------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 4070 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 4070 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 4070 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 4070 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 4070 Comm: kworker/1:6 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: rcu_gp srcu_invoke_callbacks pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c20851c0 x27: 1fffe0003421a45b x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de2fb148 x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010203 x17: 0000000000010203 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010202 x10: 0000000000010202 x9 : f500ab6a4b661a00 x8 : f500ab6a4b661a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000000010202 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 complete+0x68/0xbc kernel/sched/completion.c:37 wakeme_after_rcu+0x14/0x20 kernel/rcu/update.c:367 srcu_invoke_callbacks+0x160/0x330 kernel/rcu/srcutree.c:1272 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 19085 hardirqs last enabled at (19084): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (19084): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (19085): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (17876): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (17876): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (19082): [] local_bh_disable+0xc/0x2c include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61e3 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 0 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0a68000 x27: 1fffe0003421a45b x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de2fb888 x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : f48895d7ede0da00 x8 : f48895d7ede0da00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35 default_idle_call+0xcc/0x418 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x1c8/0x480 kernel/sched/idle.c:306 cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403 secondary_start_kernel+0x23c/0x294 arch/arm64/kernel/smp.c:265 __secondary_switched+0x94/0x98 arch/arm64/kernel/head.S:661 irq event stamp: 482060 hardirqs last enabled at (482059): [] default_idle_call+0xb8/0x418 kernel/sched/idle.c:109 hardirqs last disabled at (482060): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (481936): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (481936): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (481923): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (481923): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (481923): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (481923): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace aac75304e2fd61e5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de2fbc28 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline] el0_svc_common+0xa8/0x258 arch/arm64/kernel/syscall.c:107 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 147146 hardirqs last enabled at (147145): [] local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline] hardirqs last enabled at (147145): [] el0_svc_common+0x9c/0x258 arch/arm64/kernel/syscall.c:107 hardirqs last disabled at (147146): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (146598): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (146596): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61e7 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de2f8060 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] ___slab_alloc+0x2e8/0xda8 mm/slub.c:2949 __slab_alloc+0x68/0xc0 mm/slub.c:3100 slab_alloc_node mm/slub.c:3191 [inline] slab_alloc mm/slub.c:3233 [inline] kmem_cache_alloc+0x2ac/0x3e4 mm/slub.c:3238 getname_flags+0xb8/0x450 fs/namei.c:138 getname fs/namei.c:217 [inline] __do_sys_unlinkat fs/namei.c:-1 [inline] __se_sys_unlinkat fs/namei.c:4392 [inline] __arm64_sys_unlinkat+0xb4/0xfc fs/namei.c:4392 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 157568 hardirqs last enabled at (157567): [] ___slab_alloc+0x2d8/0xda8 mm/slub.c:2949 hardirqs last disabled at (157568): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (156736): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (156734): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61eb ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5193 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5193 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5193 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5193 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5193 Comm: syz.0.31 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c18e0000 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de2f87a0 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 1c7315fbfcd61400 x8 : 1c7315fbfcd61400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_page_memcg+0x120/0x234 mm/memcontrol.c:2059 page_remove_rmap+0x3c/0xfd0 mm/rmap.c:1351 zap_pte_range mm/memory.c:1384 [inline] zap_pmd_range mm/memory.c:1505 [inline] zap_pud_range mm/memory.c:1534 [inline] zap_p4d_range mm/memory.c:1555 [inline] unmap_page_range+0xbb4/0x1958 mm/memory.c:1576 unmap_single_vma+0x13c/0x1e4 mm/memory.c:1621 