[ 17.151619][ T6161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 17.160337][ T6161] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: [ 17.224444][ T45] gve 0000:00:00.0 enp0s0: Device link is up. OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. executing program syzkaller login: [ 41.836151][ T6488] loop0: detected capacity change from 0 to 8 [ 41.837701][ T6488] ======================================================= [ 41.837701][ T6488] WARNING: The mand mount option has been deprecated and [ 41.837701][ T6488] and is ignored by this kernel. Remove the mand [ 41.837701][ T6488] option from the mount to silence this warning. [ 41.837701][ T6488] ======================================================= [ 41.911882][ T6488] FAULT_INJECTION: forcing a failure. [ 41.911882][ T6488] name failslab, interval 1, probability 0, space 0, times 1 [ 41.915488][ T6488] CPU: 1 UID: 0 PID: 6488 Comm: syz-executor403 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.915 ** replaying previous printk message ** [ 41.915510][ T6488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.915517][ T6488] Call trace: [ 41.915521][ T6488] show_stack+0x2c/0x3c (C) [ 41.915546][ T6488] __dump_stack+0x30/0x40 [ 41.915558][ T6488] dump_stack_lvl+0xd8/0x12c [ 41.915568][ T6488] dump_stack+0x1c/0x28 [ 41.915577][ T6488] should_fail_ex+0x41c/0x594 [ 41.915590][ T6488] should_failslab+0xc0/0x128 [ 41.915603][ T6488] kmem_cache_alloc_noprof+0x80/0x3e8 [ 41.915618][ T6488] mas_alloc_nodes+0x268/0x788 [ 41.915631][ T6488] mas_preallocate+0x4b0/0x778 [ 41.915643][ T6488] commit_merge+0x1a4/0x5b0 [ 41.915656][ T6488] vma_merge_existing_range+0x1388/0x1964 [ 41.915674][ T6488] vma_modify+0x7c/0x424 [ 41.915686][ T6488] vma_modify_flags+0x18c/0x1dc [ 41.915699][ T6488] mlock_fixup+0x18c/0x2c4 [ 41.915711][ T6488] apply_mlockall_flags+0x290/0x344 [ 41.915722][ T6488] __arm64_sys_munlockall+0x11c/0x238 [ 41.915734][ T6488] invoke_syscall+0x98/0x2b8 [ 41.915745][ T6488] el0_svc_common+0x130/0x23c [ 41.915755][ T6488] do_el0_svc+0x48/0x58 [ 41.915765][ T6488] el0_svc+0x58/0x17c [ 41.915778][ T6488] el0t_64_sync_handler+0x78/0x108 [ 41.915791][ T6488] el0t_64_sync+0x198/0x19c [ 41.917514][ T6488] vmg ffff8000a43b7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 41.917560][ T6488] vmg ffff8000a43b7a60 state: mm ffff0000dd623b80 pgoff 20000 [ 41.917560][ T6488] vmi ffff8000a43b7c40 [20000000,20800000) [ 41.917560][ T6488] prev ffff0000dd50b140 middle ffff0000dd50b140 next 0000000000000000 target 0000000000000000 [ 41.917560][ T6488] start 20000000 end 20800000 flags 100077 [ 41.917560][ T6488] file 0000000000000000 anon_vma ffff0000d6613aa0 policy 0000000000000000 [ 41.917560][ T6488] uffd_ctx 0000000000000000 [ 41.917560][ T6488] anon_name 0000000000000000 [ 41.917560][ T6488] state 0 [ 41.917560][ T6488] just_expand 0 [ 41.917560][ T6488] __adjust_middle_start 0 __adjust_next_start 0 [ 41.917560][ T6488] __remove_middle 0 __remove_next 0 [ 41.917614][ T6488] vmg ffff8000a43b7a60 mm: [ 41.917632][ T6488] mm ffff0000dd623b80 task_size 281474976710656 [ 41.917632][ T6488] mmap_base 281473604251648 mmap_legacy_base 0 [ 41.917632][ T6488] pgd ffff0000dd50a000 mm_users 1 mm_count 2 pgtables_bytes 57344 map_count 12 [ 41.917632][ T6488] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 41.917632][ T6488] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 41.917632][ T6488] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 41.917632][ T6488] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 41.917632][ T6488] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 41.917632][ T6488] binfmt ffff80008f670700 flags 8000008d [ 41.917632][ T6488] ioctx_table 0000000000000000 [ 41.917632][ T6488] owner ffff0000c879bd00 exe_file ffff0000c7dbce00 [ 41.917632][ T6488] notifier_subscriptions 0000000000000000 [ 41.917632][ T6488] numa_next_scan 4294941540 numa_scan_offset 0 numa_scan_seq 0 [ 41.917632][ T6488] tlb_flush_pending 0 [ 41.917632][ T6488] def_flags: 0x0() [ 41.917715][ T6488] vmg ffff8000a43b7a60 prev: [ 41.917733][ T6488] vma ffff0000dd50b140 start 0000000020000000 end 0000000020800000 mm ffff0000dd623b80 [ 41.917733][ T6488] prot 20000000000fc3 anon_vma ffff0000d6613aa0 vm_ops 0000000000000000 [ 41.917733][ T6488] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.917733][ T6488] refcnt 1 [ 41.917733][ T6488] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.917773][ T6488] vmg ffff8000a43b7a60 middle: [ 41.917790][ T6488] vma ffff0000dd50b140 start 0000000020000000 end 0000000020800000 mm ffff0000dd623b80 [ 41.917790][ T6488] prot 20000000000fc3 anon_vma ffff0000d6613aa0 vm_ops 0000000000000000 [ 41.917790][ T6488] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.917790][ T6488] refcnt 1 [ 41.917790][ T6488] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.917829][ T6488] vmg ffff8000a43b7a60 next: (NULL) [ 41.917846][ T6488] vmg ffff8000a43b7a60 vmi: [ 41.917863][ T6488] MAS: tree=ffff0000dd623bc0 enode=ffff0000c83e740c [ 41.917876][ T6488] (ma_active) [ 41.917892][ T6488] Store Type: [ 41.917907][ T6488] node_store [ 41.917929][ T6488] [2/10] index=20000000 last=207fffff [ 41.917949][ T6488] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 41.917971][ T6488] maple_tree(ffff0000dd623bc0) flags 30B, height 2 root ffff0000c83e6a1e [ 41.917993][ T6488] 0-ffffffffffffffff: node ffff0000c83e6a00 depth 0 type 3 parent ffff0000dd623bc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c83e740c FFFFAE30FFFF ffff0000c83e6e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 41.918243][ T6488] 0-ffffae30ffff: node ffff0000c83e7400 depth 1 type 1 parent ffff0000c83e6a06 contents: 0000000000000000 1FFFEFFF ffff0000dd50b000 1FFFFFFF ffff0000dd50b140 207FFFFF ffff0000dd498000 20FFFFFF ffff0000dd50b280 21000FFF 0000000000000000 AAAACA222FFF ffff0000dd50b3c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000dd50b500 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000dd50b640 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 41.918460][ T6488] 0-1fffefff: 0000000000000000 [ 41.918488][ T6488] 1ffff000-1fffffff: ffff0000dd50b000 [ 41.918516][ T6488] 20000000-207fffff: ffff0000dd50b140 [ 41.918550][ T6488] 20800000-20ffffff: ffff0000dd498000 [ 41.918579][ T6488] 21000000-21000fff: ffff0000dd50b280 [ 41.918607][ T6488] 21001000-aaaaca222fff: 0000000000000000 [ 41.918636][ T6488] aaaaca223000-aaaaca244fff: ffff0000dd50b3c0 [ 41.918665][ T6488] aaaaca245000-ffffae26ffff: 0000000000000000 [ 41.918693][ T6488] ffffae270000-ffffae2fbfff: ffff0000dd50b500 [ 41.918726][ T6488] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 41.918754][ T6488] ffffae30c000-ffffae30ffff: ffff0000dd50b640 [ 41.918784][ T6488] ffffae310000-ffffffffffffffff: node ffff0000c83e6e00 depth 1 type 1 parent ffff0000c83e6a0e contents: ffff0000dd50b780 