------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 0 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 0 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 0 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 0 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff8000141a3880 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de772c28 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 6e02c961404ae800 x8 : 6e02c961404ae800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35 default_idle_call+0xcc/0x418 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x1c8/0x480 kernel/sched/idle.c:306 cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403 rest_init+0x360/0x390 init/main.c:741 arch_call_rest_init+0x14/0x20 init/main.c:893 start_kernel+0x49c/0x54c init/main.c:1140 __primary_switched+0xa8/0xb0 arch/arm64/kernel/head.S:468 irq event stamp: 428964 hardirqs last enabled at (428963): [] default_idle_call+0xb8/0x418 kernel/sched/idle.c:109 hardirqs last disabled at (428964): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (428952): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (428952): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (428837): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (428837): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (428837): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (428837): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace eb6d8fd83ed9e1ce ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76f400 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] kasan_quarantine_put+0xd4/0x204 mm/kasan/quarantine.c:231 ____kasan_slab_free+0x124/0x164 mm/kasan/common.c:368 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kmem_cache_free+0xdc/0x3b4 mm/slub.c:3520 security_file_free+0xc8/0xe4 security/security.c:1549 file_free fs/file_table.c:55 [inline] __fput+0x4b8/0x7f8 fs/file_table.c:324 ____fput+0x20/0x30 fs/file_table.c:339 task_work_run+0x12c/0x1e0 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x24b4/0x3128 arch/arm64/kernel/signal.c:949 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 125248 hardirqs last enabled at (125247): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (125248): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (124848): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (124846): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1cf ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 1612 Comm: kworker/u4:5 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ccb8b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76f7a0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : cae4c65ef204db00 x8 : cae4c65ef204db00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_const_cmp4+0xc4/0xc8 kernel/kcov.c:295 del_timer_sync include/linux/timer.h:198 [inline] hsr_dellink+0x24/0x68 net/hsr/hsr_netlink.c:109 default_device_exit_batch+0x264/0x4a4 net/core/dev.c:11662 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 849588 hardirqs last enabled at (849587): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (849587): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (849588): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (849582): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (849582): [] clusterip_netdev_event+0x384/0x3ac net/ipv4/netfilter/ipt_CLUSTERIP.c:233 softirqs last disabled at (849580): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (849580): [] clusterip_netdev_event+0x80/0x3ac net/ipv4/netfilter/ipt_CLUSTERIP.c:207 ---[ end trace eb6d8fd83ed9e1d1 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4903 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4903 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4903 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4903 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4903 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc1cd1c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76fb40 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : d8003b56296bd500 x8 : d8003b56296bd500 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_const_cmp1+0xc4/0xc8 kernel/kcov.c:281 next_map_page mm/filemap.c:3296 [inline] filemap_map_pages+0x958/0xc50 mm/filemap.c:3352 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c0/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_ia+0xe0/0x2d0 arch/arm64/kernel/entry-common.c:512 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:632 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 280 hardirqs last enabled at (279): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (280): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (50): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (48): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1d3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4911 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4911 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4911 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4911 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4911 Comm: syz.0.25 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c2370000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76b318 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 3f0d3d386af4cd00 x8 : 3f0d3d386af4cd00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_is_held include/linux/lockdep.h:287 [inline] ___might_sleep+0x48/0x4d4 kernel/sched/core.c:9624 __might_sleep+0x98/0x124 kernel/sched/core.c:9612 down_read+0x3c/0x390 kernel/locking/rwsem.c:1497 anon_vma_lock_read include/linux/rmap.h:129 [inline] validate_mm+0x94/0x86c mm/mmap.c:404 __vma_adjust+0x1504/0x18a8 mm/mmap.c:1029 vma_adjust include/linux/mm.h:2567 [inline] __split_vma+0x310/0x3f0 mm/mmap.c:-1 split_vma+0x9c/0xf4 mm/mmap.c:2787 mprotect_fixup+0x328/0x5c4 mm/mprotect.c:477 do_mprotect_pkey mm/mprotect.c:636 [inline] __do_sys_mprotect mm/mprotect.c:662 [inline] __se_sys_mprotect mm/mprotect.c:659 [inline] __arm64_sys_mprotect+0x4c4/0x8f4 mm/mprotect.c:659 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1304 hardirqs last enabled at (1303): [] consume_stock mm/memcontrol.c:2212 [inline] hardirqs last enabled at (1303): [] try_charge_memcg+0x1d8/0x11bc mm/memcontrol.c:2607 hardirqs last disabled at (1304): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1078): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1076): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1d7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76ba58 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] _raw_write_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:348 copy_process+0x312c/0x34ac kernel/fork.c:2502 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 155742 hardirqs last enabled at (155741): [] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] hardirqs last enabled at (155741): [] _raw_write_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:348 hardirqs last disabled at (155742): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (155546): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (155544): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1db ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4926 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4926 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4926 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4926 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4926 Comm: syz.0.32 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d8058000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de76bdf8 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : b047027577d5b600 x8 : b047027577d5b600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 116 hardirqs last enabled at (115): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (116): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1de ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4929 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4929 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4929 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4929 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4929 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ce19d1c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de768230 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 7b2395adc66e6600 x8 : 7b2395adc66e6600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 kasan_poison+0x44/0x60 mm/kasan/shadow.c:98 __kasan_poison_slab+0x98/0xc8 mm/kasan/common.c:256 kasan_poison_slab include/linux/kasan.h:195 [inline] allocate_slab mm/slub.c:1940 [inline] new_slab+0x208/0x55c mm/slub.c:1980 ___slab_alloc+0x6c0/0xda8 mm/slub.c:3013 __slab_alloc+0x68/0xc0 mm/slub.c:3100 slab_alloc_node mm/slub.c:3191 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x2ac/0x3e4 mm/slub.c:3238 getname_flags+0xb8/0x450 fs/namei.c:138 getname fs/namei.c:217 [inline] __do_sys_symlinkat fs/namei.c:4475 [inline] __se_sys_symlinkat fs/namei.c:4472 [inline] __arm64_sys_symlinkat+0x80/0xbc fs/namei.c:4472 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 670 hardirqs last enabled at (669): [] seqcount_lockdep_reader_access+0x14c/0x230 include/linux/seqlock.h:105 hardirqs last disabled at (670): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (502): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (500): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1e0 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de7685d0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0x40/0xac kernel/kcov.c:202 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc mm/kasan/common.c:513 [inline] __kasan_kmalloc+0xb0/0xf0 mm/kasan/common.c:522 kasan_kmalloc include/linux/kasan.h:264 [inline] kmem_cache_alloc_node_trace+0x29c/0x438 mm/slub.c:3280 kmalloc_node include/linux/slab.h:622 [inline] kzalloc_node include/linux/slab.h:746 [inline] __get_vm_area_node+0x14c/0x2e8 mm/vmalloc.c:2423 __vmalloc_node_range+0xe8/0x8d8 mm/vmalloc.c:3027 __vmalloc_node mm/vmalloc.c:3087 [inline] vzalloc+0x118/0x190 mm/vmalloc.c:3157 xt_counters_alloc+0x50/0x60 net/netfilter/x_tables.c:1379 __do_replace+0xa0/0x988 net/ipv4/netfilter/ip_tables.c:1047 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline] do_ip6t_set_ctl+0xa94/0xe00 net/ipv6/netfilter/ip6_tables.c:1646 nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1a18/0x36dc net/ipv6/ipv6_sockglue.c:1014 tcp_setsockopt+0x1d4/0x1bf4 net/ipv4/tcp.c:3713 sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3446 __sys_setsockopt+0x260/0x36c net/socket.c:2203 __do_sys_setsockopt net/socket.c:2214 [inline] __se_sys_setsockopt net/socket.c:2211 [inline] __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 172104 hardirqs last enabled at (172103): [] ___slab_alloc+0xc34/0xda8 mm/slub.c:2968 hardirqs last disabled at (172104): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (172086): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (172086): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (172084): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (172084): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace eb6d8fd83ed9e1e2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de768970 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __call_rcu kernel/rcu/tree.c:3045 [inline] call_rcu+0x580/0x8fc kernel/rcu/tree.c:3091 destroy_inode fs/inode.c:316 [inline] evict+0x748/0x810 fs/inode.c:662 iput_final fs/inode.c:1769 [inline] iput+0x6c4/0x77c fs/inode.c:1795 do_unlinkat+0x360/0x600 fs/namei.c:4355 __do_sys_unlinkat fs/namei.c:4391 [inline] __se_sys_unlinkat fs/namei.c:4384 [inline] __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4384 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 177506 hardirqs last enabled at (177505): [] __call_rcu kernel/rcu/tree.c:3045 [inline] hardirqs last enabled at (177505): [] call_rcu+0x570/0x8fc kernel/rcu/tree.c:3091 hardirqs last disabled at (177506): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (177240): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (177238): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1e4 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 1612 Comm: kworker/u4:5 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ccb8b680 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de764148 x20: ffff0001a10c22d8 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : cae4c65ef204db00 x8 : cae4c65ef204db00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_is_held include/linux/lockdep.h:287 [inline] ___might_sleep+0x48/0x4d4 kernel/sched/core.c:9624 inet_twsk_purge+0x104/0x7ac