------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df77f5d0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0xec/0x174 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:408 [inline] lock_sock_nested+0x14c/0x1d4 net/core/sock.c:3258 lock_sock include/net/sock.h:1694 [inline] do_ip_getsockopt net/ipv4/ip_sockglue.c:1546 [inline] ip_getsockopt+0x310/0x158c net/ipv4/ip_sockglue.c:1780 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4313 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3418 __sys_getsockopt+0x1b8/0x250 net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2259 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 165780 hardirqs last enabled at (165779): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (165780): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (165778): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (165778): [] lock_sock_nested+0x14c/0x1d4 net/core/sock.c:3258 softirqs last disabled at (165776): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (165776): [] lock_sock_nested+0xf4/0x1d4 net/core/sock.c:3254 ---[ end trace 2e88ad39bf836a0a ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4970 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4970 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4970 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4970 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4970 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc06d1c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df6c6318 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 3d0688dcd044d200 x8 : 3d0688dcd044d200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access+0x214/0x2bc include/linux/seqlock.h:105 path_init+0x6e4/0xed8 fs/namei.c:2378 path_parentat fs/namei.c:2501 [inline] __filename_parentat+0x1a8/0x510 fs/namei.c:2526 filename_parentat fs/namei.c:2544 [inline] filename_create+0xd0/0x39c fs/namei.c:3816 do_symlinkat+0xc4/0x5a8 fs/namei.c:4448 __do_sys_symlinkat fs/namei.c:4475 [inline] __se_sys_symlinkat fs/namei.c:4472 [inline] __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4472 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 762 hardirqs last enabled at (761): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (762): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (532): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (530): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a0e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df6c66b8 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] ___slab_alloc+0x7e8/0xda8 mm/slub.c:3001 __slab_alloc+0x68/0xc0 mm/slub.c:3100 slab_alloc_node mm/slub.c:3191 [inline] __kmalloc_node+0x310/0x520 mm/slub.c:4456 kmalloc_node include/linux/slab.h:627 [inline] kvmalloc_node+0x88/0x200 mm/util.c:619 xt_jumpstack_alloc net/netfilter/x_tables.c:1354 [inline] xt_replace_table+0x194/0x75c net/netfilter/x_tables.c:1393 __do_replace+0x12c/0x988 net/ipv4/netfilter/ip_tables.c:1065 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline] do_ip6t_set_ctl+0xa94/0xe00 net/ipv6/netfilter/ip6_tables.c:1646 nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1a18/0x36dc net/ipv6/ipv6_sockglue.c:1014 tcp_setsockopt+0x1d4/0x1bf4 net/ipv4/tcp.c:3713 sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3446 __sys_setsockopt+0x260/0x36c net/socket.c:2203 __do_sys_setsockopt net/socket.c:2214 [inline] __se_sys_setsockopt net/socket.c:2211 [inline] __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 197438 hardirqs last enabled at (197437): [] ___slab_alloc+0x7d8/0xda8 mm/slub.c:3001 hardirqs last disabled at (197438): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (197412): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (197412): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (197410): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (197410): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace 2e88ad39bf836a11 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000d0ca15d0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] rmqueue_pcplist mm/page_alloc.c:3710 [inline] rmqueue mm/page_alloc.c:3742 [inline] get_page_from_freelist+0x2244/0x2aa8 mm/page_alloc.c:4189 __alloc_pages+0x1a0/0x470 mm/page_alloc.c:5487 alloc_pages+0x34c/0x5c0 mm/mempolicy.c:-1 vm_area_alloc_pages mm/vmalloc.c:2876 [inline] __vmalloc_area_node mm/vmalloc.c:2932 [inline] __vmalloc_node_range+0x514/0x8d8 mm/vmalloc.c:3037 __vmalloc_node mm/vmalloc.c:3087 [inline] vzalloc+0x118/0x190 mm/vmalloc.c:3157 xt_counters_alloc+0x50/0x60 net/netfilter/x_tables.c:1379 __do_replace+0xa0/0x988 net/ipv4/netfilter/ip_tables.c:1047 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline] do_ip6t_set_ctl+0xa94/0xe00 net/ipv6/netfilter/ip6_tables.c:1646 nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1a18/0x36dc net/ipv6/ipv6_sockglue.c:1014 tcp_setsockopt+0x1d4/0x1bf4 net/ipv4/tcp.c:3713 sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3446 __sys_setsockopt+0x260/0x36c net/socket.c:2203 __do_sys_setsockopt net/socket.c:2214 [inline] __se_sys_setsockopt net/socket.c:2211 [inline] __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 203254 hardirqs last enabled at (203253): [] rmqueue_pcplist mm/page_alloc.c:3710 [inline] hardirqs last enabled at (203253): [] rmqueue mm/page_alloc.c:3742 [inline] hardirqs last enabled at (203253): [] get_page_from_freelist+0x2234/0x2aa8 mm/page_alloc.c:4189 hardirqs last disabled at (203254): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (203242): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (203242): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (203240): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (203240): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace 2e88ad39bf836a13 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e7097888 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] consume_stock mm/memcontrol.c:2212 [inline] try_charge_memcg+0x1e8/0x11bc mm/memcontrol.c:2607 obj_cgroup_charge_pages+0x8c/0x1a0 mm/memcontrol.c:3018 obj_cgroup_charge+0x18c/0x2d0 mm/memcontrol.c:3299 memcg_slab_pre_alloc_hook mm/slab.h:287 [inline] slab_pre_alloc_hook+0xcc/0xec mm/slab.h:497 slab_alloc_node mm/slub.c:3139 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x94/0x3e4 mm/slub.c:3238 anon_vma_alloc mm/rmap.c:90 [inline] anon_vma_fork+0xdc/0x49c mm/rmap.c:356 dup_mmap kernel/fork.c:574 [inline] dup_mm kernel/fork.c:1466 [inline] copy_mm+0x7bc/0x1090 kernel/fork.c:1518 copy_process+0x14d8/0x34ac kernel/fork.c:2290 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 211528 hardirqs last enabled at (211527): [] consume_stock mm/memcontrol.c:2212 [inline] hardirqs last enabled at (211527): [] try_charge_memcg+0x1d8/0x11bc mm/memcontrol.c:2607 hardirqs last disabled at (211528): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (210900): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (210898): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a15 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4989 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4989 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4989 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4989 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4989 Comm: syz.0.32 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c10a0000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e7097c28 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 9ef23e42a7715c00 x8 : 9ef23e42a7715c00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0x3c/0xac kernel/kcov.c:202 unwind_frame+0x3a0/0x668 arch/arm64/kernel/stacktrace.c:112 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x170/0x40c mm/slub.c:4564 tomoyo_realpath_from_path+0x4c8/0x510 security/tomoyo/realpath.c:291 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_check_open_permission+0x168/0x2fc security/tomoyo/file.c:771 tomoyo_file_open+0x130/0x1b0 security/tomoyo/tomoyo.c:311 security_file_open+0x6c/0xac security/security.c:1668 do_dentry_open+0x29c/0xebc fs/open.c:813 vfs_open+0x7c/0x90 fs/open.c:956 do_open fs/namei.c:3608 [inline] path_openat+0x1f80/0x26e4 fs/namei.c:3742 do_filp_open+0x164/0x330 fs/namei.c:3769 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 736 hardirqs last enabled at (735): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (735): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (736): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (116): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (116): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (103): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (103): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (103): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (103): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace 2e88ad39bf836a16 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4991 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4991 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4991 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4991 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4991 Comm: syz.0.33 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c10a51c0 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e72eb060 x20: ffff0001a10c22d8 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 89c8d7816884a100 x8 : 89c8d7816884a100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 358 hardirqs last enabled at (357): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (358): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a17 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e72eb7a0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 putname+0x44/0x15c fs/namei.c:262 do_sys_openat2+0x1c0/0x3d8 fs/open.c:1262 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 223974 hardirqs last enabled at (223973): [] mod_memcg_lruvec_state include/linux/memcontrol.h:1044 [inline] hardirqs last enabled at (223973): [] mod_objcg_mlstate+0x13c/0x228 mm/memcontrol.c:831 hardirqs last disabled at (223974): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (223932): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (223930): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a1a ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e72ebb40 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 __might_fault+0xc8/0x128 mm/memory.c:5357 do_strncpy_from_user lib/strncpy_from_user.c:41 [inline] strncpy_from_user+0x194/0x598 lib/strncpy_from_user.c:139 getname_flags+0xec/0x450 fs/namei.c:149 user_path_at_empty+0x40/0x1a0 fs/namei.c:2882 user_path_at include/linux/namei.h:57 [inline] ksys_umount fs/namespace.c:1777 [inline] __do_sys_umount fs/namespace.c:1785 [inline] __se_sys_umount fs/namespace.c:1783 [inline] __arm64_sys_umount+0xf4/0x178 fs/namespace.c:1783 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 237732 hardirqs last enabled at (237731): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (237731): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (237732): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (237320): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (237318): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a1e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5008 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5008 Comm: syz.0.42 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d16e51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e72ebee0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 