 ef e8 b4 8d bd fd e9 2c
[   39.071849][ T5018] RSP: 0018:ffffc90003bef898 EFLAGS: 00010293
[   39.077897][ T5018] RAX: 0000000000000000 RBX: ffffea000040e400 RCX: 0000000000000000
[   39.085978][ T5018] RDX: ffff888079673b80 RSI: ffffffff841cced8 RDI: 0000000000000000
[   39.093982][ T5018] RBP: dffffc0000000000 R08: 0000000000000000 R09: fffffbfff1d56fca
[   39.102006][ T5018] R10: ffffffff8eab7e57 R11: 0000000000000001 R12: ffffea000040e434
[   39.110100][ T5018] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888079a14000
[   39.118088][ T5018] FS:  0000555555a77380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   39.127060][ T5018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.133708][ T5018] CR2: 000000000045ad50 CR3: 000000007a961000 CR4: 0000000000350ee0
[   39.141699][ T5018] Kernel panic - not syncing: Fatal exception
[   39.148495][ T5018] Kernel Offset: disabled
[   39.152827][ T5018] Rebooting in 86400 seconds..