------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4875 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4875 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4875 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4875 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4875 Comm: syz.0.15 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000ceab3680 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2139a58 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : e252f1c2afdfcb00 x8 : e252f1c2afdfcb00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x22c mm/memcontrol.c:2059 page_remove_rmap+0x3c/0xf90 mm/rmap.c:1351 zap_pte_range mm/memory.c:1384 [inline] zap_pmd_range mm/memory.c:1505 [inline] zap_pud_range mm/memory.c:1534 [inline] zap_p4d_range mm/memory.c:1555 [inline] unmap_page_range+0xb78/0x190c mm/memory.c:1576 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621 unmap_vmas+0x10c/0x214 mm/memory.c:1653 exit_mmap+0x2c4/0x508 mm/mmap.c:3216 __mmput+0xec/0x3a8 kernel/fork.c:1127 mmput+0x80/0xc0 kernel/fork.c:1148 exit_mm+0x4ac/0x664 kernel/exit.c:550 do_exit+0x4f0/0x1f50 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1334 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x354/0x309c arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1d0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 2834 hardirqs last enabled at (2833): [] lock_page_memcg+0x110/0x22c mm/memcontrol.c:2059 hardirqs last disabled at (2834): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1914): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1912): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16af ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2214148 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] put_cpu_partial+0x198/0x214 mm/slub.c:2589 __slab_free+0x180/0x248 mm/slub.c:3373 do_slab_free mm/slub.c:3492 [inline] ___cache_free+0x174/0x1b8 mm/slub.c:3511 qlink_free+0x5c/0xa0 mm/kasan/quarantine.c:157 qlist_free_all+0x40/0xa8 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x3f8 mm/slab.h:519 slab_alloc_node mm/slub.c:3225 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x1d8/0x3d4 mm/slub.c:3238 kmem_cache_zalloc include/linux/slab.h:728 [inline] __alloc_file+0x30/0x238 fs/file_table.c:132 alloc_empty_file+0xa0/0x184 fs/file_table.c:181 alloc_file+0x64/0x490 fs/file_table.c:223 alloc_file_pseudo+0x16c/0x1f4 fs/file_table.c:263 sock_alloc_file+0xb4/0x22c net/socket.c:464 sock_map_fd net/socket.c:488 [inline] __sys_socket+0x13c/0x18c net/socket.c:1597 __do_sys_socket net/socket.c:1602 [inline] __se_sys_socket net/socket.c:1600 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1600 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 168178 hardirqs last enabled at (168177): [] put_cpu_partial+0x188/0x214 mm/slub.c:2589 hardirqs last disabled at (168178): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (167644): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (167644): [] release_sock+0x1d0/0x258 net/core/sock.c:3285 softirqs last disabled at (167642): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (167642): [] release_sock+0x34/0x258 net/core/sock.c:3272 ---[ end trace 2ba480db038c16b1 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4899 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4899 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4899 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4899 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4899 Comm: syz.0.26 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000da493680 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2056a58 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 501bd4078377bb00 x8 : 501bd4078377bb00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore+0x20/0x3c arch/arm64/include/asm/daifflags.h:117 el0_da+0x80/0x1ec arch/arm64/kernel/entry-common.c:493 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1012 hardirqs last enabled at (1011): [] local_daif_restore+0x1c/0x3c arch/arm64/include/asm/daifflags.h:75 hardirqs last disabled at (1012): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (998): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (996): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16b7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e204c6b8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 check_kcov_mode kernel/kcov.c:174 [inline] __sanitizer_cov_trace_pc+0x78/0xac kernel/kcov.c:206 check_preemption_disabled+0x28/0x164 lib/smp_processor_id.c:14 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline] rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:1123 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xb4/0x8e0 kernel/locking/lockdep.c:5634 rcu_lock_release+0x2c/0x38 include/linux/rcupdate.h:318 rcu_read_unlock include/linux/rcupdate.h:773 [inline] mntput_no_expire+0x2a8/0x788 fs/namespace.c:1186 mntput+0x60/0xcc fs/namespace.c:1244 path_put+0x58/0x68 fs/namei.c:560 vfs_statx+0x258/0x490 fs/stat.c:231 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat fs/stat.c:411 [inline] __se_sys_newfstatat