./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor193224269

<...>
Warning: Permanently added '10.128.0.221' (ECDSA) to the list of known hosts.
execve("./syz-executor193224269", ["./syz-executor193224269"], 0x7fffdfb7cad0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555569b6000
brk(0x5555569b6c40)                     = 0x5555569b6c40
arch_prctl(ARCH_SET_FS, 0x5555569b6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor193224269", 4096) = 27
brk(0x5555569d7c40)                     = 0x5555569d7c40
brk(0x5555569d8000)                     = 0x5555569d8000
mprotect(0x7f0b45587000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_ALG, SOCK_SEQPACKET, 0)       = 3
bind(3, {sa_family=AF_ALG, salg_type="hash", salg_feat=0, salg_mask=0, salg_name="rmd160-generic"}, 88) = 0
accept4(3, NULL, NULL, 0)               = 4
syzkaller login: [   57.913983][ T5024] BUG: Bad page state in process syz-executor193  pfn:103b0
[   57.921881][ T5024] page:ffffea000040ec00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0
[   57.932356][ T5024] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   57.942355][ T5024] page_type: 0xffffffff()
[   57.946788][ T5024] raw: 00fff18000001042 ffffea000040ec08 ffffea000040ec08 0000000000000000
[   57.955474][ T5024] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   57.964103][ T5024] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   57.971512][ T5024] page_owner info is not present (never set?)
[   57.977814][ T5024] Modules linked in:
[   57.981790][ T5024] CPU: 0 PID: 5024 Comm: syz-executor193 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[   57.992309][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   58.002373][ T5024] Call Trace:
[   58.005662][ T5024]  <TASK>
[   58.008597][ T5024]  dump_stack_lvl+0x136/0x150
[   58.013320][ T5024]  bad_page+0x71/0x1a0
[   58.017464][ T5024]  free_unref_page_prepare+0x6ff/0xcb0
[   58.022994][ T5024]  ? folio_activate_fn+0x11d0/0x11d0
[   58.028305][ T5024]  free_unref_page+0x33/0x370
[   58.033005][ T5024]  ? rmd160_transform+0x1d/0x1d90
[   58.038084][ T5024]  __folio_put+0xc5/0x140
[   58.042450][ T5024]  extract_iter_to_sg+0x15a7/0x1960
[   58.047725][ T5024]  ? sg_init_one+0x140/0x140
[   58.052345][ T5024]  ? gup_put_folio+0x71/0x290
[   58.057042][ T5024]  ? sanity_check_pinned_pages+0xf10/0xf10
[   58.062867][ T5024]  ? lock_downgrade+0x690/0x690
[   58.067831][ T5024]  ? af_alg_free_sg+0xa1/0x260
[   58.072623][ T5024]  ? iov_iter_npages+0x102/0x4b0
[   58.077598][ T5024]  hash_sendmsg+0x523/0x1100
[   58.082223][ T5024]  ? hash_recvmsg_nokey+0x90/0x90
[   58.087260][ T5024]  sock_sendmsg+0xde/0x190
[   58.091710][ T5024]  ____sys_sendmsg+0x739/0x920
[   58.096496][ T5024]  ? copy_msghdr_from_user+0xfc/0x150
[   58.101878][ T5024]  ? kernel_sendmsg+0x50/0x50
[   58.106587][ T5024]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   58.112685][ T5024]  ___sys_sendmsg+0x110/0x1b0
[   58.117383][ T5024]  ? do_recvmmsg+0x6f0/0x6f0
[   58.122005][ T5024]  ? lock_sync+0x190/0x190
[   58.126473][ T5024]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   58.131687][ T5024]  ? do_raw_spin_lock+0x124/0x2b0
[   58.136729][ T5024]  ? spin_bug+0x1c0/0x1c0
[   58.141076][ T5024]  ? _raw_spin_lock_irq+0x45/0x50
[   58.146124][ T5024]  ? __fget_light+0x201/0x270
[   58.150923][ T5024]  __sys_sendmsg+0xf7/0x1c0
[   58.155436][ T5024]  ? __sys_sendmsg_sock+0x40/0x40
[   58.160477][ T5024]  ? lock_downgrade+0x690/0x690
[   58.165448][ T5024]  ? lockdep_hardirqs_on+0x7d/0x100
[   58.170716][ T5024]  ? _raw_spin_unlock_irq+0x2e/0x50
[   58.175951][ T5024]  ? ptrace_notify+0xfe/0x140
[   58.180647][ T5024]  do_syscall_64+0x39/0xb0
