------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4907 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4907 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4907 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4907 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4907 Comm: syz.0.17 Not tainted 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d7eb51c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcfb8230 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : d1ef507b0fd35d00 x8 : d1ef507b0fd35d00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] charge_memcg+0x198/0x220 mm/memcontrol.c:6775 __mem_cgroup_charge+0x38/0xb0 mm/memcontrol.c:6801 mem_cgroup_charge include/linux/memcontrol.h:700 [inline] do_anonymous_page mm/memory.c:3842 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x193c/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 214 hardirqs last enabled at (213): [] charge_memcg+0x190/0x220 mm/memcontrol.c:6775 hardirqs last disabled at (214): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbcc ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0948000 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcfb85d0 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a68948eb3b42c000 x8 : a68948eb3b42c000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 kernfs_remove_by_name_ns+0xd8/0x158 fs/kernfs/dir.c:1558 kernfs_remove_by_name include/linux/kernfs.h:598 [inline] sysfs_unmerge_group+0xd8/0x138 fs/sysfs/group.c:369 dpm_sysfs_remove+0x6c/0xd4 drivers/base/power/sysfs.c:833 device_del+0x258/0x964 drivers/base/core.c:3577 netdev_unregister_kobject+0x13c/0x204 net/core/net-sysfs.c:1980 unregister_netdevice_many+0x121c/0x17d0 net/core/dev.c:11161 vti6_exit_batch_net+0x3ac/0x3fc net/ipv6/ip6_vti.c:1190 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 904670 hardirqs last enabled at (904669): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (904669): [] _raw_spin_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:202 hardirqs last disabled at (904670): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (904612): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (904612): [] netif_addr_unlock_bh include/linux/netdevice.h:4625 [inline] softirqs last enabled at (904612): [] dev_mc_flush+0x1b0/0x1f4 net/core/dev_addr_lists.c:1001 softirqs last disabled at (904610): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbcd ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0948000 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de35e400 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : a68948eb3b42c000 x8 : a68948eb3b42c000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:418 [inline] __wake_up_common_lock kernel/sched/wait.c:140 [inline] __wake_up+0x110/0x16c kernel/sched/wait.c:157 netlink_unlock_table net/netlink/af_netlink.c:462 [inline] netlink_broadcast_filtered+0xd68/0xe64 net/netlink/af_netlink.c:1523 netlink_broadcast net/netlink/af_netlink.c:1543 [inline] nlmsg_multicast include/net/netlink.h:1033 [inline] nlmsg_notify+0x100/0x1f0 net/netlink/af_netlink.c:2532 rtnl_notify net/core/rtnetlink.c:759 [inline] rtmsg_ifinfo_send net/core/rtnetlink.c:3908 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3923 [inline] rtmsg_ifinfo+0xec/0x12c net/core/rtnetlink.c:3929 dev_close_many+0x23c/0x440 net/core/dev.c:1649 unregister_netdevice_many+0x3d4/0x17d0 net/core/dev.c:11110 xfrmi_exit_batch_net+0x234/0x284 net/xfrm/xfrm_interface_core.c:810 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 914110 hardirqs last enabled at (914109): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (914109): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (914110): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (914092): [] inet6_fill_ifla6_attrs+0xf64/0x1f30 net/ipv6/addrconf.c:5747 softirqs last disabled at (914090): [] inet6_fill_ifla6_attrs+0xf3c/0x1f30 net/ipv6/addrconf.c:5745 ---[ end trace 66aa56eb2031fbce ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3656 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3656 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3656 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3656 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3656 Comm: udevd Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d5ce9b40 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de35e7a0 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : be8ba9485b4c4000 x8 : be8ba9485b4c4000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_const_cmp8+0x40/0xc0 kernel/kcov.c:301 walk_stackframe+0x6c/0xa8 arch/arm64/kernel/stacktrace.c:148 return_address+0xd0/0x144 arch/arm64/kernel/return_address.c:46 get_lock_parent_ip include/linux/ftrace.h:859 [inline] preempt_latency_start kernel/sched/core.c:5471 [inline] preempt_count_add+0x13c/0x3bc kernel/sched/core.c:5496 __raw_spin_lock include/linux/spinlock_api_smp.h:141 [inline] _raw_spin_lock+0x24/0x10c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:363 [inline] kernfs_iop_permission+0x6c/0x2e0 fs/kernfs/inode.c:285 do_inode_permission fs/namei.c:459 [inline] inode_permission+0x1d0/0x3c0 fs/namei.c:526 may_open+0x274/0x3b8 fs/namei.c:3232 do_open fs/namei.c:3606 [inline] path_openat+0x1e54/0x26e4 fs/namei.c:3742 do_filp_open+0x164/0x330 fs/namei.c:3769 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1022464 hardirqs last enabled at (1022463): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (1022464): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1022114): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1022112): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbd0 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4692 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d424d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dceba318 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 76fb6547b08c6800 x8 : 76fb6547b08c6800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] count_memcg_events include/linux/memcontrol.h:1058 [inline] count_memcg_event_mm+0x1d0/0x308 include/linux/memcontrol.h:1081 handle_mm_fault+0x1a0/0x2950 mm/memory.c:4863 