fs/stat.c:405 [inline] __arm64_sys_newfstatat+0x124/0x1bc fs/stat.c:405 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 199936 hardirqs last enabled at (199935): [] kasan_quarantine_put+0xc4/0x200 mm/kasan/quarantine.c:231 hardirqs last disabled at (199936): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (199892): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (199890): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16b9 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 427 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 427 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 427 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 427 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 427 Comm: kworker/u4:4 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: netns cleanup_net pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c8298000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df13b6b8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010203 x17: 0000000000010203 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010202 x10: 0000000000010202 x9 : 5b49d5d53dddc200 x8 : 5b49d5d53dddc200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010202 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0x3c/0xac kernel/kcov.c:202 stack_trace_save+0x9c/0xf0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e4 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x16c/0x400 mm/slub.c:4564 skb_free_head net/core/skbuff.c:655 [inline] skb_release_data+0x3bc/0x5a0 net/core/skbuff.c:677 skb_release_all net/core/skbuff.c:742 [inline] __kfree_skb net/core/skbuff.c:756 [inline] consume_skb+0x138/0x338 net/core/skbuff.c:914 netlink_broadcast_filtered+0xccc/0xe34 net/netlink/af_netlink.c:1534 netlink_broadcast net/netlink/af_netlink.c:1556 [inline] nlmsg_multicast include/net/netlink.h:1044 [inline] nlmsg_notify+0x100/0x1e8 net/netlink/af_netlink.c:2550 rtnl_notify+0xa0/0xd8 net/core/rtnetlink.c:764 inet6_rt_notify+0x1b4/0x2b4 net/ipv6/route.c:6192 fib6_del_route net/ipv6/ip6_fib.c:1996 [inline] fib6_del+0xd3c/0x11c4 net/ipv6/ip6_fib.c:2031 fib6_clean_node+0x22c/0x4b0 net/ipv6/ip6_fib.c:2193 fib6_walk_continue+0x654/0x878 net/ipv6/ip6_fib.c:2115 fib6_walk+0x140/0x254 net/ipv6/ip6_fib.c:2163 fib6_clean_tree net/ipv6/ip6_fib.c:2243 [inline] __fib6_clean_all+0x1fc/0x344 net/ipv6/ip6_fib.c:2259 fib6_clean_all+0x3c/0x50 net/ipv6/ip6_fib.c:2270 rt6_sync_down_dev net/ipv6/route.c:4914 [inline] rt6_disable_ip+0x104/0x650 net/ipv6/route.c:4919 addrconf_ifdown+0x14c/0x1680 net/ipv6/addrconf.c:3775 addrconf_notify+0x36c/0xc50 net/ipv6/addrconf.c:-1 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:391 call_netdevice_notifiers_info net/core/dev.c:2062 [inline] call_netdevice_notifiers_extack net/core/dev.c:2074 [inline] call_netdevice_notifiers net/core/dev.c:2088 [inline] dev_close_many+0x2c8/0x438 net/core/dev.c:1663 unregister_netdevice_many+0x3e0/0x183c net/core/dev.c:11136 default_device_exit_batch+0x464/0x4c4 net/core/dev.c:11693 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x654/0xaa4 net/core/net_namespace.c:635 process_one_work+0x79c/0x1138 kernel/workqueue.c:2310 worker_thread+0x8f4/0x1034 kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 1837865 hardirqs last enabled at (1837864): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1837864): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1837865): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1837834): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (1837834): [] clusterip_netdev_event+0x384/0x3ac net/ipv4/netfilter/ipt_CLUSTERIP.c:233 softirqs last disabled at (1837836): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (1837836): [] __fib6_clean_all+0x1b0/0x344 net/ipv6/ip6_fib.c:2258 ---[ end trace 2ba480db038c16bc ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4915 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4915 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4915 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4915 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4915 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000db5b8000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df13ba58 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a901e2d0e5be9200 x8 : a901e2d0e5be9200 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 in_irqentry_text kernel/stacktrace.c:380 [inline] filter_irq_stacks+0x98/0xd8 kernel/stacktrace.c:398 kasan_save_stack mm/kasan/common.c:39 [inline] kasan_set_track+0x58/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e4 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x16c/0x400 mm/slub.c:4564 tomoyo_path_perm+0x33c/0x49c security/tomoyo/file.c:840 tomoyo_path_symlink+0xac/0xf8 security/tomoyo/tomoyo.c:199 security_path_symlink+0xec/0x13c security/security.c:1180 do_symlinkat+0x10c/0x5b4 fs/namei.c:4461 __do_sys_symlinkat fs/namei.c:4483 [inline] __se_sys_symlinkat fs/namei.c:4480 [inline] __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4480 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 632 hardirqs last enabled