Hi,

I was working on the following syzbot bug:

https://syzkaller.appspot.com/bug?extid=ce3af36144a13b018cc7

Upon debugging I found that in this case the buffer_head is having count 
0 and then when __brelse is called it tries to free it. A simple 
solution to this problem would be to remove the warn call. SInce in any 
case the buffers only get freed if the count is present and consequently 
the pointers are also set to null. Additionally we could add a check in 
the has_bh_in_lru to also consider the counter.

Link : 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/buffer.c?id=d192f5382581d972c4ae1b4d72e0b59b34cadeb9#n1509