unmap_vmas+0x104/0x200 mm/memory.c:1653 exit_mmap+0x2a8/0x4e0 mm/mmap.c:3216 __mmput+0xec/0x3b8 kernel/fork.c:1127 mmput+0x80/0xc8 kernel/fork.c:1148 exit_mm+0x4a0/0x684 kernel/exit.c:550 do_exit+0x4ec/0x1f58 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1322 hardirqs last enabled at (1321): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (1322): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61ee ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 136 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 136 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 136 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 136 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 136 Comm: kworker/u4:1 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: bat_events batadv_nc_worker pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c2601b40 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de37dee0 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 5d2eddcfa6c84f00 x8 : 5d2eddcfa6c84f00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0xec/0x174 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:409 [inline] batadv_nc_purge_paths+0x308/0x390 net/batman-adv/network-coding.c:475 batadv_nc_worker+0x2d0/0x554 net/batman-adv/network-coding.c:724 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 1804056 hardirqs last enabled at (1804055): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (1804056): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1804054): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (1804054): [] batadv_nc_purge_paths+0x308/0x390 net/batman-adv/network-coding.c:475 softirqs last disabled at (1804052): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (1804052): [] batadv_nc_purge_paths+0xd0/0x390 net/batman-adv/network-coding.c:446 ---[ end trace aac75304e2fd61f5 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45b x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de3ae318 x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010004 x17: 0000000000010004 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010003 x10: 0000000000010003 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010003 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xb8/0x14c kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:419 [inline] get_partial_node+0x240/0x2b8 mm/slub.c:2157 get_partial mm/slub.c:2237 [inline] ___slab_alloc+0x3ac/0xda8 mm/slub.c:3008 __slab_alloc+0x68/0xc0 mm/slub.c:3100 slab_alloc_node mm/slub.c:3191 [inline] __kmalloc_node+0x310/0x520 mm/slub.c:4456 kmalloc_node include/linux/slab.h:630 [inline] __vmalloc_area_node mm/vmalloc.c:2918 [inline] __vmalloc_node_range+0x2c0/0x8d8 mm/vmalloc.c:3037 __vmalloc_node mm/vmalloc.c:3087 [inline] vzalloc+0x118/0x190 mm/vmalloc.c:3157 alloc_counters+0x84/0x7a4 net/ipv4/netfilter/ip_tables.c:800 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:839 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1041 [inline] do_ip6t_get_ctl+0xaf4/0x13a8 net/ipv6/netfilter/ip6_tables.c:1679 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x52c/0x2584 net/ipv6/ipv6_sockglue.c:1492 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4319 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3423 __sys_getsockopt+0x1b8/0x250 net/socket.c:2257 __do_sys_getsockopt net/socket.c:2272 [inline] __se_sys_getsockopt net/socket.c:2269 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2269 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 198796 hardirqs last enabled at (198795): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (198795): [] _raw_spin_unlock_irqrestore+0xa8/0x14c kernel/locking/spinlock.c:194 hardirqs last disabled at (198796): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (198758): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (198756): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61f6 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5222 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5222 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5222 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5222 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5222 Comm: syz.0.44 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000ca5cd1c0 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de30cee0 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : ed4ae30687139100 x8 : ed4ae30687139100 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 free_unref_page_list+0x9c/0x754 mm/page_alloc.c:3432 release_pages+0x13c8/0x16e0 mm/swap.c:963 free_pages_and_swap_cache+0xa0/0xb8 mm/swap_state.c:320 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu mm/mmu_gather.c:247 [inline] tlb_finish_mmu+0x170/0x324 mm/mmu_gather.c:338 exit_mmap+0x2c4/0x4e0 mm/mmap.c:3218 __mmput+0xec/0x3b8 kernel/fork.c:1127 mmput+0x80/0xc8 kernel/fork.c:1148 exit_mm+0x4a0/0x684 kernel/exit.c:550 do_exit+0x4ec/0x1f58 kernel/exit.c:870 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 2510 hardirqs last enabled at (2509): [] uncharge_batch+0x1cc/0x330 mm/memcontrol.c:6905 hardirqs last disabled at (2510): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1164): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1162): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61f8 