at (631): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (631): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (632): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (552): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (550): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16bd ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4920 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4920 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4920 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4920 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4920 Comm: syz.0.36 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000cb7c8000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df137230 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 94ab15cacb084600 x8 : 94ab15cacb084600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 __debug_check_no_obj_freed lib/debugobjects.c:982 [inline] debug_check_no_obj_freed+0x450/0x46c lib/debugobjects.c:1003 free_pages_prepare mm/page_alloc.c:1345 [inline] free_pcp_prepare mm/page_alloc.c:1391 [inline] free_unref_page_prepare+0x2f8/0xa84 mm/page_alloc.c:3317 free_unref_page+0x78/0x1f8 mm/page_alloc.c:3396 free_the_page mm/page_alloc.c:705 [inline] __free_pages+0x17c/0x1d0 mm/page_alloc.c:5577 __free_slab+0x174/0x38c mm/slub.c:2005 free_slab mm/slub.c:2020 [inline] discard_slab+0x64/0xd8 mm/slub.c:2026 __unfreeze_partials+0x150/0x190 mm/slub.c:2512 put_cpu_partial+0x1a8/0x214 mm/slub.c:2592 __slab_free+0x180/0x248 mm/slub.c:3373 do_slab_free mm/slub.c:3492 [inline] ___cache_free+0x174/0x1b8 mm/slub.c:3511 qlink_free+0x5c/0xa0 mm/kasan/quarantine.c:157 qlist_free_all+0x40/0xa8 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x3f8 mm/slab.h:519 slab_alloc_node mm/slub.c:3225 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x1d8/0x3d4 mm/slub.c:3238 getname_flags+0xb8/0x450 fs/namei.c:138 getname+0x28/0x38 fs/namei.c:217 do_sys_openat2+0xdc/0x3f4 fs/open.c:1249 do_sys_open fs/open.c:1271 [inline] __do_sys_openat fs/open.c:1287 [inline] __se_sys_openat fs/open.c:1282 [inline] __arm64_sys_openat+0x118/0x14c fs/open.c:1282 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 826 hardirqs last enabled at (825): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (825): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (826): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (48): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (46): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16bf ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df137970 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __raw_spin_lock_init+0x4/0x128 kernel/locking/spinlock_debug.c:18 __sock_create+0x4b0/0x8b4 net/socket.c:1495 sock_create net/socket.c:1551 [inline] __sys_socket+0xf0/0x18c net/socket.c:1593 __do_sys_socket net/socket.c:1602 [inline] __se_sys_socket net/socket.c:1600 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1600 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 234714 hardirqs last enabled at (234713): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (234713): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (234714): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (234666): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (234666): [] release_sock+0x1d0/0x258 net/core/sock.c:3285 softirqs last disabled at (234664): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (234664): [] release_sock+0x34/0x258 net/core/sock.c:3272 ---[ end trace 2ba480db038c16c2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0a68000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df137d10 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : d7cad4515cea1e00 x8 : d7cad4515cea1e00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35 default_idle_call+0xcc/0x40c kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:202 [inline] do_idle+0x2f8/0x56c kernel/sched/idle.c:326 cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:424 secondary_start_kernel+0x23c/0x28c arch/arm64/kernel/smp.c:265 __secondary_switched+0x94/0x98 arch/arm64/kernel/head.S:661 irq event stamp: 524054 hardirqs last enabled at (524053): [] default_idle_call+0xb8/0x40c kernel/sched/idle.c:109 hardirqs last disabled at (524054): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (523886): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (523886): [] handle_softirqs+0xa40/0xbe4 kernel/softirq.c:604 softirqs last disabled at (523775): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (523775): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (523775): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (523775): [] __irq_exit_rcu+0x240/0x43c kernel/softirq.c:659 ---[ end trace 2ba480db038c16c3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df134148 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] el0_svc_common+0xa8/0x258 arch/arm64/kernel/syscall.c:107 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 248682 hardirqs last enabled at (248681): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (248681): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (248682): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (248580): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (248578): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16c5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4946 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4946 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4946 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4946 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4946 Comm: syz.0.49 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d4ec1b40 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1344e8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ae4f2c72f7cf0700 x8 : ae4f2c72f7cf0700 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 fetch_robust_entry kernel/futex/core.c:3763 [inline] exit_robust_list+0x11c/0x5f0 kernel/futex/core.c:3794 futex_cleanup kernel/futex/core.c:3846 [inline] futex_exit_release+0x124/0x1ac kernel/futex/core.c:3947 exit_mm_release+0x24/0x40 kernel/fork.c:1431 exit_mm+0xa4/0x664 kernel/exit.c:488 do_exit+0x4f0/0x1f50 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 __do_sys_exit_group kernel/exit.c:1008 [inline] __se_sys_exit_group kernel/exit.c:1006 [inline] __wake_up_parent+0x0/0x60 kernel/exit.c:1006 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1626 hardirqs last enabled at (1625): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1625): [] _raw_spin_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:202 hardirqs last disabled at (1626): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1594): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1592): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16ca ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df134888 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 copy_pte_range mm/memory.c:1055 [inline] copy_pmd_range mm/memory.c:1167 [inline] copy_pud_range mm/memory.c:1204 [inline] copy_p4d_range mm/memory.c:1228 [inline] copy_page_range+0xad4/0x2328 mm/memory.c:1301 dup_mmap kernel/fork.c:615 [inline] dup_mm kernel/fork.c:1466 [inline] copy_mm+0x9d8/0x105c kernel/fork.c:1518 copy_process+0x1500/0x34c8 kernel/fork.c:2290 kernel_clone+0x1ec/0x9e8 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x14c/0x1b8 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 297432 hardirqs last enabled at (297431): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (297431): [] inc_lruvec_page_state include/linux/vmstat.h:549 [inline] hardirqs last enabled at (297431): [] pgtable_pte_page_ctor include/linux/mm.h:2271 [inline] hardirqs last enabled at (297431): [] __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline] hardirqs last enabled at (297431): [] pte_alloc_one+0x194/0x254 include/asm-generic/pgalloc.h:85 hardirqs last disabled at (297432): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (297326): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (297324): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16d1 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645d x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000002 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df134c28 x20: ffff0001a0fb22e8 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] do_notify_resume+0x110/0x309c arch/arm64/kernel/signal.c:934 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1d0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 298084 hardirqs last enabled at (298083): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (298083): [] do_notify_resume+0x104/0x309c arch/arm64/kernel/signal.c:934 hardirqs last disabled at (298084): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (297990): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (297988): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16d2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4399 Comm: syz-execprog Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c89e0000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df130ee0 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 7187c4e5e8027500 x8 : 7187c4e5e8027500 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __free_object+0x1f0/0x894 lib/debugobjects.c:358 free_object lib/debugobjects.c:427 [inline] debug_object_free+0x2b0/0x450 lib/debugobjects.c:852 destroy_hrtimer_on_stack kernel/time/hrtimer.c:442 [inline] schedule_hrtimeout_range_clock+0x1e4/0x354 kernel/time/hrtimer.c:2296 schedule_hrtimeout_range+0x38/0x4c kernel/time/hrtimer.c:2340 ep_poll+0x13bc/0x1650 fs/eventpoll.c:1919 do_epoll_wait+0x1a0/0x218 fs/eventpoll.c:2329 do_epoll_pwait+0x70/0x194 fs/eventpoll.c:2363 __do_sys_epoll_pwait fs/eventpoll.c:2376 [inline] __se_sys_epoll_pwait fs/eventpoll.c:2370 [inline] __arm64_sys_epoll_pwait+0x1f4/0x24c fs/eventpoll.c:2370 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1716280 hardirqs last enabled at (1716279): [] __free_object+0x1e0/0x894 lib/debugobjects.c:358 hardirqs last disabled at (1716280): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1716248): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (1716248): [] release_sock+0x1d0/0x258 