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 147532 hardirqs last enabled at (147531): [] count_memcg_events include/linux/memcontrol.h:1058 [inline] hardirqs last enabled at (147531): [] count_memcg_event_mm+0x1b0/0x308 include/linux/memcontrol.h:1081 hardirqs last disabled at (147532): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (147476): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (147474): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbd5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4929 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4929 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4929 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4929 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4929 Comm: syz.0.28 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000cce70000 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dceba6b8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : d652835eb0c07a00 x8 : d652835eb0c07a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 252 hardirqs last enabled at (251): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (252): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbd6 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4938 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4938 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4938 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4938 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4938 Comm: syz.0.33 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d825d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de0684e8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 1a6a6fec579cac00 x8 : 1a6a6fec579cac00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:202 spin_unlock_irq include/linux/spinlock.h:413 [inline] cgroup_css_set_fork kernel/cgroup/cgroup.c:6205 [inline] cgroup_can_fork+0x4a4/0xdc4 kernel/cgroup/cgroup.c:6314 copy_process+0x231c/0x34ac kernel/fork.c:2382 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1958 hardirqs last enabled at (1957): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1957): [] _raw_spin_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:202 hardirqs last disabled at (1958): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1922): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1920): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbd9 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4945 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4945 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4945 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4945 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4945 Comm: syz.0.36 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000da2d1b40 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcebb6b8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : c397973c49bb0c00 x8 : c397973c49bb0c00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 write_comp_data kernel/kcov.c:249 [inline] __sanitizer_cov_trace_const_cmp8+0xb4/0xc0 kernel/kcov.c:300 shmem_getpage_gfp+0x1028/0x1ef0 mm/shmem.c:1906 shmem_getpage mm/shmem.c:151 [inline] shmem_write_begin+0xe0/0x29c mm/shmem.c:2474 generic_perform_write+0x204/0x480 mm/filemap.c:3785 __generic_file_write_iter+0x23c/0x454 mm/filemap.c:3912 generic_file_write_iter+0xb0/0x1b4 mm/filemap.c:3944 call_write_iter include/linux/fs.h:2172 [inline] new_sync_write fs/read_write.c:507 [inline] vfs_write+0x7c8/0xa2c fs/read_write.c:594 ksys_write+0x120/0x210 fs/read_write.c:647 __do_sys_write fs/read_write.c:659 [inline] __se_sys_write fs/read_write.c:656 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:656 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 340 hardirqs last enabled at (339): [] seqcount_lockdep_reader_access+0x14c/0x230 include/linux/seqlock.h:105 hardirqs last disabled at (340): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbdb ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4951 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4951 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4951 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4951 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4951 Comm: syz.0.39 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000cc0db680 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcee37a0 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 3aeb89572aebfd00 x8 : 3aeb89572aebfd00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059 page_remove_rmap+0x3c/0xfd0 mm/rmap.c:1351 zap_pte_range mm/memory.c:1384 [inline] zap_pmd_range mm/memory.c:1505 [inline] zap_pud_range mm/memory.c:1534 [inline] zap_p4d_range mm/memory.c:1555 [inline] unmap_page_range+0xbb4/0x1958 mm/memory.c:1576 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621 unmap_vmas+0x104/0x200 mm/memory.c:1653 exit_mmap+0x2a8/0x4e0 mm/mmap.c:3212 __mmput+0xec/0x3b8 kernel/fork.c:1127 mmput+0x80/0xc8 kernel/fork.c:1148 exit_mm+0x4a0/0x684 kernel/exit.c:550 do_exit+0x4ec/0x1f58 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1586 hardirqs last enabled at (1585): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (1586): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (666): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (664): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbdd ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4692 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d424d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de067df8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 76fb6547b08c6800 x8 : 76fb6547b08c6800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] _raw_write_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:348 release_task+0x1494/0x16a0 kernel/exit.c:267 wait_task_zombie kernel/exit.c:1182 [inline] wait_consider_task+0x1508/0x27cc kernel/exit.c:1409 do_wait_thread kernel/exit.c:1472 [inline] do_wait+0x2f8/0xa98 kernel/exit.c:1589 kernel_wait4+0x1d0/0x318 kernel/exit.c:1752 __do_sys_wait4 kernel/exit.c:1780 [inline] __se_sys_wait4 kernel/exit.c:1776 [inline] __arm64_sys_wait4+0x120/0x2d0 kernel/exit.c:1776 