------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5c9d10
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 seqcount_lockdep_reader_access+0x21c/0x2c4 include/linux/seqlock.h:105
 ktime_get_coarse_real_ts64+0x44/0x134 kernel/time/timekeeping.c:2244
 current_time+0x90/0x294 fs/inode.c:2391
 file_update_time+0xc4/0x390 fs/inode.c:2066
 pipe_write+0x10bc/0x1930 fs/pipe.c:603
 call_write_iter include/linux/fs.h:2173 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x7c8/0xa2c fs/read_write.c:594
 ksys_write+0x120/0x210 fs/read_write.c:647
 __do_sys_write fs/read_write.c:659 [inline]
 __se_sys_write fs/read_write.c:656 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:656
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 161958
hardirqs last  enabled at (161957): [<ffff800008389508>] seqcount_lockdep_reader_access+0x1fc/0x2c4 include/linux/seqlock.h:105
hardirqs last disabled at (161958): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (161874): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (161872): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb40 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4970 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4970 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4970 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4970 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4970 Comm: syz.0.19 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000da2f3680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e330c148
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 0d1c6391ae025b00
x8 : 0d1c6391ae025b00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 rmqueue_pcplist mm/page_alloc.c:3710 [inline]
 rmqueue mm/page_alloc.c:3742 [inline]
 get_page_from_freelist+0x2244/0x2aa8 mm/page_alloc.c:4189
 __alloc_pages+0x1a0/0x470 mm/page_alloc.c:5487
 alloc_pages_vma+0x284/0x7a8 mm/mempolicy.c:2146
 alloc_zeroed_user_highpage_movable+0x9c/0xd8 arch/arm64/mm/fault.c:933
 do_anonymous_page mm/memory.c:3838 [inline]
 handle_pte_fault mm/memory.c:4648 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x1908/0x2970 mm/memory.c:4883
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605
 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494
 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 268
hardirqs last  enabled at (267): [<ffff8000087a93e4>] rmqueue_pcplist mm/page_alloc.c:3710 [inline]
hardirqs last  enabled at (267): [<ffff8000087a93e4>] rmqueue mm/page_alloc.c:3742 [inline]
hardirqs last  enabled at (267): [<ffff8000087a93e4>] get_page_from_freelist+0x2234/0x2aa8 mm/page_alloc.c:4189
hardirqs last disabled at (268): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (8): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (6): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb43 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e330c4e8
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __call_rcu kernel/rcu/tree.c:3045 [inline]
 call_rcu+0x580/0x8fc kernel/rcu/tree.c:3091
 dentry_free+0xa4/0x180 fs/dcache.c:-1
 __dentry_kill+0x45c/0x598 fs/dcache.c:600
 dentry_kill+0xc8/0x248 fs/dcache.c:-1
 dput+0x23c/0x458 fs/dcache.c:893
 do_unlinkat+0x328/0x600 fs/namei.c:4359
 __do_sys_unlinkat fs/namei.c:4399 [inline]
 __se_sys_unlinkat fs/namei.c:4392 [inline]
 __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4392
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 176104
hardirqs last  enabled at (176103): [<ffff80000833fd3c>] __call_rcu kernel/rcu/tree.c:3045 [inline]
hardirqs last  enabled at (176103): [<ffff80000833fd3c>] call_rcu+0x570/0x8fc kernel/rcu/tree.c:3091
hardirqs last disabled at (176104): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (175404): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (175402): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb44 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debc7060
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 tomoyo_encode2 security/tomoyo/realpath.c:36 [inline]
 tomoyo_encode+0x118/0x4a4 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x4bc/0x510 security/tomoyo/realpath.c:288
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x1b4/0x440 security/tomoyo/file.c:822
 tomoyo_path_rmdir+0xa4/0xe8 security/tomoyo/tomoyo.c:182
 security_path_rmdir+0xe4/0x134 security/security.c:1163
 do_rmdir+0x1d0/0x634 fs/namei.c:4214
 __do_sys_unlinkat fs/namei.c:4398 [inline]
 __se_sys_unlinkat fs/namei.c:4392 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4392
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 188624
hardirqs last  enabled at (188623): [<ffff8000089af800>] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105
hardirqs last disabled at (188624): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (188374): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (188372): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb47 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c0a68000 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debc7400
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 008fc90fb022b800
x8 : 008fc90fb022b800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
 default_idle_call+0xcc/0x418 kernel/sched/idle.c:112
 cpuidle_idle_call kernel/sched/idle.c:194 [inline]
 do_idle+0x1c8/0x480 kernel/sched/idle.c:306
 cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403
 secondary_start_kernel+0x23c/0x294 arch/arm64/kernel/smp.c:265
 __secondary_switched+0x94/0x98 arch/arm64/kernel/head.S:661
irq event stamp: 520258
hardirqs last  enabled at (520257): [<ffff8000112a7d20>] default_idle_call+0xb8/0x418 kernel/sched/idle.c:109
hardirqs last disabled at (520258): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (520222): [<ffff80000819e9f4>] softirq_handle_end kernel/softirq.c:419 [inline]
softirqs last  enabled at (520222): [<ffff80000819e9f4>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604
softirqs last disabled at (520175): [<ffff80000819eff8>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (520175): [<ffff80000819eff8>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (520175): [<ffff80000819eff8>] invoke_softirq kernel/softirq.c:457 [inline]
softirqs last disabled at (520175): [<ffff80000819eff8>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659
---[ end trace 5519afa7f6d9eb49 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 3663 Comm: udevd Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d73c0000 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e88a8ee0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 60ebf182a8fe0600
x8 : 60ebf182a8fe0600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 kasan_mem_to_shadow include/linux/kasan.h:55 [inline]
 memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
 memory_is_poisoned mm/kasan/generic.c:159 [inline]
 check_region_inline mm/kasan/generic.c:180 [inline]
 kasan_check_range+0x4c/0x2b0 mm/kasan/generic.c:189
 memset+0x58/0x88 mm/kasan/shadow.c:44
 unwind_frame+0x124/0x668 arch/arm64/kernel/stacktrace.c:70
 walk_stackframe+0x6c/0xa8 arch/arm64/kernel/stacktrace.c:148
 return_address+0xd0/0x144 arch/arm64/kernel/return_address.c:46
 get_lock_parent_ip include/linux/ftrace.h:859 [inline]
 preempt_latency_start kernel/sched/core.c:5490 [inline]
 preempt_count_add+0x13c/0x3bc kernel/sched/core.c:5515
 __raw_spin_lock include/linux/spinlock_api_smp.h:141 [inline]
 _raw_spin_lock+0x24/0x10c kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:364 [inline]
 kernfs_iop_permission+0x6c/0x2e0 fs/kernfs/inode.c:285
 do_inode_permission fs/namei.c:459 [inline]
 inode_permission+0x1d0/0x3c0 fs/namei.c:526
 may_lookup fs/namei.c:1701 [inline]
 link_path_walk+0x268/0xb8c fs/namei.c:2253
 path_openat+0x1c0/0x26e4 fs/namei.c:3746
 do_filp_open+0x164/0x330 fs/namei.c:3777
 do_sys_openat2+0x128/0x3d8 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x120/0x154 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1172016
hardirqs last  enabled at (1172015): [<ffff800008914b78>] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105
hardirqs last disabled at (1172016): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1171992): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1171990): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb4e ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 3663 Comm: udevd Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d73c0000 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5c2318
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 60ebf182a8fe0600
x8 : 60ebf182a8fe0600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 qlist_free_all+0x38/0xa8 mm/kasan/quarantine.c:174
 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x408 mm/slab.h:519
 slab_alloc_node mm/slub.c:3225 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238
 getname_flags+0xb8/0x450 fs/namei.c:138
 user_path_at_empty+0x40/0x1a0 fs/namei.c:2890
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0xf4/0x458 fs/stat.c:221
 vfs_fstatat fs/stat.c:243 [inline]
 __do_sys_newfstatat fs/stat.c:411 [inline]
 __se_sys_newfstatat fs/stat.c:405 [inline]
 __arm64_sys_newfstatat+0x10c/0x190 fs/stat.c:405
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1179026
hardirqs last  enabled at (1179025): [<ffff80000883498c>] put_cpu_partial+0x188/0x218 mm/slub.c:2589
hardirqs last disabled at (1179026): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1178924): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1178922): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb4f ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5004 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5004 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5004 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5004 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5004 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000dcff8000 x27: 1fffe0003421a45b
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5c26b8
x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : d4712972c192b000
x8 : d4712972c192b000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
 lock_is_held include/linux/lockdep.h:287 [inline]
 xa_entry include/linux/xarray.h:1197 [inline]
 xas_next_entry+0x1b0/0x394 include/linux/xarray.h:1656
 next_map_page mm/filemap.c:3296 [inline]
 filemap_map_pages+0x958/0xc50 mm/filemap.c:3352
 do_fault_around mm/memory.c:4243 [inline]
 do_read_fault mm/memory.c:4258 [inline]
 do_fault mm/memory.c:4392 [inline]
 handle_pte_fault mm/memory.c:4650 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x19c4/0x2970 mm/memory.c:4883
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605
