------------[ cut here ]------------ VFS: brelse: Trying to free free buffer WARNING: CPU: 1 PID: 7134 at fs/buffer.c:1229 __brelse fs/buffer.c:1229 [inline] WARNING: CPU: 1 PID: 7134 at fs/buffer.c:1229 brelse include/linux/buffer_head.h:324 [inline] WARNING: CPU: 1 PID: 7134 at fs/buffer.c:1229 __invalidate_bh_lrus fs/buffer.c:1498 [inline] WARNING: CPU: 1 PID: 7134 at fs/buffer.c:1229 invalidate_bh_lru+0x128/0x200 fs/buffer.c:1511 Modules linked in: CPU: 1 UID: 0 PID: 7134 Comm: syz-executor Tainted: G W 6.13.0-rc6-syzkaller-g6251d1776bc5 #0 Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __brelse fs/buffer.c:1229 [inline] pc : brelse include/linux/buffer_head.h:324 [inline] pc : __invalidate_bh_lrus fs/buffer.c:1498 [inline] pc : invalidate_bh_lru+0x128/0x200 fs/buffer.c:1511 lr : __brelse fs/buffer.c:1229 [inline] lr : brelse include/linux/buffer_head.h:324 [inline] lr : __invalidate_bh_lrus fs/buffer.c:1498 [inline] lr : invalidate_bh_lru+0x128/0x200 fs/buffer.c:1511 sp : ffff800080017e10 x29: ffff800080017e10 x28: 0000000000000001 x27: ffff0000d03cbc90 x26: 0000000000000001 x25: 00000000ffffffff x24: ffff0001b3817998 x23: 0000000000000000 x22: dfff800000000000 x21: 0000000000000000 x20: ffff0000db65f4e8 x19: ffff80008b842120 x18: 0000000000000008 x17: 0000000000000000 x16: ffff8000832776d4 x15: 0000000000000001 x14: 1fffe00036700eea x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000010004 x10: 0000000000ff0100 x9 : c646e14db026d900 x8 : c646e14db026d900 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800080017538 x4 : ffff80008fa90460 x3 : ffff80008073e590 x2 : 0000000000000001 x1 : 0000000100010002 x0 : 0000000000000000 Call trace: __brelse fs/buffer.c:1229 [inline] (P) brelse include/linux/buffer_head.h:324 [inline] (P) __invalidate_bh_lrus fs/buffer.c:1498 [inline] (P) invalidate_bh_lru+0x128/0x200 fs/buffer.c:1511 (P) csd_do_func kernel/smp.c:134 [inline] __flush_smp_call_function_queue+0x520/0x20b4 kernel/smp.c:540 generic_smp_call_function_single_interrupt+0x18/0x24 kernel/smp.c:457 do_handle_IPI arch/arm64/kernel/smp.c:968 [inline] ipi_handler+0x1d8/0x7d4 arch/arm64/kernel/smp.c:1016 handle_percpu_devid_irq+0x174/0x308 kernel/irq/chip.c:942 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq_desc kernel/irq/irqdesc.c:714 [inline] generic_handle_domain_irq+0x7c/0xc4 kernel/irq/irqdesc.c:770 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:865 [inline] __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:916 [inline] gic_handle_irq+0x6c/0x190 drivers/irqchip/irq-gic-v3.c:960 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:891 do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:310 __el1_irq arch/arm64/kernel/entry-common.c:560 [inline] el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:575 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:580 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P) arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P) lock_release+0x530/0x9e4 kernel/locking/lockdep.c:5873 (P) rcu_lock_release+0x24/0x30 include/linux/rcupdate.h:347 rcu_read_unlock_sched include/linux/rcupdate.h:962 [inline] pfn_valid+0x28c/0x2c0 include/linux/mmzone.h:2058 lowmem_page_address include/linux/mm.h:2250 [inline] kmap_local_page include/linux/highmem-internal.h:180 [inline] clear_highpage_kasan_tagged include/linux/highmem.h:246 [inline] kernel_init_pages mm/page_alloc.c:1040 [inline] post_alloc_hook+0x2ac/0x39c mm/page_alloc.c:1556 prep_new_page mm/page_alloc.c:1566 [inline] get_page_from_freelist+0x40b0/0x42b8 mm/page_alloc.c:3476 __alloc_pages_noprof+0x220/0x6a8 mm/page_alloc.c:4753 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] ___kmalloc_large_node+0xbc/0x1d8 mm/slub.c:4243 __kmalloc_large_node_noprof+0x2c/0xbc mm/slub.c:4270 __do_kmalloc_node mm/slub.c:4286 [inline] __kmalloc_node_noprof+0x3f8/0x55c mm/slub.c:4304 __kvmalloc_node_noprof+0x88/0x24c mm/util.c:645 kvmalloc_array_node_noprof include/linux/slab.h:1063 [inline] fq_init include/net/fq_impl.h:361 [inline] ieee80211_txq_setup_flows+0x11c/0xdb8 net/mac80211/tx.c:1586 ieee80211_register_hw+0x22cc/0x3354 net/mac80211/main.c:1516 mac80211_hwsim_new_radio+0x2308/0x3ee4 drivers/net/wireless/virtual/mac80211_hwsim.c:5519 hwsim_new_radio_nl+0xc9c/0x1c74 drivers/net/wireless/virtual/mac80211_hwsim.c:6203 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x888/0xbb0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2542 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x668/0x8a4 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x7a4/0xa8c net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x360/0x4d8 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 irq event stamp: 132408 hardirqs last enabled at (132407): [] seqcount_lockdep_reader_access+0x6c/0xd4 include/linux/seqlock.h:74 hardirqs last disabled at (132408): [] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline] hardirqs last disabled at (132408): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575 softirqs last enabled at (132146): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (132146): [] mac80211_hwsim_new_radio+0xc4/0x3ee4 drivers/net/wireless/virtual/mac80211_hwsim.c:5140 softirqs last disabled at (132144): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (132144): [] mac80211_hwsim_new_radio+0xac/0x3ee4 drivers/net/wireless/virtual/mac80211_hwsim.c:5138 ---[ end trace 0000000000000000 ]---