------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4616 Comm: syz-executor Not tainted 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9c93680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2114148 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : e8800a58eeb82f00 x8 : e8800a58eeb82f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 preempt_count arch/arm64/include/asm/preempt.h:12 [inline] check_kcov_mode kernel/kcov.c:172 [inline] write_comp_data kernel/kcov.c:227 [inline] __sanitizer_cov_trace_cmp8+0x2c/0xc0 kernel/kcov.c:273 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1705 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1731 slab_free mm/slub.c:3499 [inline] kmem_cache_free+0xdc/0x3b4 mm/slub.c:3515 merge_or_add_vmap_area mm/vmalloc.c:1142 [inline] free_vmap_area_noflush+0x690/0x8d0 mm/vmalloc.c:1759 free_unmap_vmap_area mm/vmalloc.c:1778 [inline] remove_vm_area+0x1ac/0x1c4 mm/vmalloc.c:2517 vm_remove_mappings mm/vmalloc.c:2546 [inline] __vunmap+0x304/0x9bc mm/vmalloc.c:2611 __vfree mm/vmalloc.c:2670 [inline] vfree+0xbc/0x154 mm/vmalloc.c:2701 __do_replace+0x830/0x988 net/ipv4/netfilter/ip_tables.c:1091 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline] do_ip6t_set_ctl+0xa94/0xe00 net/ipv6/netfilter/ip6_tables.c:1646 nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1a18/0x36dc net/ipv6/ipv6_sockglue.c:1014 tcp_setsockopt+0x1d4/0x1bf4 net/ipv4/tcp.c:3713 sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3446 __sys_setsockopt+0x2f8/0x4b0 net/socket.c:2203 __do_sys_setsockopt net/socket.c:2214 [inline] __se_sys_setsockopt net/socket.c:2211 [inline] __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 118946 hardirqs last enabled at (118945): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (118946): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (118934): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (118932): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce53 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c0948000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e21144e8 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ef904afe6d31c100 x8 : ef904afe6d31c100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0xec/0x174 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:408 [inline] __batadv_dat_purge+0x2c4/0x374 net/batman-adv/distributed-arp-table.c:186 batadv_dat_hash_free net/batman-adv/distributed-arp-table.c:798 [inline] batadv_dat_free+0x7c/0xc4 net/batman-adv/distributed-arp-table.c:842 batadv_mesh_free+0x78/0x13c net/batman-adv/main.c:270 batadv_softif_free+0x20/0x34 net/batman-adv/soft-interface.c:989 netdev_run_todo+0x7d0/0x9cc net/core/dev.c:10691 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:112 default_device_exit_batch+0x448/0x4a4 net/core/dev.c:11668 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1476214 hardirqs last enabled at (1476213): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (1476214): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1476212): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (1476212): [] __batadv_dat_purge+0x2c4/0x374 net/batman-adv/distributed-arp-table.c:186 softirqs last disabled at (1476210): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (1476210): [] __batadv_dat_purge+0xe8/0x374 net/batman-adv/distributed-arp-table.c:174 ---[ end trace da7f9e8b5c98ce57 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c0948000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2114888 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ef904afe6d31c100 x8 : ef904afe6d31c100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __preempt_count_add arch/arm64/include/asm/preempt.h:46 [inline] lockdep_enabled kernel/locking/lockdep.c:88 [inline] lock_acquire+0x108/0x620 kernel/locking/lockdep.c:5599 rcu_lock_acquire+0x40/0x4c include/linux/rcupdate.h:312 rcu_read_lock include/linux/rcupdate.h:739 [inline] inet_twsk_purge+0x10c/0x7ac net/ipv4/inet_timewait_sock.c:268 dccp_v6_exit_batch+0x20/0x2c net/dccp/ipv6.c:1123 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1491740 hardirqs last enabled at (1491739): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1491739): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1491740): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1491732): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (1491732): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (1491705): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1491705): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1491705): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1491705): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace da7f9e8b5c98ce5a ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c0948000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2114c28 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ef904afe6d31c100 x8 : ef904afe6d31c100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0xc0/0x620 kernel/locking/lockdep.c:5594 rcu_lock_acquire+0x40/0x4c include/linux/rcupdate.h:312 rcu_read_lock include/linux/rcupdate.h:739 [inline] inet_twsk_purge+0x10c/0x7ac net/ipv4/inet_timewait_sock.c:268 dccp_v4_exit_batch+0x20/0x2c net/dccp/ipv4.c:1040 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1493732 hardirqs last enabled at (1493731): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline] hardirqs last enabled at (1493731): [] exit_to_kernel_mode+0xe0/0x168 arch/arm64/kernel/entry-common.c:91 hardirqs last disabled at (1493732): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1493724): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (1493724): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (1493711): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1493711): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1493711): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1493711): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace da7f9e8b5c98ce5d ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4927 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4927 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4927 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4927 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4927 Comm: syz.0.33 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c25f0000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20c7060 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 3210f01ddfd31500 x8 : 3210f01ddfd31500 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] rmqueue_pcplist mm/page_alloc.c:3710 [inline] rmqueue mm/page_alloc.c:3742 [inline] get_page_from_freelist+0x2244/0x2aa8 mm/page_alloc.c:4189 __alloc_pages+0x1a0/0x470 mm/page_alloc.c:5474 alloc_pages_vma+0x284/0x7a8 mm/mempolicy.c:2146 alloc_zeroed_user_highpage_movable+0x9c/0xd8 arch/arm64/mm/fault.c:932 do_anonymous_page mm/memory.c:3838 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x1904/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1092 hardirqs last enabled at (1091): [] rmqueue_pcplist mm/page_alloc.c:3710 [inline] hardirqs last enabled at (1091): [] rmqueue mm/page_alloc.c:3742 [inline] hardirqs last enabled at (1091): [] get_page_from_freelist+0x2234/0x2aa8 mm/page_alloc.c:4189 hardirqs last disabled at (1092): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (14): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (12): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce5f ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4933 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4933 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4933 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4933 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4933 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cbcc1b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20c7400 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 16fab81031340200 x8 : 16fab81031340200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 xas_next_entry+0x28/0x394 include/linux/xarray.h:1628 next_map_page mm/filemap.c:3296 [inline] filemap_map_pages+0x958/0xc50 mm/filemap.c:3352 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c0/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 398 hardirqs last enabled at (397): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (398): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (30): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (28): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce60 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4934 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4934 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4934 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4934 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4934 Comm: syz.0.36 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c0f1b680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20c77a0 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 850f1665bde61f00 x8 : 850f1665bde61f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000000010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 try_to_wake_up+0x3a4/0xa64 kernel/sched/core.c:4148 wake_up_process kernel/sched/core.c:4215 [inline] wake_up_q+0x94/0x114 kernel/sched/core.c:953 futex_wake+0x46c/0x4f4 kernel/futex/core.c:1702 do_futex+0x1684/0x257c kernel/futex/core.c:3987 __do_sys_futex kernel/futex/core.c:4059 [inline] __se_sys_futex kernel/futex/core.c:4040 [inline] __arm64_sys_futex+0x388/0x400 kernel/futex/core.c:4040 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1124 hardirqs last enabled at (1123): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1123): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1124): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1052): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1050): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce61 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 3652 Comm: udevd Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d6990000 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20c7b40 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000083020fc x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 6ab363681ea5f200 x8 : 6ab363681ea5f200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff80000830220c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] el0_svc_common+0xa8/0x258 arch/arm64/kernel/syscall.c:107 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1048016 hardirqs last enabled at (1048015): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (1048015): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (1048016): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1046136): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1046134): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce62 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4616 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9c93680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20f1a58 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : e8800a58eeb82f00 x8 : e8800a58eeb82f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] account_kernel_stack+0x150/0x274 