BUG: Bad page state in process syz-executor.0 pfn:861eb page:ff1c000002187ac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x861eb flags: 0xffe300000001842(referenced|workingset|arch_1|reserved|node=0|zone=0|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 0ffe300000001842 ff1c000002187ac8 ff1c000002187ac8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner info is not present (never set?) Modules linked in: CPU: 0 PID: 5351 Comm: syz-executor.0 Not tainted 6.5.0-rc1-syzkaller-00028-gef21fa7c198e #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe8/0x154 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] bad_page+0x19a/0x1e6 mm/page_alloc.c:533 [] free_page_is_bad_report mm/page_alloc.c:974 [inline] [] free_page_is_bad mm/page_alloc.c:984 [inline] [] free_pages_prepare mm/page_alloc.c:1153 [inline] [] free_unref_page_prepare+0x5b4/0x5fc mm/page_alloc.c:2348 [] free_unref_page+0x5a/0x234 mm/page_alloc.c:2443 [] __folio_put_small mm/swap.c:106 [inline] [] __folio_put+0x6e/0xd6 mm/swap.c:129 [] folio_put include/linux/mm.h:1423 [inline] [] put_page include/linux/mm.h:1492 [inline] [] extract_user_to_sg lib/scatterlist.c:1151 [inline] [] extract_iter_to_sg lib/scatterlist.c:1349 [inline] [] extract_iter_to_sg+0x11b4/0x12ac lib/scatterlist.c:1339 [] hash_sendmsg+0x32c/0xa48 crypto/algif_hash.c:117 [] sock_sendmsg_nosec net/socket.c:725 [inline] [] sock_sendmsg+0xa0/0xf2 net/socket.c:748 [] ____sys_sendmsg+0x1f8/0x54c net/socket.c:2494 [] ___sys_sendmsg+0x140/0x1d4 net/socket.c:2548 [] __sys_sendmmsg+0x202/0x58c net/socket.c:2634 [] __do_sys_sendmmsg net/socket.c:2663 [inline] [] sys_sendmmsg+0x34/0x44 net/socket.c:2660 [] syscall_handler+0xfa/0x148 arch/riscv/include/asm/syscall.h:90 [] do_trap_ecall_u+0x9c/0x9e arch/riscv/kernel/traps.c:310 [] ret_from_exception+0x0/0x64 arch/riscv/kernel/entry.S:102 page:ff1c000002187ac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x861eb flags: 0xffe300000001842(referenced|workingset|arch_1|reserved|node=0|zone=0|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 0ffe300000001842 ff1c000002187ac8 ff1c000002187ac8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) page_owner info is not present (never set?)