BUG: Bad page state in process syz-executor.4  pfn:193d68
page:ffffea00064f5a00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
page dumped because: nonzero _refcount
Modules linked in:
CPU: 0 PID: 28795 Comm: syz-executor.4 Tainted: G        W         5.4.24-syzkaller-00161-g017d67e9a8b3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b0/0x228 lib/dump_stack.c:118
 bad_page+0x262/0x290 mm/page_alloc.c:661
 check_new_page_bad mm/page_alloc.c:2080 [inline]
 check_new_page mm/page_alloc.c:2092 [inline]
 check_pcp_refill mm/page_alloc.c:2128 [inline]
 rmqueue_bulk mm/page_alloc.c:2759 [inline]
 __rmqueue_pcplist mm/page_alloc.c:3225 [inline]
 rmqueue_pcplist mm/page_alloc.c:3253 [inline]
 rmqueue mm/page_alloc.c:3275 [inline]
 get_page_from_freelist+0x2cce/0x57e0 mm/page_alloc.c:3693
 __alloc_pages_nodemask+0x44f/0x3010 mm/page_alloc.c:4757
 __vmalloc_area_node mm/vmalloc.c:2428 [inline]
 __vmalloc_node_range+0x393/0x760 mm/vmalloc.c:2496
 __vmalloc_node mm/vmalloc.c:2551 [inline]
 __vmalloc_node_flags mm/vmalloc.c:2565 [inline]
 vzalloc+0x73/0x80 mm/vmalloc.c:2610
 xt_counters_alloc+0x60/0x70 net/netfilter/x_tables.c:1348
 __do_replace+0xc2/0xa90 net/ipv4/netfilter/ip_tables.c:1049
 do_replace net/ipv4/netfilter/ip_tables.c:1140 [inline]
 do_ipt_set_ctl+0x408/0x5e0 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x28e/0x2b0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt+0xc7/0xe0 net/ipv4/ip_sockglue.c:1260
 udp_setsockopt+0x79/0x90 net/ipv4/udp.c:2642
 sock_common_setsockopt+0x99/0xb0 net/core/sock.c:3151
 __sys_setsockopt+0x4ee/0x8b0 net/socket.c:2085
 __do_sys_setsockopt net/socket.c:2101 [inline]
 __se_sys_setsockopt net/socket.c:2098 [inline]
 __x64_sys_setsockopt+0xbf/0xd0 net/socket.c:2098
 do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fd278e00c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fd278e016d4 RCX: 000000000045c479
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 000000000076bfc0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020000500 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a34 R14: 00000000004cc9d4 R15: 000000000076bfcc