------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 0 PID: 4274 at fs/buffer.c:1145 __brelse fs/buffer.c:1145 [inline]
WARNING: CPU: 0 PID: 4274 at fs/buffer.c:1145 brelse include/linux/buffer_head.h:326 [inline]
WARNING: CPU: 0 PID: 4274 at fs/buffer.c:1145 __invalidate_bh_lrus fs/buffer.c:1380 [inline]
WARNING: CPU: 0 PID: 4274 at fs/buffer.c:1145 invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1393
Modules linked in:
CPU: 0 PID: 4274 Comm: udevd Not tainted 6.1.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__brelse fs/buffer.c:1145 [inline]
RIP: 0010:brelse include/linux/buffer_head.h:326 [inline]
RIP: 0010:__invalidate_bh_lrus fs/buffer.c:1380 [inline]
RIP: 0010:invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1393
Code: 00 e8 ac aa e2 ff f0 41 ff 0e eb 20 e8 61 8c 92 ff 80 3c 2b 00 75 25 eb 2b e8 54 8c 92 ff 48 c7 c7 c0 00 9a 8a e8 c8 b8 5e ff <0f> 0b 48 bd 00 00 00 00 00 fc ff df 80 3c 2b 00 74 08 4c 89 ff e8
RSP: 0018:ffffc90000007f30 EFLAGS: 00010046
RAX: dd9a7e4bc5fc1900 RBX: 1ffff110171c6d40 RCX: ffff88802b5f9dc0
RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed10171c4f34
R10: ffffed10171c4f34 R11: 1ffff110171c4f33 R12: ffff8880b8e369f8
R13: 0000000000000008 R14: ffff88805e986a58 R15: ffff8880b8e36a00
FS: 00007f07e994f880(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f07e9944000 CR3: 0000000018ef6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__flush_smp_call_function_queue+0x2d9/0xd20 kernel/smp.c:641
__sysvec_call_function_single+0xba/0x350 arch/x86/kernel/smp.c:267
instr_sysvec_call_function_single arch/x86/kernel/smp.c:262 [inline]
sysvec_call_function_single+0x98/0xc0 arch/x86/kernel/smp.c:262
asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:699
RIP: 0010:rol32 include/linux/bitops.h:127 [inline]
RIP: 0010:jhash2 include/linux/jhash.h:129 [inline]
RIP: 0010:hash_stack lib/stackdepot.c:276 [inline]
RIP: 0010:__stack_depot_save+0xa1/0x460 lib/stackdepot.c:444
Code: 29 ea 41 31 d0 01 cd 44 29 c1 45 89 c1 41 c1 c1 06 41 31 c9 41 01 e8 45 89 ca 41 c1 c2 08 44 29 cd 41 31 ea 45 01 c1 45 29 d0 <44> 89 d2 c1 c2 10 44 31 c2 45 01 ca 89 d1 c1 c1 13 41 29 d1 44 31
RSP: 0018:ffffc90003d37408 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000f258291b
RDX: 00000000fffff8d0 RSI: ffffc90003d37470 RDI: 0000000000000018
RBP: 0000000058b195e5 R08: 000000009ea176af R09: 000000000662ec9a
R10: 0000000052b76ef0 R11: 1ffffffff1c3ea95 R12: 0000000000000cc0
R13: 0000000000000001 R14: ffffc90003d37470 R15: 000000000000000c
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x60/0x70 mm/kasan/common.c:52
__kasan_slab_alloc+0x6b/0x80 mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook+0x4b/0x480 mm/slab.h:737
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc_lru+0x11a/0x2e0 mm/slub.c:3429
__d_alloc+0x31/0x700 fs/dcache.c:1774
d_alloc fs/dcache.c:1854 [inline]
d_alloc_parallel+0xd9/0x1480 fs/dcache.c:2645
lookup_open fs/namei.c:3407 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0x8fe/0x2e70 fs/namei.c:3780
do_filp_open+0x1c1/0x3c0 fs/namei.c:3810
do_sys_openat2+0x142/0x490 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__x64_sys_openat+0x135/0x160 fs/open.c:1345
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f07e92a7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffe6ee843f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f07e994f880 RCX: 00007f07e92a7407
RDX: 0000000000080000 RSI: 00007ffe6ee84560 RDI: ffffffffffffff9c
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000563424bf77f5
R13: 0000563424bf77f5 R14: 0000000000000001 R15: 0000563424c12140
----------------
Code disassembly (best guess):
0: 29 ea sub %ebp,%edx
2: 41 31 d0 xor %edx,%r8d
5: 01 cd add %ecx,%ebp
7: 44 29 c1 sub %r8d,%ecx
a: 45 89 c1 mov %r8d,%r9d
d: 41 c1 c1 06 rol $0x6,%r9d
11: 41 31 c9 xor %ecx,%r9d
14: 41 01 e8 add %ebp,%r8d
17: 45 89 ca mov %r9d,%r10d
1a: 41 c1 c2 08 rol $0x8,%r10d
1e: 44 29 cd sub %r9d,%ebp
21: 41 31 ea xor %ebp,%r10d
24: 45 01 c1 add %r8d,%r9d
27: 45 29 d0 sub %r10d,%r8d
* 2a: 44 89 d2 mov %r10d,%edx <-- trapping instruction
2d: c1 c2 10 rol $0x10,%edx
30: 44 31 c2 xor %r8d,%edx
33: 45 01 ca add %r9d,%r10d
36: 89 d1 mov %edx,%ecx
38: c1 c1 13 rol $0x13,%ecx
3b: 41 29 d1 sub %edx,%r9d
3e: 44 rex.R
3f: 31 .byte 0x31