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 3661 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 3661 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 3661 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 3661 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 3661 Comm: udevd Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d5f551c0 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de37c318 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 6f0966a7120bda00 x8 : 6f0966a7120bda00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 on_stack arch/arm64/include/asm/stacktrace.h:79 [inline] on_task_stack arch/arm64/include/asm/stacktrace.h:106 [inline] on_accessible_stack arch/arm64/include/asm/stacktrace.h:137 [inline] unwind_frame+0x138/0x668 arch/arm64/kernel/stacktrace.c:82 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x170/0x40c mm/slub.c:4564 tomoyo_path_perm+0x334/0x440 security/tomoyo/file.c:842 tomoyo_inode_getattr+0x28/0x38 security/tomoyo/tomoyo.c:122 security_inode_getattr+0xd8/0x124 security/security.c:1348 vfs_getattr fs/stat.c:157 [inline] vfs_statx+0x118/0x458 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat fs/stat.c:411 [inline] __se_sys_newfstatat fs/stat.c:405 [inline] __arm64_sys_newfstatat+0x10c/0x190 fs/stat.c:405 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 966932 hardirqs last enabled at (966931): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (966932): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (966914): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (966912): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd61fe ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5249 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5249 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5249 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5249 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5249 Comm: syz.0.58 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0b88000 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de37c6b8 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 827cbe5cfc9e1500 x8 : 827cbe5cfc9e1500 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 rcu_lock_acquire+0x38/0x44 include/linux/rcupdate.h:313 rcu_read_lock include/linux/rcupdate.h:740 [inline] lock_page_memcg+0x50/0x234 mm/memcontrol.c:2047 page_add_file_rmap+0x148/0x8e4 mm/rmap.c:1219 do_set_pte+0x390/0x4dc mm/memory.c:4069 filemap_map_pages+0x9c4/0xc50 mm/filemap.c:3344 do_fault_around mm/memory.c:4243 [inline] do_read_fault mm/memory.c:4258 [inline] do_fault mm/memory.c:4392 [inline] handle_pte_fault mm/memory.c:4650 [inline] __handle_mm_fault mm/memory.c:4785 [inline] handle_mm_fault+0x19c4/0x2970 mm/memory.c:4883 __do_page_fault arch/arm64/mm/fault.c:505 [inline] do_page_fault+0x694/0xad4 arch/arm64/mm/fault.c:605 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_ia+0xe0/0x2d0 arch/arm64/kernel/entry-common.c:512 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:632 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1086 hardirqs last enabled at (1085): [] lock_page_memcg+0x110/0x234 mm/memcontrol.c:2059 hardirqs last disabled at (1086): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (518): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (516): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6202 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5252 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5252 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5252 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5252 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5252 Comm: syz.0.59 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000ca5cb680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de37ca58 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 72d2b0d8f87faa00 x8 : 72d2b0d8f87faa00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 316 hardirqs last enabled at (315): [] el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 hardirqs last disabled at (316): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (270): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (270): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (251): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (251): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (251): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (251): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace aac75304e2fd6203 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de37cdf8 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 kobject_get_unless_zero+0x0/0x204 lib/kobject.c:-1 blkdev_get_by_dev+0x84/0x874 block/bdev.c:807 blkdev_open+0x108/0x27c block/fops.c:466 do_dentry_open+0x760/0xebc fs/open.c:826 vfs_open+0x7c/0x90 fs/open.c:956 do_open fs/namei.c:3616 [inline] path_openat+0x1f80/0x26e4 fs/namei.c:3750 do_filp_open+0x164/0x330 fs/namei.c:3777 do_sys_openat2+0x128/0x3d8 fs/open.c:1253 do_sys_open fs/open.c:1269 [inline] __do_sys_openat fs/open.c:1285 [inline] __se_sys_openat fs/open.c:1280 [inline] __arm64_sys_openat+0x120/0x154 fs/open.c:1280 