------------[ cut here ]------------
virt_to_phys used for non-linear address: 00000000a895c26c (0xffff8000235ba000)
WARNING: CPU: 1 PID: 3981 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
Modules linked in:
CPU: 1 PID: 3981 Comm: syz-executor.0 Not tainted 5.15.156-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
lr : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
sp : ffff80001ca67810
x29: ffff80001ca67810 x28: 1ffff00002927a9d x27: dfff800000000000
x26: fffffbffeff79d04 x25: 1fffe0001ad208cf x24: dfff800000000000
x23: ffff800016f41000 x22: ffff800016f41000 x21: 0000600000000000
x20: ffff8000235ba000 x19: 00008000235ba000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000119967f4 x15: 0000000000000012
x14: 1ffff0000292806a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 5dc50ba0ca18cd00
x8 : 5dc50ba0ca18cd00 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff800008550224
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000004f
Call trace:
 __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
 virt_to_head_page include/linux/mm.h:900 [inline]
 kfree+0xd4/0x410 mm/slub.c:4554
 put_ntfs+0x80/0x240 fs/ntfs3/super.c:444
 ntfs_put_super+0xbc/0x10c fs/ntfs3/super.c:486
 generic_shutdown_super+0x130/0x29c fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1414
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1147386
hardirqs last  enabled at (1147385): [<ffff80000832a4e0>] console_trylock_spinning+0x180/0x288 kernel/printk/printk.c:1891
hardirqs last disabled at (1147386): [<ffff800011991e80>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (1147068): [<ffff8000080310b0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1147066): [<ffff80000803107c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace ee3c1e703b3e0757 ]---
page:00000000c3a633c3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c39ba
flags: 0x5ffe00000000000(node=0|zone=2|lastcpupid=0xfff)
raw: 05ffe00000000000 fffffc00060e6e88 fffffc00060e6e88 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(!PageCompound(page))
------------[ cut here ]------------
kernel BUG at mm/slub.c:3532!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3981 Comm: syz-executor.0 Tainted: G        W         5.15.156-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
lr : free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
sp : ffff80001ca67800
x29: ffff80001ca67810 x28: 1ffff00002927a9d x27: dfff800000000000
x26: fffffbffeff79d04 x25: 1fffe0001ad208cf x24: dfff800000000000
x23: ffff800016f41000 x22: ffff0000c8f81000 x21: ffff800009601fac
x20: 0000000000000000 x19: fffffc00060e6e80 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000119967f4 x15: 0000000000000063
x14: 1ffff0000292806a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 5dc50ba0ca18cd00
x8 : 5dc50ba0ca18cd00 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff800008550224
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000038
Call trace:
 free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
 kfree+0x2ac/0x410 mm/slub.c:4556
 put_ntfs+0x80/0x240 fs/ntfs3/super.c:444
 ntfs_put_super+0xbc/0x10c fs/ntfs3/super.c:486
 generic_shutdown_super+0x130/0x29c fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1414
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 9005bda1 91212c21 aa1303e0 97fba8d4 (d4210000) 
---[ end trace ee3c1e703b3e0758 ]---