FFFFAE312FFF ffff0000dd50b8c0 FFFFAE318FFF ffff0000dd50ba00 FFFFAE31CFFF ffff0000dd50bb40 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000dd50bc80 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 41.918998][ T6488] ffffae310000-ffffae312fff: ffff0000dd50b780 [ 41.919027][ T6488] ffffae313000-ffffae318fff: ffff0000dd50b8c0 [ 41.919056][ T6488] ffffae319000-ffffae31cfff: ffff0000dd50ba00 [ 41.919085][ T6488] ffffae31d000-ffffae31efff: ffff0000dd50bb40 [ 41.919114][ T6488] ffffae31f000-fffff3038fff: 0000000000000000 [ 41.919143][ T6488] fffff3039000-fffff3059fff: ffff0000dd50bc80 [ 41.919172][ T6488] fffff305a000-ffffffffffffffff: 0000000000000000 [ 41.919298][ T6488] ------------[ cut here ]------------ [ 41.919311][ T6488] WARNING: CPU: 0 PID: 6488 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.102244][ T6488] Modules linked in: [ 42.103371][ T6488] CPU: 0 UID: 0 PID: 6488 Comm: syz-executor403 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.106541][ T6488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.109350][ T6488] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.111578][ T6488] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.113323][ T6488] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.115021][ T6488] sp : ffff8000a43b7910 [ 42.116191][ T6488] x29: ffff8000a43b7990 x28: dfff800000000000 x27: 0000000000000001 [ 42.118472][ T6488] x26: 0000000020000000 x25: ffff8000a43b7a80 x24: 0000000020000000 [ 42.120675][ T6488] x23: 1ffff00014876f50 x22: ffff0000dd50b140 x21: 0000000020800000 [ 42.122951][ T6488] x20: ffff0000dd50b140 x19: ffff8000a43b7a60 x18: 00000000ffffffff [ 42.125180][ T6488] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 42.127421][ T6488] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 42.129648][ T6488] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.131849][ T6488] x8 : ffff0000c879bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.134102][ T6488] x5 : ffff8000a43b6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 42.136270][ T6488] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.138443][ T6488] Call trace: [ 42.139363][ T6488] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.141060][ T6488] vma_modify+0x7c/0x424 [ 42.142245][ T6488] vma_modify_flags+0x18c/0x1dc [ 42.143546][ T6488] mlock_fixup+0x18c/0x2c4 [ 42.144754][ T6488] apply_mlockall_flags+0x290/0x344 [ 42.146252][ T6488] __arm64_sys_munlockall+0x11c/0x238 [ 42.147759][ T6488] invoke_syscall+0x98/0x2b8 [ 42.149008][ T6488] el0_svc_common+0x130/0x23c [ 42.150339][ T6488] do_el0_svc+0x48/0x58 [ 42.151500][ T6488] el0_svc+0x58/0x17c [ 42.152613][ T6488] el0t_64_sync_handler+0x78/0x108 [ 42.154014][ T6488] el0t_64_sync+0x198/0x19c [ 42.155232][ T6488] irq event stamp: 16704 [ 42.156402][ T6488] hardirqs last enabled at (16703): [] __console_unlock+0x70/0xc4 [ 42.159045][ T6488] hardirqs last disabled at (16704): [] el1_dbg+0x24/0x80 [ 42.161512][ T6488] softirqs last enabled at (15844): [] local_bh_enable+0x10/0x34 [ 42.164138][ T6488] softirqs last disabled at (15842): [] local_bh_disable+0x10/0x34 [ 42.166818][ T6488] ---[ end trace 0000000000000000 ]--- executing program [ 42.232091][ T6490] FAULT_INJECTION: forcing a failure. [ 42.232091][ T6490] name failslab, interval 1, probabi ** replaying previous printk message ** [ 42.232091][ T6490] FAULT_INJECTION: forcing a failure. [ 42.232091][ T6490] name