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 241992 hardirqs last enabled at (241991): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (241992): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (241416): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (241414): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6206 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5269 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5269 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5269 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5269 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5269 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c22b8000 x27: 1fffe0003421a45b x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb4f5d0 x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 07a478035ca6ae00 x8 : 07a478035ca6ae00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_const_cmp4+0xc4/0xc8 kernel/kcov.c:295 find_vma+0xc8/0x22c mm/mmap.c:2279 __do_page_fault arch/arm64/mm/fault.c:483 [inline] do_page_fault+0x614/0xad4 arch/arm64/mm/fault.c:605 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820 el0_da+0x90/0x1fc arch/arm64/kernel/entry-common.c:494 el0t_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:629 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 76 hardirqs last enabled at (75): [] local_daif_restore+0x1c/0x3c arch/arm64/include/asm/daifflags.h:75 hardirqs last disabled at (76): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (14): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (12): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6209 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5273 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5273 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5273 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5273 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5273 Comm: syz.0.70 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000cd28b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb4f970 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 3233515000039400 x8 : 3233515000039400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x200/0x380 kernel/softirq.c:406 local_bh_enable+0x28/0x34 include/linux/bottom_half.h:32 put_cpu_fpsimd_context arch/arm64/kernel/fpsimd.c:208 [inline] fpsimd_preserve_current_state+0xa8/0x16c arch/arm64/kernel/fpsimd.c:1142 arch_dup_task_struct+0x54/0x174 arch/arm64/kernel/process.c:292 dup_task_struct+0x358/0xc44 kernel/fork.c:908 copy_process+0x4c8/0x34ac kernel/fork.c:2121 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 1428 hardirqs last enabled at (1427): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (1428): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1426): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (1424): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd620a ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5278 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5278 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5278 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5278 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5278 Comm: syz.0.72 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d9898000 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dcb4fd10 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : 106d2f9f1ee8b300 x8 : 106d2f9f1ee8b300 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000000010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] _raw_write_unlock_irq+0xa0/0x128 kernel/locking/spinlock.c:348 release_task+0x1528/0x16a0 kernel/exit.c:267 exit_notify kernel/exit.c:748 [inline] do_exit+0x11e0/0x1f58 kernel/exit.c:895 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 2124 hardirqs last enabled at (2123): [] __raw_write_unlock_irq include/linux/rwlock_api_smp.h:267 [inline] hardirqs last enabled at (2123): [] _raw_write_unlock_irq+0x98/0x128 kernel/locking/spinlock.c:348 hardirqs last disabled at (2124): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (660): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (658): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd620c ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 324 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 324 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 324 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 324 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 324 Comm: kworker/u4:3 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c7aa8000 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de33b148 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010003 x17: 0000000000010003 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010002 x10: 0000000000010002 x9 : ba3260cd4d7b8000 x8 : ba3260cd4d7b8000 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 preempt_count+0x2c/0x68 arch/arm64/include/asm/preempt.h:12 check_preemption_disabled+0x38/0x164 lib/smp_processor_id.c:16 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:331 [inline] rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:1123 trace_kmem_cache_free include/trace/events/kmem.h:138 [inline] kmem_cache_free+0x284/0x3b4 mm/slub.c:3521 kfree_skbmem+0x114/0x1b0 net/core/skbuff.c:-1 __kfree_skb net/core/skbuff.c:757 [inline] consume_skb+0x140/0x33c net/core/skbuff.c:914 netlink_broadcast_filtered+0xcf4/0xe6c net/netlink/af_netlink.c:1534 netlink_broadcast net/netlink/af_netlink.c:1556 [inline] nlmsg_multicast include/net/netlink.h:1033 [inline] nlmsg_notify+0x100/0x1f0 net/netlink/af_netlink.c:2550 rtnl_notify+0xa0/0xd8 net/core/rtnetlink.c:761 mpls_netconf_notify_devconf+0xb4/0x11c net/mpls/af_mpls.c:1200 mpls_dev_sysctl_unregister+0xa8/0xc4 net/mpls/af_mpls.c:1448 mpls_dev_notify+0x4dc/0x738 net/mpls/af_mpls.c:1663 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:391 call_netdevice_notifiers_info net/core/dev.c:2049 [inline] call_netdevice_notifiers_extack net/core/dev.c:2061 [inline] call_netdevice_notifiers net/core/dev.c:2075 [inline] unregister_netdevice_many+0xe10/0x17d0 net/core/dev.c:11134 ip6gre_exit_batch_net+0x418/0x468 net/ipv6/ip6_gre.c:1650 ops_exit_list net/core/net_namespace.c:177 [inline] cleanup_net+0x644/0xa98 net/core/net_namespace.c:635 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 1512918 hardirqs last enabled at (1512917): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (1512918): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (1512896): [] pneigh_ifdown_and_unlock net/core/neighbour.c:807 [inline] softirqs last enabled at (1512896): [] __neigh_ifdown+0x184/0x348 net/core/neighbour.c:392 softirqs last disabled at (1512894): [] __neigh_ifdown+0x44/0x348 net/core/neighbour.c:390 ---[ end trace aac75304e2fd620f ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de33bc28 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el0_interrupt+0x94/0x260 arch/arm64/kernel/entry-common.c:683 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:695 el0t_64_irq+0x1a0/0x1a4 arch/arm64/kernel/entry.S:585 irq event stamp: 288530 hardirqs last enabled at (288529): [] el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 hardirqs last disabled at (288530): [] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:690 softirqs last enabled at (288028): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (288026): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6215 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5312 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5312 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5312 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5312 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5312 Comm: syz.0.89 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000ccba1b40 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de3607a0 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 1c087a1ed18b6c00 x8 : 1c087a1ed18b6c00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] kasan_quarantine_put+0xd4/0x204 mm/kasan/quarantine.c:231 ____kasan_slab_free+0x124/0x164 mm/kasan/common.c:368 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x170/0x40c mm/slub.c:4564 kvfree+0x40/0x50 mm/util.c:654 __free_fdtable fs/file.c:37 [inline] put_files_struct+0x25c/0x32c fs/file.c:431 exit_files+0x78/0x98 fs/file.c:444 do_exit+0x638/0x1f58 kernel/exit.c:878 do_group_exit+0x100/0x268 kernel/exit.c:997 get_signal+0x73c/0x1340 kernel/signal.c:2900 do_signal arch/arm64/kernel/signal.c:893 [inline] do_notify_resume+0x35c/0x3128 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xf0/0x1e0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 2082 hardirqs last enabled at (2081): [] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:231 hardirqs last disabled at (2082): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (8): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (6): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd621b ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de360ee0 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 lock_anon_vma_root mm/rmap.c:242 [inline] anon_vma_clone+0xc4/0x470 mm/rmap.c:293 anon_vma_fork+0x80/0x49c mm/rmap.c:347 dup_mmap kernel/fork.c:574 [inline] dup_mm kernel/fork.c:1466 [inline] copy_mm+0x7bc/0x1090 kernel/fork.c:1518 copy_process+0x14d8/0x34ac kernel/fork.c:2290 kernel_clone+0x1d8/0x9d4 kernel/fork.c:2679 __do_sys_clone kernel/fork.c:2796 [inline] __se_sys_clone kernel/fork.c:2764 [inline] __arm64_sys_clone+0x138/0x190 kernel/fork.c:2764 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 311712 hardirqs last enabled at (311711): [] mod_memcg_lruvec_state include/linux/memcontrol.h:1044 [inline] hardirqs last enabled at (311711): [] mod_objcg_mlstate+0x13c/0x228 mm/memcontrol.c:831 hardirqs last disabled at (311712): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (311580): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (311578): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd621e ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5325 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5325 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5325 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5325 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5325 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000ce503680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de35f6b8 