net/ipv4/inet_timewait_sock.c:267 dccp_v4_exit_batch+0x20/0x2c net/dccp/ipv4.c:1040 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 1030502 hardirqs last enabled at (1030501): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline] hardirqs last enabled at (1030501): [] exit_to_kernel_mode+0xe0/0x168 arch/arm64/kernel/entry-common.c:91 hardirqs last disabled at (1030502): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1030480): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (1030480): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (1030443): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1030443): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1030443): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1030443): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace eb6d8fd83ed9e1e7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4965 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4965 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4965 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4965 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4965 Comm: syz.0.50 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1b89b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de764888 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : d7ae4d8d2ff84c00 x8 : d7ae4d8d2ff84c00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:141 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:541 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1119 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:543 [inline] page_ref_dec_and_test include/linux/page_ref.h:148 [inline] put_page_testzero include/linux/mm.h:759 [inline] release_pages+0x274/0x16e0 mm/swap.c:931 free_pages_and_swap_cache+0xa0/0xb8 mm/swap_state.c:320 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu mm/mmu_gather.c:247 [inline] tlb_finish_mmu+0x170/0x324 mm/mmu_gather.c:338 exit_mmap+0x2c4/0x4e0 mm/mmap.c:3218 __mmput+0xec/0x3b8 kernel/fork.c:1127 mmput+0x80/0xc8 kernel/fork.c:1148 exit_mm+0x4a0/0x684 kernel/exit.c:550 do_exit+0x4ec/0x1f58 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1846 hardirqs last enabled at (1845): [] free_unref_page_list+0x6c8/0x754 mm/page_alloc.c:3478 hardirqs last disabled at (1846): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1ed ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 1612 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 1612 Comm: kworker/u4:5 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: bat_events batadv_nc_worker pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ccb8b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de764c28 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : cae4c65ef204db00 x8 : cae4c65ef204db00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0xec/0x174 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:408 [inline] batadv_nc_purge_paths+0x308/0x390 net/batman-adv/network-coding.c:475 batadv_nc_worker+0x2d0/0x554 net/batman-adv/network-coding.c:724 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 1117268 hardirqs last enabled at (1117267): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (1117268): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1117266): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (1117266): [] batadv_nc_purge_paths+0x308/0x390 net/batman-adv/network-coding.c:475 softirqs last disabled at (1117264): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (1117264): [] batadv_nc_purge_paths+0xd0/0x390 net/batman-adv/network-coding.c:446 ---[ end trace eb6d8fd83ed9e1ee ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de760060 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 _compound_head include/linux/page-flags.h:198 [inline] get_page include/linux/mm.h:1219 [inline] copy_present_pte mm/memory.c:965 [inline] copy_pte_range mm/memory.c:1081 [inline] copy_pmd_range mm/memory.c:1167 [inline] copy_pud_range mm/memory.c:1204 [inline] copy_p4d_range mm/memory.c:1228 [inline] copy_page_range+0xe2c/0x22b8 mm/memory.c:1301 dup_mmap kernel/fork.c:615 [inline] dup_mm kernel/fork.c:1466 [inline] copy_mm+0x9d4/0x1090 kernel/fork.c:1518 copy_process+0x14d8/0x34ac kernel/fork.c:2290 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 214570 hardirqs last enabled at (214569): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (214569): [] inc_lruvec_page_state include/linux/vmstat.h:549 [inline] hardirqs last enabled at (214569): [] pgtable_pte_page_ctor include/linux/mm.h:2271 [inline] hardirqs last enabled at (214569): [] __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline] hardirqs last enabled at (214569): [] pte_alloc_one+0x194/0x258 include/asm-generic/pgalloc.h:85 hardirqs last disabled at (214570): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (214086): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (214084): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1ef ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de7607a0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 check_region_inline mm/kasan/generic.c:169 [inline] kasan_check_range+0x10/0x2b0 mm/kasan/generic.c:189 memset+0x58/0x88 mm/kasan/shadow.c:44 sock_alloc_inode+0x58/0xc4 net/socket.c:308 alloc_inode fs/inode.c:261 [inline] new_inode_pseudo+0x68/0x1fc fs/inode.c:1001 sock_alloc net/socket.c:626 [inline] __sock_create+0x140/0x8b4 net/socket.c:1450 sock_create net/socket.c:1542 [inline] __sys_socket+0xf0/0x18c net/socket.c:1584 __do_sys_socket net/socket.c:1593 [inline] __se_sys_socket net/socket.c:1591 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1591 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 224542 hardirqs last enabled at (224541): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (224541): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (224542): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (224520): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (224520): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (224518): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (224518): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace eb6d8fd83ed9e1f3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de759230 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore+0x20/0x3c arch/arm64/include/asm/daifflags.h:117 el0_da+0x80/0x1fc