 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el0_ia+0xe0/0x2d0 arch/arm64/kernel/entry-common.c:512
 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:632
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 378
hardirqs last  enabled at (377): [<ffff80000887c6e0>] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059
hardirqs last disabled at (378): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (14): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (12): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb51 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5014 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5014 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5014 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5014 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5014 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c6cbd1c0 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5c2df8
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 8cfadf9ad8b5db00
x8 : 8cfadf9ad8b5db00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_pc+0xa8/0xac kernel/kcov.c:216
 unwind_frame+0x3a0/0x668 arch/arm64/kernel/stacktrace.c:112
 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline]
 arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238
 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0x8c/0xcc mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x408 mm/slab.h:519
 slab_alloc_node mm/slub.c:3225 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238
 getname_flags+0xb8/0x450 fs/namei.c:138
 getname fs/namei.c:217 [inline]
 __do_sys_symlinkat fs/namei.c:4483 [inline]
 __se_sys_symlinkat fs/namei.c:4480 [inline]
 __arm64_sys_symlinkat+0x94/0xbc fs/namei.c:4480
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 752
hardirqs last  enabled at (751): [<ffff80000805b190>] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline]
hardirqs last  enabled at (751): [<ffff80000805b190>] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107
hardirqs last disabled at (752): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (508): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (506): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb54 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5030 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5030 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5030 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5030 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5030 Comm: syz.0.49 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000cc473680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd720b40
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : c786f7763ae3a300
x8 : c786f7763ae3a300 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059
 page_add_file_rmap+0x148/0x8e4 mm/rmap.c:1219
 do_set_pte+0x390/0x4dc mm/memory.c:4069
 filemap_map_pages+0x9c4/0xc50 mm/filemap.c:3344
 do_fault_around mm/memory.c:4243 [inline]
 do_read_fault mm/memory.c:4258 [inline]
 do_fault mm/memory.c:4392 [inline]
 handle_pte_fault mm/memory.c:4650 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x19c4/0x2970 mm/memory.c:4883
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605
 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el0_ia+0xe0/0x2d0 arch/arm64/kernel/entry-common.c:512
 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:632
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1102
hardirqs last  enabled at (1101): [<ffff80000887c6e0>] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059
hardirqs last disabled at (1102): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (460): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (458): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb5b ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd720ee0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __d_lookup+0x508/0x6a8 fs/dcache.c:2446
 d_lookup+0x38/0x80 fs/dcache.c:2379
 lookup_dcache fs/namei.c:1532 [inline]
 lookup_one_qstr_excl+0x3c/0x230 fs/namei.c:1556
 do_rmdir+0x18c/0x634 fs/namei.c:4206
 __do_sys_unlinkat fs/namei.c:4398 [inline]
 __se_sys_unlinkat fs/namei.c:4392 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4392
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 273968
hardirqs last  enabled at (273967): [<ffff800008939384>] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline]
hardirqs last  enabled at (273967): [<ffff800008939384>] read_seqbegin+0x1fc/0x304 include/linux/seqlock.h:897
hardirqs last disabled at (273968): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (273168): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (273166): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb5e ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 3663 Comm: udevd Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d73c0000 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e319f400
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 60ebf182a8fe0600
x8 : 60ebf182a8fe0600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_pc+0x1c/0xac kernel/kcov.c:202
 tomoyo_compare_name_union security/tomoyo/file.c:87 [inline]
 tomoyo_check_path_acl+0x11c/0x1c8 security/tomoyo/file.c:260
 tomoyo_check_acl+0x11c/0x378 security/tomoyo/domain.c:175
 tomoyo_path_permission+0x164/0x310 security/tomoyo/file.c:586
