BUG: Bad page state in process syz-executor.5  pfn:1c69e0
page:ffffea00071a7800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
page dumped because: nonzero _refcount
Modules linked in:
CPU: 1 PID: 8150 Comm: syz-executor.5 Tainted: G        W         5.4.24-syzkaller-00181-g3334f0da669e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b0/0x228 lib/dump_stack.c:118
 bad_page+0x262/0x290 mm/page_alloc.c:661
 check_new_page_bad mm/page_alloc.c:2080 [inline]
 check_new_page mm/page_alloc.c:2092 [inline]
 check_new_pages mm/page_alloc.c:2145 [inline]
 rmqueue mm/page_alloc.c:3296 [inline]
 get_page_from_freelist+0x505a/0x57e0 mm/page_alloc.c:3693
 ? 0xffffffffa0010000
 __alloc_pages_nodemask+0x44f/0x3010 mm/page_alloc.c:4757
 ? 0xffffffffa0010000
 alloc_slab_page+0x3f/0x390 mm/slub.c:1494
 allocate_slab mm/slub.c:1640 [inline]
 new_slab+0x98/0x430 mm/slub.c:1706
 new_slab_objects mm/slub.c:2457 [inline]
 ___slab_alloc+0x2e0/0x450 mm/slub.c:2608
 __slab_alloc mm/slub.c:2648 [inline]
 slab_alloc_node mm/slub.c:2722 [inline]
 slab_alloc mm/slub.c:2766 [inline]
 kmem_cache_alloc+0x203/0x2b0 mm/slub.c:2771
 bvec_alloc+0xd1/0x1a0 block/bio.c:223
 bio_alloc_bioset+0x3a2/0x650 block/bio.c:503
 bio_alloc include/linux/bio.h:401 [inline]
 dio_bio_alloc fs/direct-io.c:440 [inline]
 dio_new_bio+0x523/0xa20 fs/direct-io.c:741
 dio_send_cur_page+0x3fd/0xdf0 fs/direct-io.c:816
 do_blockdev_direct_IO fs/direct-io.c:1351 [inline]
 __blockdev_direct_IO+0x32b4/0x4910 fs/direct-io.c:1417
 ext4_direct_IO_read fs/ext4/inode.c:3880 [inline]
 ext4_direct_IO+0x1163/0x2560 fs/ext4/inode.c:3939
 generic_file_read_iter+0x1ced/0x2070 mm/filemap.c:2303
 ext4_file_read_iter+0x110/0x140 fs/ext4/file.c:78
 call_read_iter include/linux/fs.h:1919 [inline]
 generic_file_splice_read+0x491/0x780 fs/splice.c:307
 do_splice_to fs/splice.c:877 [inline]
 splice_direct_to_actor+0x3cf/0xb00 fs/splice.c:955
 do_splice_direct+0x279/0x3d0 fs/splice.c:1064
 do_sendfile+0x89d/0x1110 fs/read_write.c:1467
 __do_sys_sendfile64 fs/read_write.c:1528 [inline]
 __se_sys_sendfile64 fs/read_write.c:1514 [inline]
 __x64_sys_sendfile64+0x1ae/0x220 fs/read_write.c:1514
 do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45c4a9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2f708b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f2f708b96d4 RCX: 000000000045c4a9
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000000a
RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008d1 R14: 00000000004cb3b0 R15: 000000000076c06c