41ebc37e340a3100 x8 : 41ebc37e340a3100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 1410 hardirqs last enabled at (1409): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (1410): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (1156): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1154): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a20 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 3662 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 3662 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 3662 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 3662 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 3662 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d6a89b40 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e7136060 x20: ffff0001a10c22d8 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : faf9201995291400 x8 : faf9201995291400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_is_held include/linux/lockdep.h:287 [inline] ___might_sleep+0x48/0x4d4 kernel/sched/core.c:9624 __might_sleep+0x98/0x124 kernel/sched/core.c:9612 dput+0x70/0x458 fs/dcache.c:877 step_into+0x27c/0xa24 fs/namei.c:1815 walk_component+0x1f0/0x3a8 fs/namei.c:1982 link_path_walk+0x590/0xb8c fs/namei.c:-1 path_lookupat+0x90/0x3d0 fs/namei.c:2454 filename_lookup+0x180/0x414 fs/namei.c:2484 user_path_at_empty+0x5c/0x1a0 fs/namei.c:2883 do_readlinkat+0xd4/0x3e0 fs/stat.c:442 __do_sys_readlinkat fs/stat.c:469 [inline] __se_sys_readlinkat fs/stat.c:466 [inline] __arm64_sys_readlinkat+0x9c/0xb8 fs/stat.c:466 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1173880 hardirqs last enabled at (1173879): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (1173880): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1173870): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1173868): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a22 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 3281 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 3281 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 3281 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 3281 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 3281 Comm: kworker/u4:5 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d19c9b40 x27: 1fffe0003421845b x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e7136400 x20: ffff0001a10c22d8 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 038d08800e408900 x8 : 038d08800e408900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 dev_deactivate_queue+0x144/0x1a0 net/sched/sch_generic.c:1228 netdev_for_each_tx_queue include/linux/netdevice.h:2379 [inline] dev_deactivate_many+0xc8/0xbac net/sched/sch_generic.c:1296 __dev_close_many+0x250/0x3a8 net/core/dev.c:1608 dev_close_many+0x1e8/0x440 net/core/dev.c:1646 unregister_netdevice_many+0x3d4/0x17d0 net/core/dev.c:11110 default_device_exit_batch+0x444/0x4a4 net/core/dev.c:11667 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 2784620 hardirqs last enabled at (2784619): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (2784620): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (2784618): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (2784618): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (2784613): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (2784613): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (2784613): [] do_softirq+0xfc/0x1b0 kernel/softirq.c:477 ---[ end trace 2e88ad39bf836a23 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5026 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5026 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5026 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5026 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5026 Comm: syz.0.51 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000c55a9b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df579230 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 518d9a3e1d38c000 x8 : 518d9a3e1d38c000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:363 [inline] browse_rb mm/mmap.c:356 [inline] validate_mm+0x2c8/0x86c mm/mmap.c:423 __vma_adjust+0x1504/0x18a8 mm/mmap.c:1029 vma_adjust include/linux/mm.h:2567 [inline] __split_vma+0x310/0x3f0 mm/mmap.c:-1 split_vma+0x9c/0xf4 mm/mmap.c:2787 mprotect_fixup+0x328/0x5c4 mm/mprotect.c:477 do_mprotect_pkey mm/mprotect.c:636 [inline] __do_sys_mprotect mm/mprotect.c:662 [inline] __se_sys_mprotect mm/mprotect.c:659 [inline] __arm64_sys_mprotect+0x4c4/0x8f4 mm/mprotect.c:659 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1388 hardirqs last enabled at (1387): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (1387): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (1388): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1160): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1158): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a28 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df5795d0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline] rcu_is_watching+0x64/0x134 kernel/rcu/tree.c:1123 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xb4/0x8e8 kernel/locking/lockdep.c:5634 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_unlock+0x8c/0x11c kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:403 [inline] alloc_vmap_area+0x14e0/0x1698 mm/vmalloc.c:1566 __get_vm_area_node+0x17c/0x2e8 mm/vmalloc.c:2430 __vmalloc_node_range+0xe8/0x8d8 mm/vmalloc.c:3027 __vmalloc_node mm/vmalloc.c:3087 [inline] vzalloc+0x118/0x190 mm/vmalloc.c:3157 alloc_counters+0x84/0x7a4 net/ipv4/netfilter/ip_tables.c:800 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:839 