------------[ cut here ]------------
virt_to_phys used for non-linear address: 000000005231471d (0xffff800021829000)
WARNING: CPU: 1 PID: 4281 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
Modules linked in:
CPU: 1 PID: 4281 Comm: syz-executor.0 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
lr : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
sp : ffff80001fa27810
x29: ffff80001fa27810 x28: 1ffff00002957a9d x27: dfff800000000000
x26: fffffbffeffb5bf4 x25: 1fffe00019c898cf x24: dfff800000000000
x23: ffff800017103000 x22: ffff800017103000 x21: 0000600000000000
x20: ffff800021829000 x19: 0000800021829000 x18: 0000000000000001
x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff
x14: ffff0000c9659b40 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 9cc482847be95700
x8 : 9cc482847be95700 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001fa26f78 x4 : ffff800014b9fae0 x3 : ffff800008557c4c
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000004f
Call trace:
 __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
 virt_to_head_page include/linux/mm.h:900 [inline]
 kfree+0xd4/0x410 mm/slub.c:4554
 put_ntfs+0x80/0x240 fs/ntfs3/super.c:444
 ntfs_put_super+0xbc/0x10c fs/ntfs3/super.c:486
 generic_shutdown_super+0x130/0x29c fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1425
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 166180
hardirqs last  enabled at (166179): [<ffff80000832c17c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (166180): [<ffff800011abda6c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (165740): [<ffff8000080308b0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (165738): [<ffff80000803087c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace ee4ccb01cc041ce4 ]---
page:0000000031c020fd refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bb429
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000000 fffffc0005ed0a48 fffffc0005ed0a48 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(!PageCompound(page))
------------[ cut here ]------------
kernel BUG at mm/slub.c:3532!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4281 Comm: syz-executor.0 Tainted: G        W         5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
lr : free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
sp : ffff80001fa27800
x29: ffff80001fa27810 x28: 1ffff00002957a9d x27: dfff800000000000
x26: fffffbffeffb5bf4 x25: 1fffe00019c898cf x24: dfff800000000000
x23: ffff800017103000 x22: ffff0000ca127300 x21: ffff80000960efdc
x20: 0000000000000000 x19: fffffc0005ed0a40 x18: 0000000000000001
x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff
x14: ffff0000c9659b40 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 9cc482847be95700
x8 : 9cc482847be95700 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001fa26c78 x4 : ffff800014b9fae0 x3 : ffff800008557c4c
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000038
Call trace:
 free_nonslab_page+0x1cc/0x1dc mm/slub.c:3532
 kfree+0x2ac/0x410 mm/slub.c:4556
 put_ntfs+0x80/0x240 fs/ntfs3/super.c:444
 ntfs_put_super+0xbc/0x10c fs/ntfs3/super.c:486
 generic_shutdown_super+0x130/0x29c fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1425
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f005c8a1 9139a821 aa1303e0 97fba85f (d4210000) 
---[ end trace ee4ccb01cc041ce5 ]---