 tomoyo_check_open_permission+0x1d0/0x2fc security/tomoyo/file.c:777
 tomoyo_file_open+0x130/0x1b0 security/tomoyo/tomoyo.c:311
 security_file_open+0x6c/0xac security/security.c:1668
 do_dentry_open+0x29c/0xebc fs/open.c:813
 vfs_open+0x7c/0x90 fs/open.c:956
 do_open fs/namei.c:3616 [inline]
 path_openat+0x1f80/0x26e4 fs/namei.c:3750
 do_filp_open+0x164/0x330 fs/namei.c:3777
 do_sys_openat2+0x128/0x3d8 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x120/0x154 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1254786
hardirqs last  enabled at (1254785): [<ffff80000883de20>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (1254786): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1254728): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1254726): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb60 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e319f7a0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 stack_depot_save+0x180/0x49c lib/stackdepot.c:280
 kasan_save_stack mm/kasan/common.c:40 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0xa8/0xcc mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x408 mm/slab.h:519
 slab_alloc_node mm/slub.c:3225 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238
 prepare_creds+0x44/0x71c kernel/cred.c:260
 copy_creds+0x114/0xc9c kernel/cred.c:365
 copy_process+0x858/0x34ac kernel/fork.c:2153
 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679
 __do_sys_clone kernel/fork.c:2796 [inline]
 __se_sys_clone kernel/fork.c:2764 [inline]
 __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 288050
hardirqs last  enabled at (288049): [<ffff80000882fcc8>] ___slab_alloc+0xc34/0xda8 mm/slub.c:2968
hardirqs last disabled at (288050): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (288024): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (288022): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb62 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 3663 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 3663 Comm: udevd Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d73c0000 x27: 1fffe0003421a45b
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e302adf8
x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 60ebf182a8fe0600
x8 : 60ebf182a8fe0600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_pc+0x8/0xac kernel/kcov.c:199
 unwind_frame+0x3c4/0x668 arch/arm64/kernel/stacktrace.c:113
 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline]
 arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238
 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x84 mm/kasan/common.c:46
 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360
 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736
 slab_free mm/slub.c:3504 [inline]
 kfree+0x170/0x40c mm/slub.c:4564
 tomoyo_path_perm+0x334/0x440 security/tomoyo/file.c:842
 tomoyo_inode_getattr+0x28/0x38 security/tomoyo/tomoyo.c:122
 security_inode_getattr+0xd8/0x124 security/security.c:1348
 vfs_getattr fs/stat.c:157 [inline]
 vfs_fstat fs/stat.c:182 [inline]
 __do_sys_newfstat fs/stat.c:421 [inline]
 __se_sys_newfstat fs/stat.c:418 [inline]
 __arm64_sys_newfstat+0xe8/0x1d0 fs/stat.c:418
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1273504
hardirqs last  enabled at (1273503): [<ffff8000112a8f68>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (1273503): [<ffff8000112a8f68>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (1273504): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1273438): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1273436): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb65 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5061 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5061 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5061 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5061 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5061 Comm: syz.0.64 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d69851c0 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e302bd10
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 9eb1405f88ace600
x8 : 9eb1405f88ace600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 set_p4d arch/arm64/include/asm/pgtable.h:703 [inline]
 p4d_clear arch/arm64/include/asm/pgtable.h:713 [inline]
 free_pud_range mm/memory.c:298 [inline]
 free_p4d_range mm/memory.c:317 [inline]
 free_pgd_range+0x9d0/0xc04 mm/memory.c:397
 free_pgtables+0x23c/0x278 mm/memory.c:-1
 exit_mmap+0x2bc/0x4e0 mm/mmap.c:3217
 __mmput+0xec/0x3b8 kernel/fork.c:1127
 mmput+0x80/0xc8 kernel/fork.c:1148
 exit_mm+0x4a0/0x684 kernel/exit.c:550
 do_exit+0x4ec/0x1f58 kernel/exit.c:870
 do_group_exit+0x100/0x268 kernel/exit.c:997
 get_signal+0x73c/0x1340 kernel/signal.c:2900
 do_signal arch/arm64/kernel/signal.c:893 [inline]
 do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 2406
hardirqs last  enabled at (2405): [<ffff8000087526b0>] mod_lruvec_page_state include/linux/vmstat.h:497 [inline]
hardirqs last  enabled at (2405): [<ffff8000087526b0>] dec_lruvec_page_state include/linux/vmstat.h:555 [inline]
hardirqs last  enabled at (2405): [<ffff8000087526b0>] pgtable_pmd_page_dtor+0x140/0x200 include/linux/mm.h:2377