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xaf4/0x13a8 net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x52c/0x2584 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4313 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3418 __sys_getsockopt+0x1b8/0x250 net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2259 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 282646 hardirqs last enabled at (282645): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (282645): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (282646): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (282366): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (282366): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (282364): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (282364): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace 2e88ad39bf836a2b ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5039 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5039 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5039 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5039 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5039 Comm: syz.0.57 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc833680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df579970 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 827a7a356755f000 x8 : 827a7a356755f000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] raw_spin_rq_unlock_irq kernel/sched/sched.h:1338 [inline] finish_lock_switch+0xb8/0x1c4 kernel/sched/core.c:4803 finish_task_switch+0x120/0x6b0 kernel/sched/core.c:4921 schedule_tail+0x20/0x150 kernel/sched/core.c:4985 ret_from_fork+0x4/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 2 hardirqs last enabled at (1): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1338 [inline] hardirqs last enabled at (1): [] finish_lock_switch+0xb0/0x1c4 kernel/sched/core.c:4803 hardirqs last disabled at (2): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (0): [] copy_process+0x111c/0x34ac kernel/fork.c:2235 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace 2e88ad39bf836a2d ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5040 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5040 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5040 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5040 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5040 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d47251c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df579d10 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 35624dda4ac27d00 x8 : 35624dda4ac27d00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_is_held include/linux/lockdep.h:287 [inline] ___might_sleep+0x98/0x4d4 kernel/sched/core.c:9624 __might_sleep+0x98/0x124 kernel/sched/core.c:9612 __might_fault+0x80/0x128 mm/memory.c:5354 do_strncpy_from_user lib/strncpy_from_user.c:41 [inline] strncpy_from_user+0x194/0x598 lib/strncpy_from_user.c:139 getname_flags+0xec/0x450 fs/namei.c:149 getname fs/namei.c:217 [inline] __do_sys_symlinkat fs/namei.c:4475 [inline] __se_sys_symlinkat fs/namei.c:4472 [inline] __arm64_sys_symlinkat+0x80/0xbc fs/namei.c:4472 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 702 hardirqs last enabled at (701): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (701): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (702): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (540): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (538): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a2e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5052 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5052 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5052 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5052 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5052 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ccdbd1c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df6257a0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 9b29bbe1a79afa00 x8 : 9b29bbe1a79afa00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059 page_add_file_rmap+0x148/0x8e4 mm/rmap.c:1219 do_set_pte+0x394/0x4e0 mm/memory.c:4069 filemap_map_pages+0x9c4/0xc50 mm/filemap.c:3344 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c0/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 570 hardirqs last enabled at (569): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (570): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (538): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (536): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a33 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4074 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4074 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4074 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4074 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4074 Comm: kworker/0:3 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: events pwq_unbound_release_workfn pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007a60 x29: ffff800008007a60 x28: ffff0000c93bb680 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df625b40 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010102 x17: 0000000000010102 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010101 x10: 0000000000010101 x9 : 7602d29d8db95f00 x8 : 7602d29d8db95f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800008007358 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010101 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 do_interrupt_handler+0x74/0x88 arch/arm64/kernel/entry-common.c:269 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] handle_softirqs+0x228/0xbf0 