kernel/fork.c:388 dup_task_struct+0x768/0xc44 kernel/fork.c:968 copy_process+0x4c8/0x34ac kernel/fork.c:2121 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 182176 hardirqs last enabled at (182175): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (182175): [] account_kernel_stack+0x130/0x274 kernel/fork.c:388 hardirqs last disabled at (182176): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (182162): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (182160): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce66 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4560 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4560 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4560 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4560 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4560 Comm: kworker/0:9 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: rcu_gp process_srcu pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc713680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20f1df8 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 619f556730bf1800 x8 : 619f556730bf1800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:202 spin_unlock_irq include/linux/spinlock.h:413 [inline] srcu_gp_end kernel/rcu/srcutree.c:584 [inline] srcu_advance_state kernel/rcu/srcutree.c:1231 [inline] process_srcu+0x9bc/0xc30 kernel/rcu/srcutree.c:1325 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 42444 hardirqs last enabled at (42443): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (42443): [] _raw_spin_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:202 hardirqs last disabled at (42444): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (41978): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (41978): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:736 [inline] softirqs last enabled at (41978): [] nsim_dev_trap_report_work+0x5fc/0x938 drivers/net/netdevsim/dev.c:762 softirqs last disabled at (41976): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (41976): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:732 [inline] softirqs last disabled at (41976): [] nsim_dev_trap_report_work+0x578/0x938 drivers/net/netdevsim/dev.c:762 ---[ end trace da7f9e8b5c98ce67 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4616 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9c93680 x27: 1fffe0003421845e x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000003 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e21e85d0 x20: ffff0001a10c22f0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : e8800a58eeb82f00 x8 : e8800a58eeb82f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] alloc_counters+0x3f8/0x7a4 net/ipv4/netfilter/ip_tables.c:805 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:822 [inline] get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline] do_ipt_get_ctl+0xaf4/0x13a8 net/ipv4/netfilter/ip_tables.c:1669 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ip_getsockopt+0xffc/0x158c net/ipv4/ip_sockglue.c:1797 tcp_getsockopt+0x214/0x2e74 net/ipv4/tcp.c:4313 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3418 __sys_getsockopt+0x1e0/0x45c net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2259 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 201646 hardirqs last enabled at (201645): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (201645): [] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] hardirqs last enabled at (201645): [] alloc_counters+0x3d4/0x7a4 net/ipv4/netfilter/ip_tables.c:805 hardirqs last disabled at (201646): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (201632): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (201632): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (201630): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (201630): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace da7f9e8b5c98ce6e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4968 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4968 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4968 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4968 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4968 Comm: syz.0.53 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ce643680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c05fcc28 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a643d3ae913cb100 x8 : a643d3ae913cb100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] count_memcg_events include/linux/memcontrol.h:1058 [inline] count_memcg_event_mm+0x1d0/0x308 include/linux/memcontrol.h:1081 handle_mm_fault+0x1a0/0x2950 mm/memory.c:4863 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 88 hardirqs last enabled at (87): [] count_memcg_events include/linux/memcontrol.h:1058 [inline] hardirqs last enabled at (87): [] count_memcg_event_mm+0x1b0/0x308 include/linux/memcontrol.h:1081 hardirqs last disabled at (88): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce71 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4969 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4969 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4969 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4969 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4969 Comm: syz.0.54 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000dba78000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c05ef060 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : f0b66ba5f9477600 x8 : f0b66ba5f9477600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 