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 193630 hardirqs last enabled at (193629): [] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] hardirqs last enabled at (193629): [] _raw_write_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:348 hardirqs last disabled at (193630): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (193610): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (193608): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbe2 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017200 x29: ffff800008017200 x28: ffff0000c0948000 x27: 1fffe0003421c65b x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de067318 x20: ffff0001a10e32d8 x19: ffff8000113daee0 x18: 0000000000010102 x17: 0000000000010102 x16: ffff8000082d6448 x15: 0000000000000063 x14: 0000000000ff0100 x13: 1ffff0000283006b x12: 0000000000ff0100 x11: 0000000000010102 x10: 0000000000010102 x9 : a68948eb3b42c000 x8 : a68948eb3b42c000 x7 : ffff8000082f6fc4 x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff8000082d655c x2 : 0000000000000001 x1 : 0000000000010102 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 do_interrupt_handler+0x74/0x88 arch/arm64/kernel/entry-common.c:269 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 check_kcov_mode kernel/kcov.c:172 [inline] write_comp_data kernel/kcov.c:227 [inline] __sanitizer_cov_trace_cmp8+0x6c/0xc0 kernel/kcov.c:273 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1705 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1731 slab_free mm/slub.c:3499 [inline] kfree+0x170/0x40c mm/slub.c:4559 free_fib_info_rcu+0x2cc/0x378 net/ipv4/fib_semantics.c:245 rcu_do_batch kernel/rcu/tree.c:2523 [inline] rcu_core+0x7c8/0x1764 kernel/rcu/tree.c:2763 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2776 handle_softirqs+0x344/0xbf0 kernel/softirq.c:576 __do_softirq kernel/softirq.c:610 [inline] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:457 [inline] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 irq_exit+0x14/0x88 kernel/softirq.c:683 handle_domain_irq+0x14c/0x1fc kernel/irq/irqdesc.c:711 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] console_unlock+0xc90/0x133c kernel/printk/printk.c:2748 vprintk_emit+0x13c/0x218 kernel/printk/printk.c:2274 vprintk_default+0x54/0x80 kernel/printk/printk.c:2289 vprintk+0x1e8/0x284 kernel/printk/printk_safe.c:45 _printk+0xd0/0x118 kernel/printk/printk.c:2299 __netdev_printk+0x1f8/0x39c net/core/dev.c:11512 netdev_info+0xec/0x138 net/core/dev.c:11559 __bond_release_one+0x478/0xf50 drivers/net/bonding/bond_main.c:2351 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3589 [inline] bond_netdev_event+0x554/0xc5c drivers/net/bonding/bond_main.c:3704 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:391 call_netdevice_notifiers_info net/core/dev.c:2049 [inline] call_netdevice_notifiers_extack net/core/dev.c:2061 [inline] call_netdevice_notifiers net/core/dev.c:2075 [inline] unregister_netdevice_many+0xe10/0x17d0 net/core/dev.c:11134 default_device_exit_batch+0x444/0x4a4 net/core/dev.c:11667 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1093929 hardirqs last enabled at (1093928): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1093928): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1093929): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1093876): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (1093876): [] clusterip_netdev_event+0x384/0x3ac net/ipv4/netfilter/ipt_CLUSTERIP.c:233 softirqs last disabled at (1093885): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1093885): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1093885): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1093885): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace 66aa56eb2031fbe3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4692 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d424d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de0676b8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 76fb6547b08c6800 x8 : 76fb6547b08c6800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] do_notify_resume+0x11c/0x3128 arch/arm64/kernel/signal.c:934 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 212500 hardirqs last enabled at (212499): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (212499): [] do_notify_resume+0x110/0x3128 arch/arm64/kernel/signal.c:934 hardirqs last disabled at (212500): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (212458): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (212458): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (212456): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (212456): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace 66aa56eb2031fbe7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0948000 x27: 1fffe0003421c65b x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de35d148 x20: ffff0001a10e32d8 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a68948eb3b42c000 x8 : a68948eb3b42c000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0xec/0x174 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:408 [inline] batadv_tt_global_table_free net/batman-adv/translation-table.c:2346 [inline] batadv_tt_free+0x224/0x778 net/batman-adv/translation-table.c:3605 batadv_mesh_free+0x90/0x13c net/batman-adv/main.c:279 batadv_softif_free+0x20/0x34 net/batman-adv/soft-interface.c:989 netdev_run_todo+0x7d0/0x9cc net/core/dev.c:10691 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:112 default_device_exit_batch+0x448/0x4a4 net/core/dev.c:11668 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1143814 hardirqs last enabled at (1143813): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (1143814): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1143812): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (1143812): [] batadv_tt_global_table_free net/batman-adv/translation-table.c:2346 [inline] softirqs last enabled at (1143812): [] batadv_tt_free+0x224/0x778 net/batman-adv/translation-table.c:3605 softirqs last disabled at (1143810): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (1143810): [] batadv_tt_global_table_free net/batman-adv/translation-table.c:2337 [inline] softirqs last disabled at (1143810): [] batadv_tt_free+0x120/0x778 net/batman-adv/translation-table.c:3605 ---[ end trace 66aa56eb2031fbee ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4464 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4464 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4464 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4464 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4464 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000dbb851c0 x27: 1fffe0003421c65e x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000003 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de06e230 x20: ffff0001a10e32f0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : d64f4992810af800 x8 : d64f4992810af800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:418 [inline] __wake_up_common_lock kernel/sched/wait.c:140 [inline] __wake_up_sync_key+0x11c/0x178 kernel/sched/wait.c:205 pipe_write+0xe20/0x1930 fs/pipe.c:598 call_write_iter include/linux/fs.h:2172 [inline] new_sync_write fs/read_write.c:507 [inline] vfs_write+0x7c8/0xa2c fs/read_write.c:594 ksys_write+0x120/0x210 fs/read_write.c:647 __do_sys_write fs/read_write.c:659 [inline] __se_sys_write fs/read_write.c:656 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:656 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 608990 hardirqs last enabled at (608989): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (608989): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (608990): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (608980): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (608980): [] release_sock+0x1d0/0x258 net/core/sock.c:3277 softirqs last disabled at (608978): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (608978): [] release_sock+0x34/0x258 net/core/sock.c:3264 ---[ end trace 66aa56eb2031fbf1 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: netns cleanup_net pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0948000 x27: 1fffe0003421c65b x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de06eee0 x20: ffff0001a10e32d8 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a68948eb3b42c000 x8 : a68948eb3b42c000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_save+0x18/0x38 arch/arm64/include/asm/irqflags.h:114 lock_is_held include/linux/lockdep.h:287 [inline] ___might_sleep+0x98/0x4d4 kernel/sched/core.c:9605 inet_twsk_purge+0x104/0x7ac net/ipv4/inet_timewait_sock.c:267 dccp_v4_exit_batch+0x20/0x2c net/dccp/ipv4.c:1040 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 1153352 hardirqs last enabled at (1153351): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline] hardirqs last enabled at (1153351): [] exit_to_kernel_mode+0xe0/0x168 arch/arm64/kernel/entry-common.c:91 hardirqs last disabled at (1153352): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1153350): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (1153350): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (1153335): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (1153335): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1153335): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (1153335): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace 66aa56eb2031fbf5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5016 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5016 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5016 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5016 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5016 Comm: syz.0.72 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c8721b40 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de06a318 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 9ff4939ec1093800 x8 : 9ff4939ec1093800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 task_rq_unlock kernel/sched/sched.h:1598 [inline] wake_up_new_task+0x4b8/0x818 kernel/sched/core.c:4536 kernel_clone+0x46c/0x9d4 kernel/fork.c:2703 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1446 hardirqs last enabled at (1445): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1445): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (1446): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1388): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1386): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbf6 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5019 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5019 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5019 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5019 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5019 Comm: syz.0.73 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c2280000 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de06a6b8 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 41670ddddb2bcd00 x8 : 41670ddddb2bcd00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access+0x15c/0x230 include/linux/seqlock.h:105 read_seqbegin include/linux/seqlock.h:897 [inline] zone_span_seqbegin include/linux/memory_hotplug.h:83 [inline] page_outside_zone_boundaries mm/page_alloc.c:580 [inline] bad_range+0xa0/0x2a0 mm/page_alloc.c:607 rmqueue mm/page_alloc.c:3760 [inline] get_page_from_freelist+0x2954/0x2aa8 mm/page_alloc.c:4189 __alloc_pages+0x1a0/0x470 mm/page_alloc.c:5474 alloc_pages+0x34c/0x5c0 mm/mempolicy.c:-1 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline] pte_alloc_one+0x2c/0x258 include/asm-generic/pgalloc.h:85 __pte_alloc+0x34/0x21c mm/memory.c:439 do_anonymous_page mm/memory.c:3806 [inline] handle_pte_fault mm/memory.c:4648 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x2388/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 82 hardirqs last enabled at (81): [] seqcount_lockdep_reader_access+0x14c/0x230 include/linux/seqlock.h:105 hardirqs last disabled at (82): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbf7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4579 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4579 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4579 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4579 