kernel/softirq.c:560 __do_softirq kernel/softirq.c:610 [inline] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:457 [inline] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 irq_exit+0x14/0x88 kernel/softirq.c:683 handle_domain_irq+0x14c/0x1fc kernel/irq/irqdesc.c:711 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lockdep_unregister_key+0x30c/0x38c kernel/locking/lockdep.c:6332 wq_unregister_lockdep kernel/workqueue.c:3518 [inline] pwq_unbound_release_workfn+0x200/0x254 kernel/workqueue.c:3756 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 53739 hardirqs last enabled at (53738): [] handle_softirqs+0x220/0xbf0 kernel/softirq.c:560 hardirqs last disabled at (53739): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (53442): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (53442): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:736 [inline] softirqs last enabled at (53442): [] nsim_dev_trap_report_work+0x5fc/0x938 drivers/net/netdevsim/dev.c:762 softirqs last disabled at (53737): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (53737): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (53737): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (53737): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace 2e88ad39bf836a35 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df625ee0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] alloc_counters+0x3f8/0x7a4 net/ipv4/netfilter/ip_tables.c:805 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:839 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xaf4/0x13a8 net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x52c/0x2584 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4313 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3418 __sys_getsockopt+0x1b8/0x250 net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2259 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 322074 hardirqs last enabled at (322073): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (322073): [] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] hardirqs last enabled at (322073): [] alloc_counters+0x3d4/0x7a4 net/ipv4/netfilter/ip_tables.c:805 hardirqs last disabled at (322074): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (322014): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (322012): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a36 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5074 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5074 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5074 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5074 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5074 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d1b41b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df621a58 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : f961426e1a242a00 x8 : f961426e1a242a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 __debug_check_no_obj_freed lib/debugobjects.c:982 [inline] debug_check_no_obj_freed+0x450/0x46c lib/debugobjects.c:1003 slab_free_hook mm/slub.c:1685 [inline] slab_free_freelist_hook+0x9c/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x170/0x40c mm/slub.c:4564 tomoyo_realpath_from_path+0x4c8/0x510 security/tomoyo/realpath.c:291 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_check_open_permission+0x168/0x2fc security/tomoyo/file.c:771 tomoyo_file_open+0x130/0x1b0 security/tomoyo/tomoyo.c:311 security_file_open+0x6c/0xac security/security.c:1668 do_dentry_open+0x29c/0xebc fs/open.c:813 vfs_open+0x7c/0x90 fs/open.c:956 do_open fs/namei.c:3608 [inline] path_openat+0x1f80/0x26e4 fs/namei.c:3742 do_filp_open+0x164/0x330 fs/namei.c:3769 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1548 hardirqs last enabled at (1547): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1547): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1548): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1188): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1186): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a3c ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5077 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5077 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5077 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5077 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5077 Comm: syz.0.76 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000ed8e51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df621df8 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 626d286fa6145200 x8 : 626d286fa6145200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 320 hardirqs last enabled at (319): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (320): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a3d ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5079 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5079 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5079 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5079 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5079 Comm: syz.0.77 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cd260000 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dce4c230 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : d3d33d4e8f1b6e00 x8 : d3d33d4e8f1b6e00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] consume_stock mm/memcontrol.c:2212 [inline] try_charge_memcg+0x1e8/0x11bc mm/memcontrol.c:2607 try_charge mm/memcontrol.c:2779 [inline] charge_memcg+0xac/0x220 mm/memcontrol.c:6765 __mem_cgroup_charge+0x38/0xb0 mm/memcontrol.c:6801 mem_cgroup_charge include/linux/memcontrol.h:700 [inline] do_anonymous_page mm/memory.c:3842 