net/core/sock.c:3285 softirqs last disabled at (1716246): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (1716246): [] release_sock+0x34/0x258 net/core/sock.c:3272 ---[ end trace 2ba480db038c16d5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4984 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4984 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4984 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4984 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4984 Comm: syz.0.68 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d1079b40 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df12c6b8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 73fb1ea714612900 x8 : 73fb1ea714612900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x618 kernel/locking/lockdep.c:5626 local_lock_acquire+0x4c/0x19c include/linux/local_lock_internal.h:29 lru_cache_add+0x280/0x6dc mm/swap.c:450 lru_cache_add_inactive_or_unevictable+0x130/0x2f0 mm/swap.c:484 do_anonymous_page mm/memory.c:3878 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x23a0/0x2a28 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1ec arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1184 hardirqs last enabled at (1183): [] charge_memcg+0x190/0x21c mm/memcontrol.c:6775 hardirqs last disabled at (1184): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1094): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1092): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16da ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3660 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d61b9b40 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df12cdf8 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 6dbd0b20b0315400 x8 : 6dbd0b20b0315400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_cmp8+0xbc/0xc0 kernel/kcov.c:274 virt_to_head_page include/linux/mm.h:911 [inline] memcg_slab_free_hook+0xa8/0x1f4 mm/slab.h:348 do_slab_free mm/slub.c:3437 [inline] ___cache_free+0x78/0x1b8 mm/slub.c:3511 qlink_free+0x5c/0xa0 mm/kasan/quarantine.c:157 qlist_free_all+0x40/0xa8 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x124/0x130 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x3f8 mm/slab.h:519 slab_alloc_node mm/slub.c:3225 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x1d8/0x3d4 mm/slub.c:3238 getname_flags+0xb8/0x450 fs/namei.c:138 getname+0x28/0x38 fs/namei.c:217 do_sys_openat2+0xdc/0x3f4 fs/open.c:1249 do_sys_open fs/open.c:1271 [inline] __do_sys_openat fs/open.c:1287 [inline] __se_sys_openat fs/open.c:1282 [inline] __arm64_sys_openat+0x118/0x14c fs/open.c:1282 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1274620 hardirqs last enabled at (1274619): [] put_cpu_partial+0x188/0x214 mm/slub.c:2589 hardirqs last disabled at (1274620): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1274192): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1274190): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16de ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3645 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3645 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3645 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3645 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3645 Comm: syslogd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d50b51c0 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1a1230 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ba3012d4795b6100 x8 : ba3012d4795b6100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 memset+0x84/0x88 mm/kasan/shadow.c:48 stack_trace_save+0x9c/0xf0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e4 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kmem_cache_free+0xdc/0x3b0 mm/slub.c:3520 kfree_skbmem+0x114/0x1a8 net/core/skbuff.c:-1 __kfree_skb net/core/skbuff.c:757 [inline] consume_skb+0x140/0x338 net/core/skbuff.c:914 skb_free_datagram+0x30/0xe4 net/core/datagram.c:325 __unix_dgram_recvmsg+0x7f8/0xb3c net/unix/af_unix.c:2395 unix_dgram_recvmsg+0xd4/0xec net/unix/af_unix.c:2413 sock_recvmsg_nosec net/socket.c:968 [inline] sock_recvmsg net/socket.c:986 [inline] sock_read_iter+0x250/0x300 net/socket.c:1067 call_read_iter include/linux/fs.h:2167 [inline] new_sync_read fs/read_write.c:404 [inline] vfs_read+0x588/0xa44 fs/read_write.c:485 ksys_read+0x12c/0x224 fs/read_write.c:623 __do_sys_read fs/read_write.c:633 [inline] __se_sys_read fs/read_write.c:631 [inline] __arm64_sys_read+0x7c/0x90 fs/read_write.c:631 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 89002 hardirqs last enabled at (89001): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (89001): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (89002): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (88974): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (88972): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16df ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1a1d10 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0xc/0xac kernel/kcov.c:202 check_preemption_disabled+0x38/0x164 lib/smp_processor_id.c:16 