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 9ab691fbe6deda00 x8 : 9ab691fbe6deda00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] lock_acquire+0x234/0x620 kernel/locking/lockdep.c:5626 rcu_lock_acquire+0x40/0x4c include/linux/rcupdate.h:313 rcu_read_lock include/linux/rcupdate.h:740 [inline] prepend_path+0x3c/0xad4 fs/d_path.c:165 d_absolute_path+0xa0/0x148 fs/d_path.c:235 tomoyo_get_absolute_path security/tomoyo/realpath.c:101 [inline] tomoyo_realpath_from_path+0x2a0/0x510 security/tomoyo/realpath.c:276 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x1b4/0x440 security/tomoyo/file.c:822 tomoyo_path_symlink+0xa8/0xec security/tomoyo/tomoyo.c:199 security_path_symlink+0xec/0x13c security/security.c:1179 do_symlinkat+0x108/0x5a8 fs/namei.c:4461 __do_sys_symlinkat fs/namei.c:4483 [inline] __se_sys_symlinkat fs/namei.c:4480 [inline] __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4480 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 860 hardirqs last enabled at (859): [] ___slab_alloc+0xc34/0xda8 mm/slub.c:2968 hardirqs last disabled at (860): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (486): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (484): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6220 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 9 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: writeback wb_workfn (flush-259:0) pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000c0948000 x27: 1fffe0003421a45b x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000000 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de38a888 x20: ffff0001a10d22d8 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : e85de0f2278af900 x8 : e85de0f2278af900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0x4/0xac kernel/kcov.c:199 mpage_prepare_extent_to_map+0x64c/0xda4 fs/ext4/inode.c:2629 ext4_writepages+0x7b0/0x2c14 fs/ext4/inode.c:2783 do_writepages+0x36c/0x578 mm/page-writeback.c:2386 __writeback_single_inode+0x148/0x11f0 fs/fs-writeback.c:1657 writeback_sb_inodes+0x7fc/0x1378 fs/fs-writeback.c:1940 __writeback_inodes_wb+0x110/0x394 fs/fs-writeback.c:2011 wb_writeback+0x3ec/0xe44 fs/fs-writeback.c:2116 wb_check_old_data_flush fs/fs-writeback.c:2216 [inline] wb_do_writeback fs/fs-writeback.c:2269 [inline] wb_workfn+0xa18/0xdd8 fs/fs-writeback.c:2298 process_one_work+0x79c/0x1140 kernel/workqueue.c:2310 worker_thread+0x8f4/0x101c kernel/workqueue.c:2457 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:856 irq event stamp: 579040 hardirqs last enabled at (579039): [] mod_lruvec_page_state include/linux/vmstat.h:497 [inline] hardirqs last enabled at (579039): [] inc_lruvec_page_state include/linux/vmstat.h:549 [inline] hardirqs last enabled at (579039): [] __test_set_page_writeback+0x6f4/0xc34 mm/page-writeback.c:2886 hardirqs last disabled at (579040): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (574684): [] softirq_handle_end kernel/softirq.c:419 [inline] softirqs last enabled at (574684): [] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:604 softirqs last disabled at (574645): [] __do_softirq kernel/softirq.c:610 [inline] softirqs last disabled at (574645): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (574645): [] invoke_softirq kernel/softirq.c:457 [inline] softirqs last disabled at (574645): [] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:659 ---[ end trace aac75304e2fd6227 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000de1bd400 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] seqcount_lockdep_reader_access+0x21c/0x2c4 include/linux/seqlock.h:105 ktime_get_coarse_real_ts64+0x44/0x134 kernel/time/timekeeping.c:2244 current_time+0x90/0x294 fs/inode.c:2391 file_update_time+0xc4/0x390 fs/inode.c:2066 pipe_write+0x10bc/0x1930 fs/pipe.c:603 call_write_iter include/linux/fs.h:2173 [inline] new_sync_write fs/read_write.c:507 [inline] vfs_write+0x7c8/0xa2c fs/read_write.c:594 ksys_write+0x120/0x210 fs/read_write.c:647 __do_sys_write fs/read_write.c:659 [inline] __se_sys_write fs/read_write.c:656 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:656 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 343888 hardirqs last enabled at (343887): [] seqcount_lockdep_reader_access+0x1fc/0x2c4 include/linux/seqlock.h:105 hardirqs last disabled at (343888): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (343830): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (343828): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd622b ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5034 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5034 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d989b680 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dca06318 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 27b2af7338b35900 x8 : 27b2af7338b35900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 kasan_quarantine_reduce+0x2c/0x130 mm/kasan/quarantine.c:243 __kasan_slab_alloc+0x34/0xcc mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x408 mm/slab.h:519 slab_alloc_node mm/slub.c:3225 [inline] kmem_cache_alloc_node_trace+0x20c/0x438 mm/slub.c:3275 kmalloc_node include/linux/slab.h:625 [inline] kzalloc_node include/linux/slab.h:749 [inline] __get_vm_area_node+0x14c/0x2e8 mm/vmalloc.c:2423 __vmalloc_node_range+0xe8/0x8d8 mm/vmalloc.c:3027 __vmalloc_node mm/vmalloc.c:3087 [inline] vzalloc+0x118/0x190 mm/vmalloc.c:3157 alloc_counters+0x84/0x7a4 net/ipv4/netfilter/ip_tables.c:800 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:822 [inline] get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline] do_ipt_get_ctl+0xaf4/0x13a8 net/ipv4/netfilter/ip_tables.c:1669 nf_getsockopt+0x264/0x284 net/netfilter/nf_sockopt.c:116 ip_getsockopt+0xffc/0x158c net/ipv4/ip_sockglue.c:1797 tcp_getsockopt+0x208/0x2e78 net/ipv4/tcp.c:4319 sock_common_getsockopt+0xa8/0xc4 net/core/sock.c:3423 __sys_getsockopt+0x1b8/0x250 net/socket.c:2257 __do_sys_getsockopt net/socket.c:2272 [inline] __se_sys_getsockopt net/socket.c:2269 [inline] __arm64_sys_getsockopt+0xb8/0xd4 net/socket.c:2269 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 367276 hardirqs last enabled at (367275): [] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:406 hardirqs last disabled at (367276): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (367274): [] spin_unlock_bh include/linux/spinlock.h:409 [inline] softirqs last enabled at (367274): [] release_sock+0x1d0/0x258 net/core/sock.c:3282 softirqs last disabled at (367272): [] spin_lock_bh include/linux/spinlock.h:369 [inline] softirqs last disabled at (367272): [] release_sock+0x34/0x258 net/core/sock.c:3269 ---[ end trace aac75304e2fd6233 ]--- ------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 5373 at fs/buffer.c:1148 __brelse fs/buffer.c:1148 [inline] WARNING: CPU: 1 PID: 5373 at fs/buffer.c:1148 brelse include/linux/buffer_head.h:325 [inline] WARNING: CPU: 1 PID: 5373 at fs/buffer.c:1148 __invalidate_bh_lrus fs/buffer.c:1394 [inline] WARNING: CPU: 1 PID: 5373 at fs/buffer.c:1148 invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 Modules linked in: CPU: 1 PID: 5373 Comm: syz-executor Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1148 [inline] pc : brelse include/linux/buffer_head.h:325 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1394 [inline] pc : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 lr : __brelse fs/buffer.c:1148 [inline] lr : brelse include/linux/buffer_head.h:325 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1394 [inline] lr : invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 sp : ffff800008017de0 x29: ffff800008017de0 x28: ffff0000d30f1b40 x27: 1fffe0003421a45c x26: 0000000000000001 x25: ffff0001a10d22d8 x24: 0000000000000001 x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dca066b8 x20: ffff0001a10d22e0 x19: ffff8000113da820 x18: 0000000000010002 x17: 0000000000010002 x16: ffff8000111ceed0 x15: 00000000ffffffff x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 x11: 0000000000010001 x10: 0000000000010001 x9 : 2ccb5a6d5a766b00 x8 : 2ccb5a6d5a766b00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000080176d8 x4 : ffff80001426f5a0 x3 : ffff8000085043fc x2 : 0000000000000001 x1 : 0000000100010001 x0 : 0000000000000027 Call trace: __brelse fs/buffer.c:1148 [inline] brelse include/linux/buffer_head.h:325 [inline] __invalidate_bh_lrus fs/buffer.c:1394 [inline] invalidate_bh_lru+0x128/0x234 fs/buffer.c:1407 flush_smp_call_function_queue+0x38c/0x81c kernel/smp.c:628 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:544 do_handle_IPI arch/arm64/kernel/smp.c:904 [inline] ipi_handler+0x10c/0x710 arch/arm64/kernel/smp.c:950 handle_percpu_devid_irq+0x29c/0x76c kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:652 [inline] handle_domain_irq+0x144/0x1fc kernel/irq/irqdesc.c:707 gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:903 do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267 el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522 __sanitizer_cov_trace_pc+0xa8/0xac kernel/kcov.c:216 unwind_frame+0x3c4/0x668 arch/arm64/kernel/stacktrace.c:113 walk_stackframe arch/arm64/kernel/stacktrace.c:148 [inline] arch_stack_walk+0x200/0x2b4 arch/arm64/kernel/stacktrace.c:238 stack_trace_save+0x94/0xd8 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1710 [inline] slab_free_freelist_hook+0x128/0x1e8 mm/slub.c:1736 slab_free mm/slub.c:3504 [inline] kfree+0x170/0x40c mm/slub.c:4564 tomoyo_realpath_from_path+0x4c8/0x510 security/tomoyo/realpath.c:291 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x1b4/0x440 security/tomoyo/file.c:822 tomoyo_path_symlink+0xa8/0xec security/tomoyo/tomoyo.c:199 security_path_symlink+0xec/0x13c security/security.c:1179 do_symlinkat+0x108/0x5a8 fs/namei.c:4461 __do_sys_symlinkat fs/namei.c:4483 [inline] __se_sys_symlinkat fs/namei.c:4480 [inline] __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4480 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 irq event stamp: 674 hardirqs last enabled at (673): [] seqcount_lockdep_reader_access+0x1f4/0x2bc include/linux/seqlock.h:105 hardirqs last disabled at (674): [] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227 softirqs last enabled at (492): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31 softirqs last disabled at (490): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18 ---[ end trace aac75304e2fd6235 ]---