[   58.185091][ T5024]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.191010][ T5024] RIP: 0033:0x7f0b4551abf9
[   58.195435][ T5024] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.215336][ T5024] RSP: 002b:00007fff62779448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.223789][ T5024] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0b4551abf9
[   58.231802][ T5024] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   58.239818][ T5024] RBP: 00007f0b454deda0 R08: 0000000000000000 R09: 0000000000000000
[   58.247810][ T5024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b454dee30
[   58.255820][ T5024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   58.263855][ T5024]  </TASK>
[   58.267384][ T5024] Disabling lock debugging due to kernel taint
[   58.273610][ T5024] page:ffffea000040ec00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0
[   58.283858][ T5024] flags: 0xfff18000001042(referenced|workingset|reserved|node=0|zone=1|lastcpupid=0x7ff)
[   58.293732][ T5024] page_type: 0xffffffff()
[   58.298146][ T5024] raw: 00fff18000001042 ffffea000040ec08 ffffea000040ec08 0000000000000000
[   58.306831][ T5024] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   58.315536][ T5024] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   58.323355][ T5024] page_owner info is not present (never set?)
[   58.329959][ T5024] ------------[ cut here ]------------
[   58.335463][ T5024] kernel BUG at include/linux/mm.h:1010!
[   58.341112][ T5024] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   58.347172][ T5024] CPU: 0 PID: 5024 Comm: syz-executor193 Tainted: G    B              6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[   58.359181][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   58.369233][ T5024] RIP: 0010:extract_iter_to_sg+0x16f0/0x1960
[   58.375331][ T5024] Code: 6e ff e9 48 fe ff ff 48 8b 44 24 60 48 89 44 24 18 e9 41 f4 ff ff e8 df 6e 70 fd 48 c7 c6 a0 42 c7 8a 48 89 ef e8 c0 b0 ac fd <0f> 0b e8 59 a4 c3 fd e9 9e f9 ff ff e8 6f a4 c3 fd e9 a9 f0 ff ff
[   58.395006][ T5024] RSP: 0018:ffffc90003abf8b8 EFLAGS: 00010293
[   58.401062][ T5024] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   58.409027][ T5024] RDX: ffff88802d09d940 RSI: ffffffff841472f0 RDI: ffffffff8c37aa00
[   58.417008][ T5024] RBP: ffffea000040ec00 R08: 0000000000000000 R09: fffffbfff1d54dda
[   58.424977][ T5024] R10: ffffffff8eaa6ed7 R11: 0000000000000001 R12: ffff88807e1ae800
[   58.432936][ T5024] R13: ffffea000040ec34 R14: 0000000000000000 R15: 0000000000000000
[   58.440933][ T5024] FS:  00005555569b6300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   58.449893][ T5024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.456488][ T5024] CR2: 00007f0e351f2304 CR3: 000000002a0a8000 CR4: 00000000003506f0
[   58.464494][ T5024] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.472471][ T5024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.480444][ T5024] Call Trace:
[   58.483814][ T5024]  <TASK>
[   58.486792][ T5024]  ? die+0x32/0x90
[   58.490534][ T5024]  ? do_trap+0x1b2/0x3f0
[   58.494795][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.500186][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.505577][ T5024]  ? do_error_trap+0xb1/0x170
[   58.510275][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.515701][ T5024]  ? handle_invalid_op+0x2c/0x30
[   58.520661][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.526051][ T5024]  ? exc_invalid_op+0x2f/0x50
[   58.530731][ T5024]  ? asm_exc_invalid_op+0x1a/0x20
[   58.535776][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.541172][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.546651][ T5024]  ? extract_iter_to_sg+0x16f0/0x1960
