------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 0 PID: 8607 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 0 PID: 8607 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 0 PID: 8607 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 0 PID: 8607 at fs/buffer.c:1148 invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1407
Modules linked in:
CPU: 0 PID: 8607 Comm: modprobe Not tainted 5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__brelse fs/buffer.c:1148 [inline]
RIP: 0010:brelse include/linux/buffer_head.h:325 [inline]
RIP: 0010:__invalidate_bh_lrus fs/buffer.c:1394 [inline]
RIP: 0010:invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1407
Code: 00 e8 6c 69 e4 ff f0 ff 0b eb 21 e8 d2 98 9a ff 41 80 3c 2e 00 75 26 eb 2c e8 c4 98 9a ff 48 c7 c7 20 6c 97 8a e8 e8 40 66 ff <0f> 0b 48 bd 00 00 00 00 00 fc ff df 41 80 3c 2e 00 74 08 4c 89 ff
RSP: 0018:ffffc90000007f60 EFLAGS: 00010046
RAX: ec349e4d3cd8db00 RBX: ffff888074f6bee0 RCX: ffff888018905940
RDX: 0000000080010003 RSI: 0000000080010003 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff816683dc R09: fffff52000000f2d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880b9a36578
R13: 0000000000000010 R14: 1ffff11017346cb1 R15: ffff8880b9a36588
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7f3df3a108 CR3: 000000007b91a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 flush_smp_call_function_queue+0x2b5/0x760 kernel/smp.c:628
 __sysvec_call_function_single+0x9a/0x250 arch/x86/kernel/smp.c:248
 sysvec_call_function_single+0x89/0xb0 arch/x86/kernel/smp.c:243
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:646
RIP: 0010:rcu_is_watching+0x40/0xa0 kernel/rcu/tree.c:1123
Code: 73 72 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 00 18 36 8c 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 30 17 5f 00 <48> c7 c3 08 b3 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38
RSP: 0018:ffffc900032b7580 EFLAGS: 00000246
RAX: 1ffffffff186c300 RBX: 0000000000000000 RCX: ffffffff8162d038
RDX: 0000000000000000 RSI: ffffffff8ad8f660 RDI: ffffffff8ad8f620
RBP: ffffc900032b76d8 R08: dffffc0000000000 R09: fffffbfff1bc8e76
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000656ec0
R13: ffffffff81baeaa2 R14: ffffffff8c361800 R15: dffffc0000000000
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0xb9/0x9a0 kernel/locking/lockdep.c:5634
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:403 [inline]
 browse_rb mm/mmap.c:363 [inline]
 validate_mm+0x592/0x990 mm/mmap.c:423
 __vma_adjust+0x2cde/0x3150 mm/mmap.c:1021
 __split_vma+0x378/0x4a0
 __do_munmap+0x413/0x1740 mm/mmap.c:2865
 do_munmap mm/mmap.c:2910 [inline]
 munmap_vma_range mm/mmap.c:603 [inline]
 mmap_region+0x900/0x1670 mm/mmap.c:1746
 do_mmap+0x78d/0xe00 mm/mmap.c:1575
 vm_mmap_pgoff+0x1ca/0x2d0 mm/util.c:551
 ksys_mmap_pgoff+0x559/0x780 mm/mmap.c:1624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f7f3df5cb74
Code: 63 08 44 89 e8 5b 41 5c 41 5d c3 41 89 ca 41 f7 c1 ff 0f 00 00 74 0c c7 05 f5 46 01 00 16 00 00 00 eb 17 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 dc 46 01 00 48 83 c8 ff c3 0f
RSP: 002b:00007ffde389a598 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007ffde389a5d8 RCX: 00007f7f3df5cb74
RDX: 0000000000000005 RSI: 0000000000123000 RDI: 00007f7f3dcf3000
RBP: 00007ffde389ad30 R08: 0000000000000000 R09: 0000000000028000
R10: 0000000000000812 R11: 0000000000000246 R12: 00007f7f3df3f5c0
R13: 00007ffde389adb8 R14: 0000000000027f38 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	73 72                	jae    0x74
   2:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
   9:	fc ff df
   c:	4c 8d 34 dd 00 18 36 	lea    -0x73c9e800(,%rbx,8),%r14
  13:	8c
  14:	4c 89 f0             	mov    %r14,%rax
  17:	48 c1 e8 03          	shr    $0x3,%rax
  1b:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1)
  20:	74 08                	je     0x2a
  22:	4c 89 f7             	mov    %r14,%rdi
  25:	e8 30 17 5f 00       	call   0x5f175a
* 2a:	48 c7 c3 08 b3 03 00 	mov    $0x3b308,%rbx <-- trapping instruction
  31:	49 03 1e             	add    (%r14),%rbx
  34:	48 89 d8             	mov    %rbx,%rax
  37:	48 c1 e8 03          	shr    $0x3,%rax
  3b:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax