------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3997 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 3997 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 3997 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 3997 at fs/buffer.c:1148 invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 3997 Comm: sed Not tainted 5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:__brelse fs/buffer.c:1148 [inline]
RIP: 0010:brelse include/linux/buffer_head.h:325 [inline]
RIP: 0010:__invalidate_bh_lrus fs/buffer.c:1394 [inline]
RIP: 0010:invalidate_bh_lru+0xf8/0x1a0 fs/buffer.c:1407
Code: 00 e8 1c 7a e4 ff f0 ff 0b eb 21 e8 82 d8 9a ff 41 80 3c 2e 00 75 26 eb 2c e8 74 d8 9a ff 48 c7 c7 e0 44 97 8a e8 48 a1 66 ff <0f> 0b 48 bd 00 00 00 00 00 fc ff df 41 80 3c 2e 00 74 08 4c 89 ff
RSP: 0018:ffffc90000dd0f60 EFLAGS: 00010046
RAX: 522a2a129603b600 RBX: ffff88807311bc28 RCX: ffff888073c19dc0
RDX: 0000000080010001 RSI: 0000000080010001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff816658fc R09: ffffed1017364f24
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880b9b35978
R13: 0000000000000008 R14: 1ffff11017366b30 R15: ffff8880b9b35980
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff1f0f5ff8 CR3: 000000001cea8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 flush_smp_call_function_queue+0x2b5/0x760 kernel/smp.c:628
 __sysvec_call_function_single+0x9a/0x250 arch/x86/kernel/smp.c:248
 sysvec_call_function_single+0x89/0xb0 arch/x86/kernel/smp.c:243
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:646
RIP: 0010:call_rcu+0x7aa/0xa70 kernel/rcu/tree.c:3075
Code: 3c 03 00 74 08 4c 89 f7 e8 a3 a4 5e 00 f6 84 24 81 00 00 00 02 75 59 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <48> b8 00 00 00 00 00 fc ff df 4a c7 04 28 00 00 00 00 66 42 c7 44
RSP: 0018:ffffc90002e2fd60 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff920005c5fbc RCX: ffffffff913d0003
RDX: dffffc0000000000 RSI: ffffffff8a8b0c60 RDI: ffffffff8ad87900
RBP: ffffc90002e2fe68 R08: ffffffff81868a80 R09: fffffbfff1bc80ee
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110173674cc
R13: 1ffff920005c5fb8 R14: ffffc90002e2fde0 R15: 0000000000000246
 task_work_run+0x129/0x1a0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa241bb9a46
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 0a 48 01 00 48 83 c8 ff c3 31
RSP: 002b:00007fff1f0f59f8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: fffffffffffffffe RBX: 00007fff1f0f5c58 RCX: 00007fa241bb9a46
RDX: 0000000000080000 RSI: 00007fff1f0f5a70 RDI: 00000000ffffff9c
RBP: 00007fff1f0f5a60 R08: 0000000000080000 R09: 00007fff1f0f5a70
R10: 0000000000000000 R11: 0000000000000287 R12: 00007fff1f0f5a70
R13: 0000000000000004 R14: 00007fff1f0f5c3f R15: 00000000ffffffff
 </TASK>
----------------
Code disassembly (best guess):
   0:	3c 03                	cmp    $0x3,%al
   2:	00 74 08 4c          	add    %dh,0x4c(%rax,%rcx,1)
   6:	89 f7                	mov    %esi,%edi
   8:	e8 a3 a4 5e 00       	call   0x5ea4b0
   d:	f6 84 24 81 00 00 00 	testb  $0x2,0x81(%rsp)
  14:	02
  15:	75 59                	jne    0x70
  17:	41 f7 c7 00 02 00 00 	test   $0x200,%r15d
  1e:	74 01                	je     0x21
  20:	fb                   	sti
  21:	48 c7 44 24 60 0e 36 	movq   $0x45e0360e,0x60(%rsp)
  28:	e0 45
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	4a c7 04 28 00 00 00 	movq   $0x0,(%rax,%r13,1)
  3b:	00
  3c:	66                   	data16
  3d:	42                   	rex.X
  3e:	c7                   	.byte 0xc7
  3f:	44                   	rex.R