[   58.552054][ T5024]  ? sg_init_one+0x140/0x140
[   58.556756][ T5024]  ? gup_put_folio+0x71/0x290
[   58.561446][ T5024]  ? sanity_check_pinned_pages+0xf10/0xf10
[   58.567266][ T5024]  ? lock_downgrade+0x690/0x690
[   58.572139][ T5024]  ? af_alg_free_sg+0xa1/0x260
[   58.576931][ T5024]  ? iov_iter_npages+0x102/0x4b0
[   58.581889][ T5024]  hash_sendmsg+0x523/0x1100
[   58.586489][ T5024]  ? hash_recvmsg_nokey+0x90/0x90
[   58.591520][ T5024]  sock_sendmsg+0xde/0x190
[   58.596051][ T5024]  ____sys_sendmsg+0x739/0x920
[   58.600914][ T5024]  ? copy_msghdr_from_user+0xfc/0x150
[   58.606292][ T5024]  ? kernel_sendmsg+0x50/0x50
[   58.610993][ T5024]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   58.616998][ T5024]  ___sys_sendmsg+0x110/0x1b0
[   58.621711][ T5024]  ? do_recvmmsg+0x6f0/0x6f0
[   58.626324][ T5024]  ? lock_sync+0x190/0x190
[   58.630762][ T5024]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   58.635996][ T5024]  ? do_raw_spin_lock+0x124/0x2b0
[   58.641073][ T5024]  ? spin_bug+0x1c0/0x1c0
[   58.645450][ T5024]  ? _raw_spin_lock_irq+0x45/0x50
[   58.650524][ T5024]  ? __fget_light+0x201/0x270
[   58.655319][ T5024]  __sys_sendmsg+0xf7/0x1c0
[   58.659833][ T5024]  ? __sys_sendmsg_sock+0x40/0x40
[   58.664862][ T5024]  ? lock_downgrade+0x690/0x690
[   58.669738][ T5024]  ? lockdep_hardirqs_on+0x7d/0x100
[   58.674949][ T5024]  ? _raw_spin_unlock_irq+0x2e/0x50
[   58.680249][ T5024]  ? ptrace_notify+0xfe/0x140
[   58.685198][ T5024]  do_syscall_64+0x39/0xb0
[   58.689635][ T5024]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.695662][ T5024] RIP: 0033:0x7f0b4551abf9
[   58.700125][ T5024] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.719758][ T5024] RSP: 002b:00007fff62779448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.728275][ T5024] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0b4551abf9
[   58.736433][ T5024] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   58.744422][ T5024] RBP: 00007f0b454deda0 R08: 0000000000000000 R09: 0000000000000000
[   58.752568][ T5024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b454dee30
[   58.760701][ T5024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   58.768696][ T5024]  </TASK>
[   58.771733][ T5024] Modules linked in:
[   58.775778][ T5024] ---[ end trace 0000000000000000 ]---
[   58.781274][ T5024] RIP: 0010:extract_iter_to_sg+0x16f0/0x1960
[   58.787297][ T5024] Code: 6e ff e9 48 fe ff ff 48 8b 44 24 60 48 89 44 24 18 e9 41 f4 ff ff e8 df 6e 70 fd 48 c7 c6 a0 42 c7 8a 48 89 ef e8 c0 b0 ac fd <0f> 0b e8 59 a4 c3 fd e9 9e f9 ff ff e8 6f a4 c3 fd e9 a9 f0 ff ff
[   58.807422][ T5024] RSP: 0018:ffffc90003abf8b8 EFLAGS: 00010293
[   58.813827][ T5024] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   58.822020][ T5024] RDX: ffff88802d09d940 RSI: ffffffff841472f0 RDI: ffffffff8c37aa00
[   58.829996][ T5024] RBP: ffffea000040ec00 R08: 0000000000000000 R09: fffffbfff1d54dda
[   58.838101][ T5024] R10: ffffffff8eaa6ed7 R11: 0000000000000001 R12: ffff88807e1ae800
[   58.846161][ T5024] R13: ffffea000040ec34 R14: 0000000000000000 R15: 0000000000000000
[   58.854209][ T5024] FS:  00005555569b6300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   58.863198][ T5024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.869773][ T5024] CR2: 000055eb7f645008 CR3: 000000002a0a8000 CR4: 00000000003506e0
[   58.877946][ T5024] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.885950][ T5024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.894151][ T5024] Kernel panic - not syncing: Fatal exception
[   58.900426][ T5024] Kernel Offset: disabled
[   58.904826][ T5024] Rebooting in 86400 seconds..