prepare_alloc_pages+0x110/0x460 mm/page_alloc.c:5231 __alloc_pages+0x108/0x470 mm/page_alloc.c:5463 alloc_pages_vma+0x284/0x7a8 mm/mempolicy.c:2146 alloc_zeroed_user_highpage_movable+0x9c/0xd8 arch/arm64/mm/fault.c:932 do_anonymous_page mm/memory.c:3838 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x1904/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1852 hardirqs last enabled at (1851): [] count_memcg_events include/linux/memcontrol.h:1058 [inline] hardirqs last enabled at (1851): [] count_memcg_event_mm+0x1b0/0x308 include/linux/memcontrol.h:1081 hardirqs last disabled at (1852): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (14): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (12): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce72 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4975 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4975 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4975 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4975 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4975 Comm: syz.0.57 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cba43680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb56148 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : b3acfd9c43515a00 x8 : b3acfd9c43515a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access+0x15c/0x230 include/linux/seqlock.h:105 read_seqbegin include/linux/seqlock.h:897 [inline] zone_span_seqbegin include/linux/memory_hotplug.h:83 [inline] page_outside_zone_boundaries mm/page_alloc.c:580 [inline] bad_range+0xa0/0x2a0 mm/page_alloc.c:607 rmqueue mm/page_alloc.c:3760 [inline] get_page_from_freelist+0x2954/0x2aa8 mm/page_alloc.c:4189 __alloc_pages+0x1a0/0x470 mm/page_alloc.c:5474 alloc_pages+0x34c/0x5c0 mm/mempolicy.c:-1 pmd_alloc_one include/asm-generic/pgalloc.h:126 [inline] __pmd_alloc+0x54/0x498 mm/memory.c:4958 pmd_alloc include/linux/mm.h:2180 [inline] __handle_mm_fault mm/memory.c:4747 [inline] handle_mm_fault+0x1e04/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 872 hardirqs last enabled at (871): [] seqcount_lockdep_reader_access+0x14c/0x230 include/linux/seqlock.h:105 hardirqs last disabled at (872): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (14): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (12): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce75 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4616 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4616 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9c93680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb564e8 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : e8800a58eeb82f00 x8 : e8800a58eeb82f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 __might_fault+0xc8/0x128 mm/memory.c:5357 _copy_to_user include/linux/uaccess.h:174 [inline] copy_to_user include/linux/uaccess.h:200 [inline] xt_data_to_user+0x80/0x314 net/netfilter/x_tables.c:316 xt_target_to_user+0xfc/0x1a8 net/netfilter/x_tables.c:344 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:877 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xfc0/0x13a8 net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x52c/0x2584 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x214/0x2e74 net/ipv4/tcp.c:4313 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3418 __sys_getsockopt+0x1e0/0x45c net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2259 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 226748 hardirqs last enabled at (226747): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (226747): [] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] hardirqs last enabled at (226747): [] alloc_counters+0x3d4/0x7a4 net/ipv4/netfilter/ip_tables.c:805 hardirqs last disabled at (226748): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (226636): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (226636): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (226634): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (226634): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace da7f9e8b5c98ce78 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 3652 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 3652 Comm: udevd Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007180 x29: ffff800008007180 x28: ffff0000d6990000 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb56c28 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010305 x17: 0000000000010305 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010304 x10: 0000000000010304 x9 : 6ab363681ea5f200 x8 : 6ab363681ea5f200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800008006a78 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000000010304 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 do_interrupt_handler+0x74/0x88 arch/arm64/kernel/entry-common.c:269 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] queue_work_on+0x110/0x17c kernel/workqueue.c:1563 queue_work include/linux/workqueue.h:512 [inline] ieee80211_queue_work+0xb4/0x138 net/mac80211/util.c:924 __ieee80211_queue_skb_to_iface net/mac80211/rx.c:222 [inline] ieee80211_queue_skb_to_iface net/mac80211/rx.c:232 [inline] ieee80211_rx_h_mgmt+0x3b8/0x55c net/mac80211/rx.c:3795 ieee80211_rx_handlers+0x5790/0x6c38 net/mac80211/rx.c:3959 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3989 [inline] ieee80211_prepare_and_rx_handle+0x1eac/0x43f4 net/mac80211/rx.c:4703 __ieee80211_rx_handle_packet net/mac80211/rx.c:4863 [inline] ieee80211_rx_list+0x17cc/0x1e2c net/mac80211/rx.c:4986 ieee80211_rx_napi+0x164/0x338 net/mac80211/rx.c:5009 