==================================================================
BUG: KASAN: double-free or invalid-free in slab_free mm/slub.c:3157 [inline]
BUG: KASAN: double-free or invalid-free in kfree+0xe5/0x7b0 mm/slub.c:4196

CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.11.0-rc2-next-20210108-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:230
 kasan_report_invalid_free+0x51/0x80 mm/kasan/report.c:355
 ____kasan_slab_free.part.0+0xfd/0x110 mm/kasan/common.c:344
 kasan_slab_free include/linux/kasan.h:188 [inline]
 slab_free_hook mm/slub.c:1548 [inline]
 slab_free_freelist_hook+0x82/0x1d0 mm/slub.c:1586
 slab_free mm/slub.c:3157 [inline]
 kfree+0xe5/0x7b0 mm/slub.c:4196
 bdev_free_inode+0x57/0x80 fs/block_dev.c:787
 i_callback+0x3f/0x70 fs/inode.c:223
 rcu_do_batch kernel/rcu/tree.c:2508 [inline]
 rcu_core+0x72b/0x1280 kernel/rcu/tree.c:2743
 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343
 run_ksoftirqd kernel/softirq.c:650 [inline]
 run_ksoftirqd+0x2d/0x50 kernel/softirq.c:642
 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:165
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Allocated by task 4902:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:404 [inline]
 ____kasan_kmalloc mm/kasan/common.c:435 [inline]
 ____kasan_kmalloc.constprop.0+0xa0/0xd0 mm/kasan/common.c:407
 kmalloc include/linux/slab.h:554 [inline]
 kernfs_get_open_node fs/kernfs/file.c:571 [inline]
 kernfs_fop_open+0x957/0xd40 fs/kernfs/file.c:717
 do_dentry_open+0x4b9/0x11b0 fs/open.c:817
 do_open fs/namei.c:3254 [inline]
 path_openat+0x1b8e/0x2720 fs/namei.c:3369
 do_filp_open+0x17e/0x3c0 fs/namei.c:3396
 do_sys_openat2+0x16d/0x420 fs/open.c:1178
 do_sys_open fs/open.c:1194 [inline]
 __do_sys_open fs/open.c:1202 [inline]
 __se_sys_open fs/open.c:1198 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1198
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff888022cacd00
 which belongs to the cache kmalloc-128 of size 128
The buggy address is located 0 bytes inside of
 128-byte region [ffff888022cacd00, ffff888022cacd80)
The buggy address belongs to the page:
page:0000000083df0907 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888022cacc00 pfn:0x22cac
flags: 0xfff00000000200(slab)
raw: 00fff00000000200 ffffea0000946f00 0000000900000009 ffff888010041640
raw: ffff888022cacc00 000000008010000a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888022cacc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888022cacc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888022cacd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888022cacd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888022cace00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================