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4579 Comm: kworker/1:6 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: rcu_gp process_srcu pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c6a2d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de06aa58 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : a6261b9495d09700 x8 : a6261b9495d09700 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:202 process_one_work+0x678/0x1140 kernel/workqueue.c:2283 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 irq event stamp: 21820 hardirqs last enabled at (21819): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (21819): [] _raw_spin_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:202 hardirqs last disabled at (21820): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (21810): [] local_bh_enable+0xc/0x2c include/linux/bottom_half.h:31 softirqs last disabled at (21806): [] local_bh_disable+0xc/0x2c include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbf8 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5029 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5029 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5029 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5029 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5029 Comm: syz.0.78 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d312d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c56cf5d0 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a726bd3b4f02ee00 x8 : a726bd3b4f02ee00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 70 hardirqs last enabled at (69): [] el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 hardirqs last disabled at (70): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbfc ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4692 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4692 Comm: syz-executor Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d424d1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c56cf970 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 76fb6547b08c6800 x8 : 76fb6547b08c6800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __call_rcu kernel/rcu/tree.c:3045 [inline] call_rcu+0x580/0x8fc kernel/rcu/tree.c:3091 security_inode_free+0xbc/0xd8 security/security.c:1065 __destroy_inode+0x2f0/0x80c fs/inode.c:286 destroy_inode fs/inode.c:309 [inline] evict+0x6b0/0x810 fs/inode.c:662 iput_final fs/inode.c:1769 [inline] iput+0x6c4/0x77c fs/inode.c:1795 proc_invalidate_siblings_dcache+0x420/0x66c fs/proc/inode.c:160 proc_flush_pid+0x24/0x34 fs/proc/base.c:3431 release_task+0x14a4/0x16a0 kernel/exit.c:269 wait_task_zombie kernel/exit.c:1182 [inline] wait_consider_task+0x1508/0x27cc kernel/exit.c:1409 do_wait_thread kernel/exit.c:1472 [inline] do_wait+0x2f8/0xa98 kernel/exit.c:1589 kernel_wait4+0x1d0/0x318 kernel/exit.c:1752 __do_sys_wait4 kernel/exit.c:1780 [inline] __se_sys_wait4 kernel/exit.c:1776 [inline] __arm64_sys_wait4+0x120/0x2d0 kernel/exit.c:1776 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 268136 hardirqs last enabled at (268135): [] __call_rcu kernel/rcu/tree.c:3045 [inline] hardirqs last enabled at (268135): [] call_rcu+0x570/0x8fc kernel/rcu/tree.c:3091 hardirqs last disabled at (268136): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (268096): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (268094): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbfd ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5032 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5032 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5032 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5032 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5032 Comm: syz.0.80 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d07bd1c0 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000c56cfd10 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : a9ef58eb4f69bc00 x8 : a9ef58eb4f69bc00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] account_kernel_stack+0x150/0x274 kernel/fork.c:388 dup_task_struct+0x768/0xc44 kernel/fork.c:968 copy_process+0x4c8/0x34ac kernel/fork.c:2121 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1420 hardirqs last enabled at (1419): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (1419): [] account_kernel_stack+0x130/0x274 kernel/fork.c:388 hardirqs last disabled at (1420): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1410): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1408): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fbfe ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5036 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5036 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5036 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5036 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5036 Comm: syz.0.82 Tainted: G W 5.15.187-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c8723680 x27: 1fffe0003421c65c x26: 0000000000000001 x25: ffff0001a10e32d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de0bc148 x20: ffff0001a10e32e0 x19: ffff8000113daee0 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111d162c x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : bdea7deccd082800 x8 : bdea7deccd082800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001425f400 x3 : ffff8000085051a4 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:855 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059 page_add_file_rmap+0x148/0x8e4 mm/rmap.c:1219 do_set_pte+0x394/0x4e0 mm/memory.c:4069 filemap_map_pages+0x9c4/0xc50 mm/filemap.c:3344 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c0/0x2950 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:819 el0_ia+0xe0/0x2d0 arch/arm64/kernel/entry-common.c:512 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:632 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1200 hardirqs last enabled at (1199): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (1200): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (14): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (12): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace 66aa56eb2031fc00 ]---