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline] rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:1123 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0xc4/0x618 kernel/locking/lockdep.c:5594 __might_fault+0xc8/0x128 mm/memory.c:5357 _copy_to_user include/linux/uaccess.h:174 [inline] copy_to_user include/linux/uaccess.h:200 [inline] copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:857 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xe7c/0x143c net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x588/0x2538 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x210/0x2eec net/ipv4/tcp.c:4322 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3427 __sys_getsockopt+0x1b8/0x250 net/socket.c:2256 __do_sys_getsockopt net/socket.c:2271 [inline] __se_sys_getsockopt net/socket.c:2268 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2268 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 352564 hardirqs last enabled at (352563): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (352563): [] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] hardirqs last enabled at (352563): [] alloc_counters+0x3d4/0x7a0 net/ipv4/netfilter/ip_tables.c:805 hardirqs last disabled at (352564): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (352320): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (352320): [] release_sock+0x1d0/0x258 net/core/sock.c:3285 softirqs last disabled at (352318): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (352318): [] release_sock+0x34/0x258 net/core/sock.c:3272 ---[ end trace 2ba480db038c16e2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3660 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d61b9b40 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1d4148 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 6dbd0b20b0315400 x8 : 6dbd0b20b0315400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 __debug_check_no_obj_freed lib/debugobjects.c:982 [inline] debug_check_no_obj_freed+0x450/0x46c lib/debugobjects.c:1003 slab_free_hook mm/slub.c:1685 [inline] slab_free_freelist_hook+0x9c/0x1e4 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kmem_cache_free+0xdc/0x3b0 mm/slub.c:3520 putname fs/namei.c:271 [inline] user_path_at_empty+0x144/0x1a0 fs/namei.c:2893 user_path_at include/linux/namei.h:57 [inline] vfs_statx+0xf8/0x490 fs/stat.c:221 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat fs/stat.c:411 [inline] __se_sys_newfstatat fs/stat.c:405 [inline] __arm64_sys_newfstatat+0x124/0x1bc fs/stat.c:405 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1306500 hardirqs last enabled at (1306499): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1306499): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1306500): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1306486): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1306484): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16e4 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5007 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5007 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5007 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5007 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5007 Comm: syz.0.79 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d7af9b40 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1d44e8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 3dd1bfea3b822300 x8 : 3dd1bfea3b822300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] consume_stock mm/memcontrol.c:2212 [inline] try_charge_memcg+0x1e4/0x11a0 mm/memcontrol.c:2607 try_charge mm/memcontrol.c:2779 [inline] charge_memcg+0xac/0x21c mm/memcontrol.c:6765 __mem_cgroup_charge+0x38/0xb0 mm/memcontrol.c:6801 mem_cgroup_charge include/linux/memcontrol.h:700 [inline] do_anonymous_page mm/memory.c:3842 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x1808/0x2a28 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1ec arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 188 hardirqs last enabled at (187): [] consume_stock mm/memcontrol.c:2212 [inline] hardirqs last enabled at (187): [] try_charge_memcg+0x1d4/0x11a0 mm/memcontrol.c:2607 hardirqs last disabled at (188): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (48): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (46): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16e5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5015 Comm: syz.0.83 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000dbc0b680 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000df1d4c28 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 2364b697ceba0e00 x8 : 2364b697ceba0e00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x248 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 138 hardirqs last enabled at (137): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (138): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (48): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (46): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16e9 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5015 