arch/arm64/kernel/entry-common.c:493 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 236904 hardirqs last enabled at (236903): [] local_daif_restore+0x1c/0x3c arch/arm64/include/asm/daifflags.h:75 hardirqs last disabled at (236904): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (236898): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (236898): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (236896): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (236896): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace eb6d8fd83ed9e1f8 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de759970 x20: ffff0001a10c22d8 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:418 [inline] __slab_free+0x1b8/0x254 mm/slub.c:3407 do_slab_free mm/slub.c:3492 [inline] ___cache_free+0x178/0x1bc mm/slub.c:3511 qlink_free+0x5c/0xa4 mm/kasan/quarantine.c:157 qlist_free_all+0x40/0xa8 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x408 mm/slab.h:519 slab_alloc_node mm/slub.c:3225 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238 getname_flags+0xb8/0x450 fs/namei.c:138 getname fs/namei.c:217 [inline] __do_sys_mkdirat fs/namei.c:4105 [inline] __se_sys_mkdirat fs/namei.c:4103 [inline] __arm64_sys_mkdirat+0x80/0xa8 fs/namei.c:4103 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 245012 hardirqs last enabled at (245011): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (245011): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (245012): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (244172): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (244170): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1fb ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5011 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5011 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5011 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5011 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5011 Comm: syz.0.71 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9140000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de755148 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 63582d8f8cc84900 x8 : 63582d8f8cc84900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 144 hardirqs last enabled at (143): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (144): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e1fd ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5025 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5025 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5025 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5025 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5025 Comm: syz.0.78 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000e7c80000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de755888 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 663d9e51eb48ae00 x8 : 663d9e51eb48ae00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] charge_memcg+0x198/0x220 mm/memcontrol.c:6775 __mem_cgroup_charge+0x38/0xb0 mm/memcontrol.c:6801 mem_cgroup_charge include/linux/memcontrol.h:700 [inline] do_anonymous_page mm/memory.c:3842 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x193c/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 48 hardirqs last enabled at (47): [] charge_memcg+0x190/0x220 mm/memcontrol.c:6775 hardirqs last disabled at (48): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e203 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5030 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5030 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5030 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5030 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5030 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c7e0b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c51a6060 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : aa78257dad89b400 x8 : aa78257dad89b400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] account_kernel_stack+0x150/0x274 kernel/fork.c:388 release_task_stack kernel/fork.c:432 [inline] put_task_stack+0xa0/0x17c kernel/fork.c:444 finish_task_switch+0x348/0x6b0 kernel/sched/core.c:4961 schedule_tail+0x20/0x150 kernel/sched/core.c:4985 ret_from_fork+0x4/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 10 hardirqs last enabled at (9): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (9): [] account_kernel_stack+0x130/0x274 kernel/fork.c:388 hardirqs last disabled at (10): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (0): [] copy_process+0x111c/0x34ac kernel/fork.c:2235 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace eb6d8fd83ed9e206 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cbb5b680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c51a6400 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 66038980d8feff00 x8 : 66038980d8feff00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] read_seqbegin+0x21c/0x304 include/linux/seqlock.h:897 d_lookup+0x28/0x80 fs/dcache.c:2376 lookup_dcache fs/namei.c:1524 [inline] lookup_one_qstr_excl+0x3c/0x230 fs/namei.c:1548 filename_create+0x1cc/0x39c fs/namei.c:3836 do_symlinkat+0xc4/0x5a8 fs/namei.c:4448 __do_sys_symlinkat fs/namei.c:4475 [inline] __se_sys_symlinkat fs/namei.c:4472 [inline] __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4472 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 810 hardirqs last enabled at (809): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (809): [] read_seqbegin+0x1fc/0x304 include/linux/seqlock.h:897 hardirqs last disabled at (810): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (466): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (464): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e208 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5036 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5036 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5036 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5036 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5036 Comm: syz.0.84 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c80db680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c51a67a0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 91ea84950754e600 x8 : 91ea84950754e600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 _compound_head