syzbot

------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:28!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.11.0-rc3-next-20210115-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: md_misc mddev_delayed_delete
RIP: 0010:__phys_addr+0xd3/0x140 arch/x86/mm/physaddr.c:28
Code: e3 44 89 e9 31 ff 48 d3 eb 48 89 de e8 66 30 40 00 48 85 db 75 0f e8 6c 28 40 00 4c 89 e0 5b 5d 41 5c 41 5d c3 e8 5d 28 40 00 <0f> 0b e8 56 28 40 00 48 c7 c0 10 50 0b 8b 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90000ca7c28 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888010d18000 RSI: ffffffff8132e0b3 RDI: 0000000000000003
RBP: 0000000080000000 R08: 0000000080000000 R09: ffffffff8ed3d98f
R10: ffffffff8132e02e R11: 000000000000015f R12: 0000778000000000
R13: 0000000000000000 R14: 0000000000000007 R15: 1ffff1100518b5b1
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000074ab98 CR3: 0000000068f49000 CR4: 00000000001526f0
Call Trace:
 virt_to_head_page include/linux/mm.h:875 [inline]
 __ksize+0x13/0x110 mm/slub.c:4166
 kasan_unpoison_element mm/mempool.c:115 [inline]
 remove_element mm/mempool.c:133 [inline]
 mempool_exit+0x1ba/0x330 mm/mempool.c:152
 md_free+0x171/0x200 drivers/md/md.c:5606
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1c8/0x540 lib/kobject.c:753
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Modules linked in:
---[ end trace a81827a93050a370 ]---
RIP: 0010:__phys_addr+0xd3/0x140 arch/x86/mm/physaddr.c:28
Code: e3 44 89 e9 31 ff 48 d3 eb 48 89 de e8 66 30 40 00 48 85 db 75 0f e8 6c 28 40 00 4c 89 e0 5b 5d 41 5c 41 5d c3 e8 5d 28 40 00 <0f> 0b e8 56 28 40 00 48 c7 c0 10 50 0b 8b 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90000ca7c28 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888010d18000 RSI: ffffffff8132e0b3 RDI: 0000000000000003
RBP: 0000000080000000 R08: 0000000080000000 R09: ffffffff8ed3d98f
R10: ffffffff8132e02e R11: 000000000000015f R12: 0000778000000000
R13: 0000000000000000 R14: 0000000000000007 R15: 1ffff1100518b5b1
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe742bd7000 CR3: 0000000017bab000 CR4: 00000000001526f0