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5015 Comm: syz.0.83 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000dbc0b680 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcba8060 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 2364b697ceba0e00 x8 : 2364b697ceba0e00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x22c mm/memcontrol.c:2059 page_remove_rmap+0x3c/0xf90 mm/rmap.c:1351 zap_pte_range mm/memory.c:1384 [inline] zap_pmd_range mm/memory.c:1505 [inline] zap_pud_range mm/memory.c:1534 [inline] zap_p4d_range mm/memory.c:1555 [inline] unmap_page_range+0xb78/0x190c mm/memory.c:1576 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621 unmap_vmas+0x10c/0x214 mm/memory.c:1653 exit_mmap+0x2c4/0x508 mm/mmap.c:3216 __mmput+0xec/0x3a8 kernel/fork.c:1127 mmput+0x80/0xc0 kernel/fork.c:1148 exit_mm+0x4ac/0x664 kernel/exit.c:550 do_exit+0x4f0/0x1f50 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1334 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x354/0x309c arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1d0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1694 hardirqs last enabled at (1693): [] lock_page_memcg+0x110/0x22c mm/memcontrol.c:2059 hardirqs last disabled at (1694): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1252): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1250): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16ea ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5021 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5021 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5021 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5021 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5021 Comm: syz.0.86 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d4a151c0 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcba8400 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010005 x17: 0000000000010005 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010004 x10: 0000000000010004 x9 : 7b9de7e6cf0ffc00 x8 : 7b9de7e6cf0ffc00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010004 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:419 [inline] unlock_page_lruvec_irqrestore include/linux/memcontrol.h:1538 [inline] __pagevec_lru_add+0x1258/0x1588 mm/swap.c:1055 lru_cache_add+0x470/0x6dc mm/swap.c:453 lru_cache_add_inactive_or_unevictable+0x130/0x2f0 mm/swap.c:484 do_anonymous_page mm/memory.c:3878 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x23a0/0x2a28 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1ec arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 124 hardirqs last enabled at (123): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (123): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (124): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (48): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (46): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16ec ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcba87a0 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x248 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 387808 hardirqs last enabled at (387807): [] el0t_64_sync_handler+0x6c/0xe4 arch/arm64/kernel/entry-common.c:638 hardirqs last disabled at (387808): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (387804): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (387802): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16ee ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4399 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4399 Comm: syz-execprog Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c89e0000 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcba8ee0 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010004 x17: 0000000000010004 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 7187c4e5e8027500 x8 : 7187c4e5e8027500 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0xa8/0xac kernel/kcov.c:216 check_preemption_disabled+0x38/0x164 lib/smp_processor_id.c:16 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline] rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:1123 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xb4/0x8e0 kernel/locking/lockdep.c:5634 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_unlock+0x8c/0x11c kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:404 [inline] futex_wake+0x470/0x504 kernel/futex/core.c:1701 do_futex+0x1714/0x2650 kernel/futex/core.c:3988 __do_sys_futex kernel/futex/core.c:4060 [inline] __se_sys_futex kernel/futex/core.c:4041 [inline] __arm64_sys_futex+0x394/0x41c kernel/futex/core.c:4041 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1724770 hardirqs last enabled at (1724769): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (1724769): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (1724770): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1724764): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1724762): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16f1 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3660 