------------[ cut here ]------------ WARNING: ./include/linux/memcontrol.h:380 at obj_cgroup_memcg include/linux/memcontrol.h:380 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at folio_memcg include/linux/memcontrol.h:434 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at folio_matches_lruvec include/linux/memcontrol.h:1501 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at folio_lruvec_relock_irqsave+0x320/0x3a8 include/linux/memcontrol.h:1523, CPU#1: dhcpcd/4655 Modules linked in: CPU: 1 UID: 0 PID: 4655 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] pc : folio_memcg include/linux/memcontrol.h:434 [inline] pc : folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] pc : folio_lruvec_relock_irqsave+0x320/0x3a8 include/linux/memcontrol.h:1523 lr : obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] lr : folio_memcg include/linux/memcontrol.h:434 [inline] lr : folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] lr : folio_lruvec_relock_irqsave+0x320/0x3a8 include/linux/memcontrol.h:1523 sp : ffff8000964373a0 x29: ffff8000964373a0 x28: 1fffffbff86a96a0 x27: 00000000f5000000 x26: ffff0000c1939b00 x25: 1ffff00012c86e97 x24: dfff800000000000 x23: 0000000000000000 x22: ffff0000c1862980 x21: ffff8000964374e0 x20: fffffdffc354b500 x19: ffff8000964374b8 x18: 00000000ffffffff x17: ffff80008a0cdc80 x16: ffff80008a3b24b8 x15: ffff0000cb5c0b50 x14: ffff0000cb5c0b30 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000001 x8 : 0000000000000000 x7 : ffff800080bce9cc x6 : 0000000000000000 x5 : 0000000000000030 x4 : 0000000000000000 x3 : ffff800080941e90 x2 : 0000000000000000 x1 : ffff0000cb5c0000 x0 : 0000000000000000 Call trace: obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] (P) folio_memcg include/linux/memcontrol.h:434 [inline] (P) folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] (P) folio_lruvec_relock_irqsave+0x320/0x3a8 include/linux/memcontrol.h:1523 (P) __page_cache_release+0xa8/0x860 mm/swap.c:77 folios_put_refs+0x57c/0x8dc mm/swap.c:993 free_pages_and_swap_cache+0x238/0x3e0 mm/swap_state.c:401 __tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313 __mmput+0xe4/0x2f0 kernel/fork.c:1178 mmput+0x70/0xa8 kernel/fork.c:1201 exit_mm+0x134/0x1e8 kernel/exit.c:581 do_exit+0x518/0x1a6c kernel/exit.c:963 do_group_exit+0x194/0x22c kernel/exit.c:1117 __do_sys_exit_group kernel/exit.c:1128 [inline] __se_sys_exit_group kernel/exit.c:1126 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1126 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 1602 hardirqs last enabled at (1601): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (1601): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198 hardirqs last disabled at (1602): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (1602): [] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:166 softirqs last enabled at (1134): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (1132): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: ./include/linux/memcontrol.h:380 at obj_cgroup_memcg include/linux/memcontrol.h:380 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at folio_memcg include/linux/memcontrol.h:434 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at folio_matches_lruvec include/linux/memcontrol.h:1501 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at lruvec_del_folio include/linux/mm_inline.h:383 [inline], CPU#1: dhcpcd/4655 WARNING: ./include/linux/memcontrol.h:380 at __page_cache_release+0x6ec/0x860 mm/swap.c:78, CPU#1: dhcpcd/4655 Modules linked in: CPU: 1 UID: 0 PID: 4655 Comm: dhcpcd Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] pc : folio_memcg include/linux/memcontrol.h:434 [inline] pc : folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] pc : lruvec_del_folio include/linux/mm_inline.h:383 [inline] pc : __page_cache_release+0x6ec/0x860 mm/swap.c:78 lr : obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] lr : folio_memcg include/linux/memcontrol.h:434 [inline] lr : folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] lr : lruvec_del_folio include/linux/mm_inline.h:383 [inline] lr : __page_cache_release+0x6ec/0x860 mm/swap.c:78 sp : ffff800096437400 x29: ffff800096437420 x28: 1fffffbff86a96a0 x27: dfff800000000000 x26: 1fffffbff86a96a1 x25: 0000000000000000 x24: ffff0000c1862980 x23: ffff0000c18c0c08 x22: 0000000000000000 x21: 1fffe00018318181 x20: fffffdffc354b508 x19: fffffdffc354b500 x18: 00000000ffffffff x17: ffff80008a0cdc80 x16: ffff80008a3b24b8 x15: ffff0000cb5c0b50 x14: ffff0000cb5c0b30 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000001 x8 : 0000000000000000 x7 : ffff800080bce9cc x6 : 0000000000000000 x5 : 0000000000000030 x4 : 0000000000000000 x3 : ffff800080940708 x2 : 0000000000000000 x1 : ffff0000cb5c0000 x0 : 0000000000000000 Call trace: obj_cgroup_memcg include/linux/memcontrol.h:380 [inline] (P) folio_memcg include/linux/memcontrol.h:434 [inline] (P) folio_matches_lruvec include/linux/memcontrol.h:1501 [inline] (P) lruvec_del_folio include/linux/mm_inline.h:383 [inline] (P) __page_cache_release+0x6ec/0x860 mm/swap.c:78 (P) folios_put_refs+0x57c/0x8dc mm/swap.c:993 free_pages_and_swap_cache+0x238/0x3e0 mm/swap_state.c:401 __tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313 __mmput+0xe4/0x2f0 kernel/fork.c:1178 mmput+0x70/0xa8 kernel/fork.c:1201 exit_mm+0x134/0x1e8 kernel/exit.c:581 do_exit+0x518/0x1a6c kernel/exit.c:963 do_group_exit+0x194/0x22c kernel/exit.c:1117 __do_sys_exit_group kernel/exit.c:1128 [inline] __se_sys_exit_group kernel/exit.c:1126 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1126 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 1602 hardirqs last enabled at (1601): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (1601): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198 hardirqs last disabled at (1602): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (1602): [] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:166 softirqs last enabled at (1134): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (1132): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- ===================================== WARNING: bad unlock balance detected! syzkaller #0 Tainted: G W ------------------------------------- dhcpcd/4655 is trying to release lock (rcu_read_lock) at: [] rcu_lock_release+0x10/0x38 include/linux/rcupdate.h:309 but there are no more locks to release! other info that might help us debug this: 1 lock held by dhcpcd/4655: #0: ffff0000d1fb0d78 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:536 [inline] #0: ffff0000d1fb0d78 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x228/0xaf8 mm/mmap.c:1308 stack backtrace: CPU: 1 UID: 0 PID: 4655 Comm: dhcpcd Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 print_unlock_imbalance_bug+0xf4/0xfc kernel/locking/lockdep.c:5298 __lock_release kernel/locking/lockdep.c:-1 [inline] lock_release+0x1dc/0x3b0 kernel/locking/lockdep.c:5889 rcu_lock_release+0x2c/0x38 include/linux/rcupdate.h:310 rcu_read_unlock include/linux/rcupdate.h:869 [inline] lruvec_unlock_irqrestore include/linux/memcontrol.h:1493 [inline] folios_put_refs+0x7a4/0x8dc mm/swap.c:1000 free_pages_and_swap_cache+0x238/0x3e0 mm/swap_state.c:401 __tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313 __mmput+0xe4/0x2f0 kernel/fork.c:1178 mmput+0x70/0xa8 kernel/fork.c:1201 exit_mm+0x134/0x1e8 kernel/exit.c:581 