hardirqs last disabled at (2406): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1278): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1276): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb6b ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5072 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5072 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5072 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5072 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5072 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d594b680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5cab40
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 488405472c109b00
x8 : 488405472c109b00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_pc+0x4/0xac kernel/kcov.c:199
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494
 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 110
hardirqs last  enabled at (109): [<ffff80000874a3b8>] count_memcg_events include/linux/memcontrol.h:1058 [inline]
hardirqs last  enabled at (109): [<ffff80000874a3b8>] count_memcg_event_mm+0x1b0/0x308 include/linux/memcontrol.h:1081
hardirqs last disabled at (110): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (54): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (52): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb70 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5076 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5076 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5076 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5076 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5076 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d5948000 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5caee0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : d9049bef981bdd00
x8 : d9049bef981bdd00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 ___slab_alloc+0x2e8/0xda8 mm/slub.c:2949
 __slab_alloc+0x68/0xc0 mm/slub.c:3100
 slab_alloc_node mm/slub.c:3191 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x2ac/0x3e4 mm/slub.c:3238
 shmem_alloc_inode+0x20/0x38 mm/shmem.c:3789
 alloc_inode fs/inode.c:261 [inline]
 new_inode_pseudo+0x68/0x1fc fs/inode.c:1001
 new_inode+0x38/0x174 fs/inode.c:1030
 shmem_get_inode+0x2d8/0x96c mm/shmem.c:2290
 shmem_symlink+0xa4/0x4a0 mm/shmem.c:3082
 vfs_symlink+0x238/0x3b0 fs/namei.c:4437
 do_symlinkat+0x184/0x5a8 fs/namei.c:4466
 __do_sys_symlinkat fs/namei.c:4483 [inline]
 __se_sys_symlinkat fs/namei.c:4480 [inline]
 __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4480
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 718
hardirqs last  enabled at (717): [<ffff80000882f36c>] ___slab_alloc+0x2d8/0xda8 mm/slub.c:2949
hardirqs last disabled at (718): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (508): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (506): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb72 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debd6060
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626
 rcu_lock_acquire+0x38/0x44 include/linux/rcupdate.h:313
 rcu_read_lock include/linux/rcupdate.h:740 [inline]
 get_obj_cgroup_from_current+0x17c/0x524 mm/memcontrol.c:2922
 memcg_slab_pre_alloc_hook mm/slab.h:283 [inline]
 slab_pre_alloc_hook+0xa8/0xec mm/slab.h:497
 slab_alloc_node mm/slub.c:3139 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x94/0x3e4 mm/slub.c:3238
 anon_vma_chain_alloc mm/rmap.c:138 [inline]
 anon_vma_clone+0x90/0x470 mm/rmap.c:284
 anon_vma_fork+0x80/0x49c mm/rmap.c:347
 dup_mmap kernel/fork.c:574 [inline]
 dup_mm kernel/fork.c:1466 [inline]
 copy_mm+0x7bc/0x1090 kernel/fork.c:1518
 copy_process+0x14d8/0x34ac kernel/fork.c:2290
 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679
 __do_sys_clone kernel/fork.c:2796 [inline]
 __se_sys_clone kernel/fork.c:2764 [inline]
 __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 343126
hardirqs last  enabled at (343125): [<ffff80000887ea7c>] mod_memcg_lruvec_state include/linux/memcontrol.h:1044 [inline]
hardirqs last  enabled at (343125): [<ffff80000887ea7c>] mod_objcg_mlstate+0x13c/0x228 mm/memcontrol.c:831
hardirqs last disabled at (343126): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (343050): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (343048): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb74 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5083 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5083 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5083 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5083 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5083 Comm: syz.0.75 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000cc4c3680 x27: 1fffe0003421a45b
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debd67a0
x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : bc11f4eab627dc00
x8 : bc11f4eab627dc00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 free_pgtables+0x4c/0x278 mm/memory.c:405
 exit_mmap+0x2bc/0x4e0 mm/mmap.c:3217
 __mmput+0xec/0x3b8 kernel/fork.c:1127
 mmput+0x80/0xc8 kernel/fork.c:1148
 exit_mm+0x4a0/0x684 kernel/exit.c:550
 do_exit+0x4ec/0x1f58 kernel/exit.c:870
 do_group_exit+0x100/0x268 kernel/exit.c:997
 get_signal+0x73c/0x1340 kernel/signal.c:2900
 do_signal arch/arm64/kernel/signal.c:893 [inline]
 do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 2198
hardirqs last  enabled at (2197): [<ffff80000887c6e0>] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059