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d61b9b40 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e20446b8 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 6dbd0b20b0315400 x8 : 6dbd0b20b0315400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 bytes_is_nonzero mm/kasan/generic.c:85 [inline] memory_is_nonzero mm/kasan/generic.c:102 [inline] memory_is_poisoned_n mm/kasan/generic.c:128 [inline] memory_is_poisoned mm/kasan/generic.c:159 [inline] check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x7c/0x2a0 mm/kasan/generic.c:189 memset+0x58/0x88 mm/kasan/shadow.c:44 unwind_frame+0xcc/0x68c arch/arm64/kernel/stacktrace.c:70 walk_stackframe+0x6c/0xa8 arch/arm64/kernel/stacktrace.c:148 return_address+0xd8/0x15c arch/arm64/kernel/return_address.c:46 get_lock_parent_ip include/linux/ftrace.h:859 [inline] preempt_latency_start kernel/sched/core.c:5490 [inline] preempt_count_add+0x14c/0x41c kernel/sched/core.c:5515 __raw_spin_lock include/linux/spinlock_api_smp.h:141 [inline] _raw_spin_lock+0x24/0x10c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:364 [inline] kernfs_iop_permission+0x6c/0x2e0 fs/kernfs/inode.c:285 do_inode_permission fs/namei.c:459 [inline] inode_permission+0x1d0/0x3c0 fs/namei.c:526 may_lookup fs/namei.c:1701 [inline] link_path_walk+0x268/0xbe0 fs/namei.c:2253 path_lookupat+0x90/0x3d0 fs/namei.c:2462 filename_lookup+0x1b4/0x464 fs/namei.c:2492 user_path_at_empty+0x5c/0x1a0 fs/namei.c:2891 do_readlinkat+0xe0/0x3fc fs/stat.c:442 __do_sys_readlinkat fs/stat.c:469 [inline] __se_sys_readlinkat fs/stat.c:466 [inline] __arm64_sys_readlinkat+0x9c/0xb8 fs/stat.c:466 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1359900 hardirqs last enabled at (1359899): [] seqcount_lockdep_reader_access+0x1f4/0x2b8 include/linux/seqlock.h:105 hardirqs last disabled at (1359900): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1359890): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1359888): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16f2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3660 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3660 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d61b9b40 x27: 1fffe000341f645c x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2044a58 x20: ffff0001a0fb22e0 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 6dbd0b20b0315400 x8 : 6dbd0b20b0315400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x248 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 1367300 hardirqs last enabled at (1367299): [] el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 hardirqs last disabled at (1367300): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (1367256): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1367254): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 2ba480db038c16f3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4651 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4651 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000e7820000 x27: 1fffe000341f645b x26: 0000000000000001 x25: ffff0001a0fb22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000e2044df8 x20: ffff0001a0fb22d8 x19: ffff80001146afa0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff80001125f448 x15: 00000000ffffffff x14: 0000000000000001 x13: 1fffe000341f47ab x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 19e79de5f0c73800 x8 : 19e79de5f0c73800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176f8 x4 : ffff80001437f3e0 x3 : ffff800008509220 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x22c fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x6fc arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x764 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1b8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] alloc_counters+0x3f8/0x7a0 net/ipv4/netfilter/ip_tables.c:805 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:839 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xb68/0x143c net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x588/0x2538 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x210/0x2eec net/ipv4/tcp.c:4322 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3427 __sys_getsockopt+0x1b8/0x250 net/socket.c:2256 __do_sys_getsockopt net/socket.c:2271 [inline] __se_sys_getsockopt net/socket.c:2268 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2268 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 409098 hardirqs last enabled at (409097): [] seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] hardirqs last enabled at (409097): [] get_counters net/ipv4/netfilter/ip_tables.c:758 [inline] hardirqs last enabled at (409097): [] alloc_counters+0x3d4/0x7a0 net/ipv4/netfilter/ip_tables.c:805 hardirqs last disabled at (409098): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (408780): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (408780): [] release_sock+0x1d0/0x258 net/core/sock.c:3285 softirqs last disabled at (408778): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (408778): [] release_sock+0x34/0x258 net/core/sock.c:3272 ---[ end trace 2ba480db038c16f4 ]---