include/linux/page-flags.h:198 [inline] PageLocked include/linux/page-flags.h:342 [inline] next_uptodate_page+0xe8/0x734 mm/filemap.c:3254 next_map_page mm/filemap.c:3296 [inline] filemap_map_pages+0x968/0xc50 mm/filemap.c:3352 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c0/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 918 hardirqs last enabled at (917): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (918): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (468): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (466): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e209 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c51a6b40 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __call_rcu kernel/rcu/tree.c:3045 [inline] call_rcu+0x580/0x8fc kernel/rcu/tree.c:3091 security_inode_free+0xbc/0xd8 security/security.c:1065 __destroy_inode+0x2f0/0x80c fs/inode.c:286 destroy_inode fs/inode.c:309 [inline] evict+0x6b0/0x810 fs/inode.c:662 iput_final fs/inode.c:1769 [inline] iput+0x6c4/0x77c fs/inode.c:1795 do_unlinkat+0x360/0x600 fs/namei.c:4355 __do_sys_unlinkat fs/namei.c:4391 [inline] __se_sys_unlinkat fs/namei.c:4384 [inline] __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4384 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 284582 hardirqs last enabled at (284581): [] __call_rcu kernel/rcu/tree.c:3045 [inline] hardirqs last enabled at (284581): [] call_rcu+0x570/0x8fc kernel/rcu/tree.c:3091 hardirqs last disabled at (284582): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (284110): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (284108): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e20b ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4638 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4638 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c1fa8000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de752318 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 55f84b004a0ab400 x8 : 55f84b004a0ab400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] el0_svc_common+0xa8/0x258 arch/arm64/kernel/syscall.c:107 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 297812 hardirqs last enabled at (297811): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (297811): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (297812): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (297478): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (297476): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e210 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5059 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5059 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5059 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5059 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5059 Comm: syz.0.95 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d9bf9b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de7526b8 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 80cd1bef80500600 x8 : 80cd1bef80500600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 218 hardirqs last enabled at (217): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (218): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e213 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5066 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5066 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5066 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5066 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5066 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d0b80000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de752a58 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 027e178d7e88e600 x8 : 027e178d7e88e600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] ___slab_alloc+0x2e8/0xda8 mm/slub.c:2949 __slab_alloc+0x68/0xc0 mm/slub.c:3100 slab_alloc_node mm/slub.c:3191 [inline] __kmalloc_node+0x310/0x520 mm/slub.c:4456 kmalloc_array_node include/linux/slab.h:697 [inline] kcalloc_node include/linux/slab.h:702 [inline] memcg_alloc_page_obj_cgroups+0x80/0x174 mm/memcontrol.c:2839 memcg_slab_post_alloc_hook mm/slab.h:313 [inline] slab_post_alloc_hook+0xc0/0x408 mm/slab.h:526 slab_alloc_node mm/slub.c:3225 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238 __d_alloc+0x3c/0x65c fs/dcache.c:1749 d_alloc fs/dcache.c:1828 [inline] d_alloc_parallel+0x80/0x1104 fs/dcache.c:2582 lookup_open fs/namei.c:3387 [inline] open_last_lookups fs/namei.c:3532 [inline] path_openat+0x700/0x26e4 fs/namei.c:3739 do_filp_open+0x164/0x330 fs/namei.c:3769 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 798 hardirqs last enabled at (797): [] ___slab_alloc+0x2d8/0xda8 mm/slub.c:2949 hardirqs last disabled at (798): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (496): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (494): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e217 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5091 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5091 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5091 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5091 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5091 Comm: syz.0.111 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cadf9b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2866230 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ffd07eec851df000 x8 : ffd07eec851df000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 bytes_is_nonzero mm/kasan/generic.c:85 [inline] memory_is_nonzero mm/kasan/generic.c:102 [inline] memory_is_poisoned_n mm/kasan/generic.c:128 [inline] memory_is_poisoned mm/kasan/generic.c:159 [inline] check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x78/0x2b0 mm/kasan/generic.c:189 memset+0x58/0x88 mm/kasan/shadow.c:44 unwind_frame+0x124/0x668 arch/arm64/kernel/stacktrace.c:70 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kmem_cache_free+0xdc/0x3b4 mm/slub.c:3520 put_files_struct+0x2b8/0x32c fs/file.c:432 exit_files+0x78/0x98 fs/file.c:444 do_exit+0x638/0x1f58 kernel/exit.c:878 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1904 hardirqs last enabled at (1903): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (1904): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace eb6d8fd83ed9e221 ]---