hardirqs last disabled at (2198): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1130): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1128): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb76 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5089 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5089 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5089 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5089 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5089 Comm: syz.0.78 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000da9c3680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debd6b40
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 2cd1917f8a41de00
x8 : 2cd1917f8a41de00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_pc+0x3c/0xac kernel/kcov.c:202
 check_preemption_disabled+0x38/0x164 lib/smp_processor_id.c:16
 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60
 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline]
 rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:1123
 rcu_read_unlock include/linux/rcupdate.h:769 [inline]
 count_memcg_event_mm+0x1ec/0x308 include/linux/memcontrol.h:1082
 handle_mm_fault+0x1a0/0x2970 mm/memory.c:4863
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605
 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494
 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 284
hardirqs last  enabled at (283): [<ffff80000874a3b8>] count_memcg_events include/linux/memcontrol.h:1058 [inline]
hardirqs last  enabled at (283): [<ffff80000874a3b8>] count_memcg_event_mm+0x1b0/0x308 include/linux/memcontrol.h:1081
hardirqs last disabled at (284): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (8): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (6): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb78 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5091 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5091 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5091 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5091 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5091 Comm: syz.0.79 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d9891b40 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000debd6ee0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 6025aa3baa7a9300
x8 : 6025aa3baa7a9300 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683
 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690
 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695
 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585
irq event stamp: 106
hardirqs last  enabled at (105): [<ffff8000111cacfc>] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629
hardirqs last disabled at (106): [<ffff8000111cc9ec>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690
softirqs last  enabled at (8): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (6): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb79 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000ccad66b8
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626
 __might_fault+0xc8/0x128 mm/memory.c:5357
 _copy_to_user include/linux/uaccess.h:174 [inline]
 copy_to_user include/linux/uaccess.h:200 [inline]
 xt_obj_to_user+0x17c/0x3c8 net/netfilter/x_tables.c:299
 xt_target_to_user+0x88/0x1a8 net/netfilter/x_tables.c:343
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:860 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline]
 do_ipt_get_ctl+0xfc0/0x13a8 net/ipv4/netfilter/ip_tables.c:1669
 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116
 ip_getsockopt+0xffc/0x158c net/ipv4/ip_sockglue.c:1797
 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4319
 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3423
 __sys_getsockopt+0x1b8/0x250 net/socket.c:2257
 __do_sys_getsockopt net/socket.c:2272 [inline]
 __se_sys_getsockopt net/socket.c:2269 [inline]
 __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2269
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 365698
hardirqs last  enabled at (365697): [<ffff80001001a378>] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline]
hardirqs last  enabled at (365697): [<ffff80001001a378>] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline]
hardirqs last  enabled at (365697): [<ffff80001001a378>] alloc_counters+0x3d4/0x7a4 net/ipv4/netfilter/ip_tables.c:805
hardirqs last disabled at (365698): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (365664): [<ffff80000f69c768>] spin_unlock_bh include/linux/spinlock.h:409 [inline]
softirqs last  enabled at (365664): [<ffff80000f69c768>] release_sock+0x1d0/0x258 net/core/sock.c:3282
softirqs last disabled at (365662): [<ffff80000f69c5cc>] spin_lock_bh include/linux/spinlock.h:369 [inline]
softirqs last disabled at (365662): [<ffff80000f69c5cc>] release_sock+0x34/0x258 net/core/sock.c:3269
---[ end trace 5519afa7f6d9eb7c ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5101 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5101 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5101 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5101 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5101 Comm: syz.0.84 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d9893680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000ccad6a58
