BUG: Bad page state in process syz-executor111  pfn:1cfcc0
page:ffffea00073f3000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0
raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
page dumped because: nonzero _refcount
Modules linked in:
CPU: 1 PID: 1884 Comm: syz-executor111 Tainted: G        W         5.4.23-syzkaller-01268-g2c2101d18159 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b0/0x228 lib/dump_stack.c:118
 bad_page+0x262/0x290 mm/page_alloc.c:661
 check_new_page_bad mm/page_alloc.c:2080 [inline]
 check_new_page mm/page_alloc.c:2092 [inline]
 check_new_pages mm/page_alloc.c:2145 [inline]
 rmqueue mm/page_alloc.c:3296 [inline]
 get_page_from_freelist+0x505a/0x57e0 mm/page_alloc.c:3693
 ? 0xffffffffa0008000
 __alloc_pages_nodemask+0x44f/0x3010 mm/page_alloc.c:4757
 alloc_slab_page+0x3f/0x390 mm/slub.c:1494
 allocate_slab mm/slub.c:1640 [inline]
 new_slab+0x98/0x430 mm/slub.c:1706
 new_slab_objects mm/slub.c:2457 [inline]
 ___slab_alloc+0x2e0/0x450 mm/slub.c:2608
 __slab_alloc mm/slub.c:2648 [inline]
 slab_alloc_node mm/slub.c:2722 [inline]
 slab_alloc mm/slub.c:2766 [inline]
 kmem_cache_alloc_trace+0x23f/0x2f0 mm/slub.c:2783
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:690 [inline]
 bpf_check+0x136/0xe7b0 kernel/bpf/verifier.c:9259
 ? 0xffffffffa0008000
 bpf_prog_load kernel/bpf/syscall.c:1720 [inline]
 __do_sys_bpf+0x80a8/0xbbc0 kernel/bpf/syscall.c:2878
 __se_sys_bpf kernel/bpf/syscall.c:2837 [inline]
 __x64_sys_bpf+0x7a/0x90 kernel/bpf/syscall.c:2837
 do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4421c9
Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9
RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac
R10: 0000000000000004 R11: 0000000000000246 R12: 000000000000432e
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000