ieee80211_rx include/net/mac80211.h:4571 [inline] ieee80211_handle_queued_frames+0xe8/0x188 net/mac80211/main.c:237 ieee80211_tasklet_handler+0x20/0x30 net/mac80211/main.c:256 tasklet_action_common+0x340/0x3f4 kernel/softirq.c:-1 tasklet_action+0x60/0x84 kernel/softirq.c:827 handle_softirqs+0x344/0xbf0 kernel/softirq.c:576 __do_softirq kernel/softirq.c:610 [inline] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:457 [inline] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 irq_exit+0x14/0x88 kernel/softirq.c:683 handle_domain_irq+0x14c/0x1fc kernel/irq/irqdesc.c:711 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __hlist_del include/linux/list.h:856 [inline] hlist_del_init_rcu include/linux/rculist.h:184 [inline] __remove_inode_hash fs/inode.c:578 [inline] remove_inode_hash include/linux/fs.h:3263 [inline] evict+0x57c/0x810 fs/inode.c:655 iput_final fs/inode.c:1769 [inline] iput+0x6c4/0x77c fs/inode.c:1795 dentry_unlink_inode+0x360/0x438 fs/dcache.c:380 __dentry_kill+0x320/0x598 fs/dcache.c:586 dentry_kill+0xc8/0x248 fs/dcache.c:-1 dput+0x23c/0x458 fs/dcache.c:893 lookup_fast+0x4b4/0x588 fs/namei.c:1629 walk_component+0x8c/0x3a8 fs/namei.c:1972 lookup_last fs/namei.c:2431 [inline] path_lookupat+0x13c/0x3d0 fs/namei.c:2455 filename_lookup+0x180/0x414 fs/namei.c:2484 user_path_at_empty+0x5c/0x1a0 fs/namei.c:2883 do_readlinkat+0xd4/0x3e0 fs/stat.c:442 __do_sys_readlinkat fs/stat.c:469 [inline] __se_sys_readlinkat fs/stat.c:466 [inline] __arm64_sys_readlinkat+0x9c/0xb8 fs/stat.c:466 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1099359 hardirqs last enabled at (1099358): [] queue_work_on+0xf0/0x17c kernel/workqueue.c:1563 hardirqs last disabled at (1099359): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1098298): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1099319): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1099319): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1099319): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1099319): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace da7f9e8b5c98ce7a ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5002 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5002 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5002 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5002 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5002 Comm: syz.0.70 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ca74b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb527a0 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a453aca77d575400 x8 : a453aca77d575400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 298 hardirqs last enabled at (297): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (298): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce81 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5008 Comm: syz.0.73 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000e8243680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb52ee0 x20: ffff0001a10c22d8 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 7287b3adc6cf1300 x8 : 7287b3adc6cf1300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059 page_remove_rmap+0x3c/0xfd0 mm/rmap.c:1351 zap_pte_range mm/memory.c:1384 [inline] zap_pmd_range mm/memory.c:1505 [inline] zap_pud_range mm/memory.c:1534 [inline] zap_p4d_range mm/memory.c:1555 [inline] unmap_page_range+0xbb4/0x1958 mm/memory.c:1576 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621 unmap_vmas+0x104/0x200 mm/memory.c:1653 exit_mmap+0x2a8/0x4e0 mm/mmap.c:3212 __mmput+0xec/0x3b8 kernel/fork.c:1127 mmput+0x80/0xc8 kernel/fork.c:1148 exit_mm+0x4a0/0x684 kernel/exit.c:550 do_exit+0x4ec/0x1f58 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1814 hardirqs last enabled at (1813): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (1814): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1368): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1366): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce85 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5015 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5015 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5015 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5015 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5015 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d231b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd7c0a58 x20: ffff0001a10c22e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 5dbef34846550c00 x8 : 5dbef34846550c00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 task_pid_ptr kernel/pid.c:325 [inline] __task_pid_nr_ns+0x160/0x41c kernel/pid.c:500 task_tgid_nr_ns include/linux/sched.h:1580 [inline] tomoyo_get_local_path+0x310/0x5fc security/tomoyo/realpath.c:168 tomoyo_realpath_from_path+0x25c/0x510 security/tomoyo/realpath.c:-1 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_check_open_permission+0x168/0x2fc security/tomoyo/file.c:771 tomoyo_file_open+0x130/0x1b0 security/tomoyo/tomoyo.c:311 security_file_open+0x6c/0xac security/security.c:1668 do_dentry_open+0x29c/0xebc fs/open.c:813 vfs_open+0x7c/0x90 fs/open.c:956 do_open fs/namei.c:3608 [inline] path_openat+0x1f80/0x26e4 fs/namei.c:3742 do_filp_open+0x164/0x330 fs/namei.c:3769 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 750 hardirqs last enabled at (749): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (750): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (50): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (48): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace da7f9e8b5c98ce88 ]---