do_exit+0x518/0x1a6c kernel/exit.c:963 do_group_exit+0x194/0x22c kernel/exit.c:1117 __do_sys_exit_group kernel/exit.c:1128 [inline] __se_sys_exit_group kernel/exit.c:1126 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1126 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 ------------[ cut here ]------------ WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x98/0x104 kernel/rcu/tree_plugin.h:445, CPU#1: dhcpcd/4655 Modules linked in: CPU: 1 UID: 0 PID: 4655 Comm: dhcpcd Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __rcu_read_unlock+0x98/0x104 kernel/rcu/tree_plugin.h:445 lr : rcu_read_unlock include/linux/rcupdate.h:871 [inline] lr : lruvec_unlock_irqrestore include/linux/memcontrol.h:1493 [inline] lr : folios_put_refs+0x7a8/0x8dc mm/swap.c:1000 sp : ffff800096437440 x29: ffff800096437450 x28: ffff800096437778 x27: ffff8000964376b8 x26: 000000000000001e x25: fffffdffc76e19c0 x24: ffff8000964375c0 x23: fffffdffc76e19f4 x22: ffff800096437778 x21: dfff800000000000 x20: 1fffe000196b8090 x19: ffff0000cb5c0484 x18: 1fffe00035c25820 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000 x11: 000000000000065a x10: 0000000000000003 x9 : 0000000000000007 x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff8000804886d0 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008048c3e0 x2 : 0000000100000000 x1 : ffff0000cb5c0000 x0 : ffff0000cb5c0000 Call trace: __rcu_read_unlock+0x98/0x104 kernel/rcu/tree_plugin.h:445 (P) rcu_read_unlock include/linux/rcupdate.h:871 [inline] lruvec_unlock_irqrestore include/linux/memcontrol.h:1493 [inline] folios_put_refs+0x7a8/0x8dc mm/swap.c:1000 free_pages_and_swap_cache+0x238/0x3e0 mm/swap_state.c:401 __tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313 __mmput+0xe4/0x2f0 kernel/fork.c:1178 mmput+0x70/0xa8 kernel/fork.c:1201 exit_mm+0x134/0x1e8 kernel/exit.c:581 do_exit+0x518/0x1a6c kernel/exit.c:963 do_group_exit+0x194/0x22c kernel/exit.c:1117 __do_sys_exit_group kernel/exit.c:1128 [inline] __se_sys_exit_group kernel/exit.c:1126 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1126 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 1631 hardirqs last enabled at (1631): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1644 [inline] hardirqs last enabled at (1631): [] finish_lock_switch+0x160/0x204 kernel/sched/core.c:5124 hardirqs last disabled at (1630): [] __schedule+0x308/0x2d24 kernel/sched/core.c:7042 softirqs last enabled at (1628): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (1628): [] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650 softirqs last disabled at (1605): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- BUG: sleeping function called from invalid context at mm/mmu_gather.c:142 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4655, name: dhcpcd preempt_count: 0, expected: 0 RCU nest depth: -1, expected: 0 INFO: lockdep is turned off. CPU: 1 UID: 0 PID: 4655 Comm: dhcpcd Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 __might_resched+0x350/0x4ac kernel/sched/core.c:9162 __tlb_batch_free_encoded_pages mm/mmu_gather.c:142 [inline] tlb_batch_pages_flush mm/mmu_gather.c:151 [inline] tlb_flush_mmu_free mm/mmu_gather.c:417 [inline] tlb_flush_mmu+0x114/0x33c mm/mmu_gather.c:424 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313 __mmput+0xe4/0x2f0 kernel/fork.c:1178 mmput+0x70/0xa8 kernel/fork.c:1201 exit_mm+0x134/0x1e8 kernel/exit.c:581 do_exit+0x518/0x1a6c kernel/exit.c:963 do_group_exit+0x194/0x22c kernel/exit.c:1117 __do_sys_exit_group kernel/exit.c:1128 [inline] __se_sys_exit_group kernel/exit.c:1126 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1126 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594