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x193c/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 344 hardirqs last enabled at (343): [] consume_stock mm/memcontrol.c:2212 [inline] hardirqs last enabled at (343): [] try_charge_memcg+0x1d8/0x11bc mm/memcontrol.c:2607 hardirqs last disabled at (344): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a3e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5092 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5092 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5092 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5092 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5092 Comm: syz.0.84 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d67051c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dce4c5d0 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 154ac91d4bbc8b00 x8 : 154ac91d4bbc8b00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:363 [inline] ext4_do_update_inode fs/ext4/inode.c:5102 [inline] ext4_mark_iloc_dirty+0x1bc/0x3834 fs/ext4/inode.c:5807 __ext4_mark_inode_dirty+0x490/0x7b0 fs/ext4/inode.c:6011 ext4_dirty_inode+0xd0/0x100 fs/ext4/inode.c:6040 __mark_inode_dirty+0x2b0/0xfac fs/fs-writeback.c:2464 generic_update_time+0x210/0x238 fs/inode.c:1881 inode_update_time fs/inode.c:1894 [inline] file_update_time+0x318/0x390 fs/inode.c:2083 ext4_page_mkwrite+0x16c/0x10c8 fs/ext4/inode.c:6158 do_page_mkwrite+0x13c/0x358 mm/memory.c:2922 do_shared_fault mm/memory.c:4328 [inline] do_fault mm/memory.c:4396 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x1618/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1096 hardirqs last enabled at (1095): [] lookup_bh_lru fs/buffer.c:1294 [inline] hardirqs last enabled at (1095): [] __find_get_block+0x1c8/0xcd8 fs/buffer.c:1306 hardirqs last disabled at (1096): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (536): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (534): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a44 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dce4c970 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_release+0x4a0/0x8e8 kernel/locking/lockdep.c:5646 rcu_lock_release+0x2c/0x38 include/linux/rcupdate.h:317 rcu_read_unlock include/linux/rcupdate.h:772 [inline] try_to_unlazy+0x344/0x600 fs/namei.c:783 complete_walk+0xe4/0x308 fs/namei.c:885 path_lookupat+0x1ec/0x3d0 fs/namei.c:2462 filename_lookup+0x180/0x414 fs/namei.c:2484 user_path_at_empty+0x5c/0x1a0 fs/namei.c:2883 user_path_at include/linux/namei.h:57 [inline] vfs_statx+0xf4/0x458 fs/stat.c:221 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat fs/stat.c:411 [inline] __se_sys_newfstatat fs/stat.c:405 [inline] __arm64_sys_newfstatat+0x10c/0x190 fs/stat.c:405 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 378332 hardirqs last enabled at (378331): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (378332): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (377744): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (377742): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a46 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 4770 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 4770 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000cc9a51c0 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000d0d7e4e8 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 188fe7a40ddbb300 x8 : 188fe7a40ddbb300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access+0x214/0x2bc include/linux/seqlock.h:105 read_seqbegin include/linux/seqlock.h:897 [inline] read_seqbegin_or_lock include/linux/seqlock.h:1191 [inline] prepend_path+0xe0/0xad4 fs/d_path.c:167 d_absolute_path+0xa0/0x148 fs/d_path.c:235 tomoyo_get_absolute_path security/tomoyo/realpath.c:101 [inline] tomoyo_realpath_from_path+0x2a0/0x510 security/tomoyo/realpath.c:276 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x1b4/0x440 security/tomoyo/file.c:822 tomoyo_inode_getattr+0x28/0x38 security/tomoyo/tomoyo.c:122 security_inode_getattr+0xd8/0x124 security/security.c:1348 vfs_getattr fs/stat.c:157 [inline] vfs_statx+0x118/0x458 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat fs/stat.c:411 [inline] __se_sys_newfstatat fs/stat.c:405 [inline] __arm64_sys_newfstatat+0x10c/0x190 fs/stat.c:405 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 400676 hardirqs last enabled at (400675): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (400676): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (400344): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (400342): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a4d ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 0 PID: 5121 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 0 PID: 5121 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 0 PID: 5121 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 0 PID: 5121 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 0 PID: 5121 Comm: syz.0.98 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008007de0 x29: ffff800008007de0 x28: ffff0000d1661b40 x27: 1fffe0003421845c x26: 0000000000000001 x25: ffff0001a10c22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000d0d7ec28 x20: ffff0001a10c22e0 x19: ffff8000113d9aa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111c8944 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 973ad52e93943700 x8 : 973ad52e93943700 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080076d8 x4 : ffff80001425f420 x3 : ffff80000850471c x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 278 hardirqs last enabled at (277): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (278): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2e88ad39bf836a50 ]---