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : c02c4f4b30b58d00
x8 : c02c4f4b30b58d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194
 __debug_check_no_obj_freed lib/debugobjects.c:982 [inline]
 debug_check_no_obj_freed+0x450/0x46c lib/debugobjects.c:1003
 free_pages_prepare mm/page_alloc.c:1345 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x2fc/0xaa0 mm/page_alloc.c:3317
 free_unref_page+0x78/0x1fc mm/page_alloc.c:3396
 free_the_page mm/page_alloc.c:705 [inline]
 __free_pages+0x180/0x1d4 mm/page_alloc.c:5563
 __free_slab+0x178/0x398 mm/slub.c:2005
 free_slab mm/slub.c:2020 [inline]
 discard_slab+0x64/0xe0 mm/slub.c:2026
 __slab_free+0x1c4/0x254 mm/slub.c:3409
 do_slab_free mm/slub.c:3492 [inline]
 ___cache_free+0x178/0x1bc mm/slub.c:3511
 qlink_free+0x5c/0xa4 mm/kasan/quarantine.c:157
 qlist_free_all+0x40/0xa8 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x408 mm/slab.h:519
 slab_alloc_node mm/slub.c:3225 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x1e0/0x3e4 mm/slub.c:3238
 __d_alloc+0x3c/0x65c fs/dcache.c:1749
 d_alloc_pseudo+0x28/0x8c fs/dcache.c:1880
 alloc_file_pseudo+0xcc/0x1dc fs/file_table.c:256
 __shmem_file_setup+0x19c/0x264 mm/shmem.c:4143
 shmem_file_setup+0x40/0x54 mm/shmem.c:4173
 __do_sys_memfd_create mm/memfd.c:323 [inline]
 __se_sys_memfd_create mm/memfd.c:266 [inline]
 __arm64_sys_memfd_create+0x37c/0x514 mm/memfd.c:266
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 296
hardirqs last  enabled at (295): [<ffff8000112a8f68>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (295): [<ffff8000112a8f68>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (296): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (8): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (6): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb7e ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000ccad6df8
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626
 rcu_lock_acquire+0x38/0x44 include/linux/rcupdate.h:313
 rcu_read_lock include/linux/rcupdate.h:740 [inline]
 percpu_ref_tryget_many include/linux/percpu-refcount.h:241 [inline]
 percpu_ref_tryget+0x20/0x230 include/linux/percpu-refcount.h:266
 obj_cgroup_tryget include/linux/memcontrol.h:800 [inline]
 get_obj_cgroup_from_current+0x304/0x524 mm/memcontrol.c:2930
 memcg_slab_pre_alloc_hook mm/slab.h:283 [inline]
 slab_pre_alloc_hook+0xa8/0xec mm/slab.h:497
 slab_alloc_node mm/slub.c:3139 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x94/0x3e4 mm/slub.c:3238
 vm_area_dup kernel/fork.c:358 [inline]
 dup_mmap kernel/fork.c:557 [inline]
 dup_mm kernel/fork.c:1466 [inline]
 copy_mm+0x6cc/0x1090 kernel/fork.c:1518
 copy_process+0x14d8/0x34ac kernel/fork.c:2290
 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679
 __do_sys_clone kernel/fork.c:2796 [inline]
 __se_sys_clone kernel/fork.c:2764 [inline]
 __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 382008
hardirqs last  enabled at (382007): [<ffff800008886868>] consume_stock mm/memcontrol.c:2212 [inline]
hardirqs last  enabled at (382007): [<ffff800008886868>] try_charge_memcg+0x1d8/0x11bc mm/memcontrol.c:2607
hardirqs last disabled at (382008): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (381954): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (381952): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb81 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000deb9b230
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194
 debug_object_activate+0x248/0x464 lib/debugobjects.c:712
 debug_rcu_head_queue kernel/rcu/rcu.h:176 [inline]
 __call_rcu kernel/rcu/tree.c:2995 [inline]
 call_rcu+0x54/0x8fc kernel/rcu/tree.c:3091
 file_free fs/file_table.c:58 [inline]
 __fput+0x51c/0x7f8 fs/file_table.c:324
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x12c/0x1e0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x24b4/0x3128 arch/arm64/kernel/signal.c:949
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 395092
hardirqs last  enabled at (395091): [<ffff8000112a8f68>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (395091): [<ffff8000112a8f68>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (395092): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (394286): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (394284): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb86 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000deb9b5d0
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194
 __debug_check_no_obj_freed lib/debugobjects.c:982 [inline]
 debug_check_no_obj_freed+0x450/0x46c lib/debugobjects.c:1003
 slab_free_hook mm/slub.c:1685 [inline]
 slab_free_freelist_hook+0x9c/0x1e8 mm/slub.c:1736
 slab_free mm/slub.c:3504 [inline]
 kfree+0x170/0x40c mm/slub.c:4564
 tomoyo_realpath_from_path+0x4c8/0x510 security/tomoyo/realpath.c:291
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x1b4/0x440 security/tomoyo/file.c:822
 tomoyo_inode_getattr+0x28/0x38 security/tomoyo/tomoyo.c:122
 security_inode_getattr+0xd8/0x124 security/security.c:1348
 vfs_getattr fs/stat.c:157 [inline]
 vfs_statx+0x118/0x458 fs/stat.c:225
 vfs_fstatat fs/stat.c:243 [inline]
 __do_sys_newfstatat fs/stat.c:411 [inline]
 __se_sys_newfstatat fs/stat.c:405 [inline]
 __arm64_sys_newfstatat+0x10c/0x190 fs/stat.c:405
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 401434
hardirqs last  enabled at (401433): [<ffff8000112a8f68>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (401433): [<ffff8000112a8f68>] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194
hardirqs last disabled at (401434): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (400850): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (400848): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb88 ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5127 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5127 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5127 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5127 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5127 Comm: syz.0.97 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000d3b69b40 x27: 1fffe0003421a45c
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000deb9b970
x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 5b45c783985e3d00
x8 : 5b45c783985e3d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683
 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690
 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695
 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585
irq event stamp: 174
hardirqs last  enabled at (173): [<ffff8000111cacfc>] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629
hardirqs last disabled at (174): [<ffff8000111cc9ec>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690
softirqs last  enabled at (8): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (6): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb8b ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 5131 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 5131 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 5131 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 5131 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 5131 Comm: syz.0.99 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000cd5fd1c0 x27: 1fffe0003421a45d
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000002
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e30547a0
x20: ffff0001a10d22e8 x19: ffff8000113da820 x18: 0000000000010003
x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010002 x10: 0000000000010002 x9 : fed43debc6584100
x8 : fed43debc6584100 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903
 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
 __sanitizer_cov_trace_cmp4+0x20/0xc8 kernel/kcov.c:267
 __tlb_remove_page include/asm-generic/tlb.h:444 [inline]
 zap_pte_range mm/memory.c:1387 [inline]
 zap_pmd_range mm/memory.c:1505 [inline]
 zap_pud_range mm/memory.c:1534 [inline]
 zap_p4d_range mm/memory.c:1555 [inline]
 unmap_page_range+0xc80/0x1958 mm/memory.c:1576
 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621
 unmap_vmas+0x104/0x200 mm/memory.c:1653
 exit_mmap+0x2a8/0x4e0 mm/mmap.c:3216
 __mmput+0xec/0x3b8 kernel/fork.c:1127
 mmput+0x80/0xc8 kernel/fork.c:1148
 exit_mm+0x4a0/0x684 kernel/exit.c:550
 do_exit+0x4ec/0x1f58 kernel/exit.c:870
 do_group_exit+0x100/0x268 kernel/exit.c:997
 get_signal+0x73c/0x1340 kernel/signal.c:2900
 do_signal arch/arm64/kernel/signal.c:893 [inline]
 do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 1700
hardirqs last  enabled at (1699): [<ffff80000887c6e0>] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059
hardirqs last disabled at (1700): [<ffff8000111cd68c>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last  enabled at (1226): [<ffff800008032020>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (1224): [<ffff800008031fec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 5519afa7f6d9eb8e ]---
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
WARNING: CPU: 1 PID: 4717 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
Modules linked in:
CPU: 1 PID: 4717 Comm: syz-executor Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __brelse fs/buffer.c:1148 [inline]
pc : brelse include/linux/buffer_head.h:325 [inline]
pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
lr : __brelse fs/buffer.c:1148 [inline]
lr : brelse include/linux/buffer_head.h:325 [inline]
lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline]
lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
sp : ffff800008017de0
x29: ffff800008017de0 x28: ffff0000c22db680 x27: 1fffe0003421a45b
x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000
x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dd5c9d10
x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010002
x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000010001 x10: 0000000000010001 x9 : 054daef7726fa800
x8 : 054daef7726fa800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc
x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027
Call trace:
 __brelse fs/buffer.c:1148 [inline]
 brelse include/linux/buffer_head.h:325 [inline]
 __invalidate_bh_lrus fs/buffer.c:1394 [inline]
 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407
 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628
 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544
 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline]
 ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950
 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:652 [inline]
 handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707
 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765