failslab, interval 1, probability 0, space 0, times 0 [ 42.232161][ T6490] CPU: 0 UID: 0 PID: 6490 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.232179][ T6490] Tainted: [W]=WARN [ 42.232184][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.232191][ T6490] Call trace: [ 42.232196][ T6490] show_stack+0x2c/0x3c (C) [ 42.232213][ T6490] __dump_stack+0x30/0x40 [ 42.232224][ T6490] dump_stack_lvl+0xd8/0x12c [ 42.232235][ T6490] dump_stack+0x1c/0x28 [ 42.232244][ T6490] should_fail_ex+0x41c/0x594 [ 42.232257][ T6490] should_failslab+0xc0/0x128 [ 42.232270][ T6490] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.232285][ T6490] mas_alloc_nodes+0x268/0x788 [ 42.232298][ T6490] mas_preallocate+0x4b0/0x778 [ 42.232310][ T6490] commit_merge+0x1a4/0x5b0 [ 42.232323][ T6490] vma_merge_existing_range+0x1388/0x1964 [ 42.232337][ T6490] vma_modify+0x7c/0x424 [ 42.232349][ T6490] vma_modify_flags+0x18c/0x1dc [ 42.232361][ T6490] mlock_fixup+0x18c/0x2c4 [ 42.232373][ T6490] apply_mlockall_flags+0x290/0x344 [ 42.232385][ T6490] __arm64_sys_munlockall+0x11c/0x238 [ 42.232396][ T6490] invoke_syscall+0x98/0x2b8 [ 42.232407][ T6490] el0_svc_common+0x130/0x23c [ 42.232417][ T6490] do_el0_svc+0x48/0x58 [ 42.232427][ T6490] el0_svc+0x58/0x17c [ 42.232440][ T6490] el0t_64_sync_handler+0x78/0x108 [ 42.232453][ T6490] el0t_64_sync+0x198/0x19c [ 42.233235][ T6490] vmg ffff8000a44c7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.233262][ T6490] vmg ffff8000a44c7a60 state: mm ffff0000dd624400 pgoff 20000 [ 42.233262][ T6490] vmi ffff8000a44c7c40 [20000000,20800000) [ 42.233262][ T6490] prev ffff0000dd498280 middle ffff0000dd498280 next 0000000000000000 target 0000000000000000 [ 42.233262][ T6490] start 20000000 end 20800000 flags 100077 [ 42.233262][ T6490] file 0000000000000000 anon_vma ffff0000c724f440 policy 0000000000000000 [ 42.233262][ T6490] uffd_ctx 0000000000000000 [ 42.233262][ T6490] anon_name 0000000000000000 [ 42.233262][ T6490] state 0 [ 42.233262][ T6490] just_expand 0 [ 42.233262][ T6490] __adjust_middle_start 0 __adjust_next_start 0 [ 42.233262][ T6490] __remove_middle 0 __remove_next 0 [ 42.233316][ T6490] vmg ffff8000a44c7a60 mm: [ 42.233334][ T6490] mm ffff0000dd624400 task_size 281474976710656 [ 42.233334][ T6490] mmap_base 281473604251648 mmap_legacy_base 0 [ 42.233334][ T6490] pgd ffff0000c90c3000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 42.233334][ T6490] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.233334][ T6490] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.233334][ T6490] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 42.233334][ T6490] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 42.233334][ T6490] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 42.233334][ T6490] binfmt ffff80008f670700 flags 8000008d [ 42.233334][ T6490] ioctx_table 0000000000000000 [ 42.233334][ T6490] owner ffff0000c879db80 exe_file ffff0000c7dbce00 [ 42.233334][ T6490] notifier_subscriptions 0000000000000000 [ 42.233334][ T6490] numa_next_scan 4294941575 numa_scan_offset 0 numa_scan_seq 0 [ 42.233334][ T6490] tlb_flush_pending 0 [ 42.233334][ T6490] def_flags: 0x0() [ 42.233412][ T6490] vmg ffff8000a44c7a60 prev: [ 42.233429][ T6490] vma ffff0000dd498280 start 0000000020000000 end 0000000020800000 mm ffff0000dd624400 [ 42.233429][ T6490] prot 20000000000fc3 anon_vma ffff0000c724f440 vm_ops 0000000000000000 [ 42.233429][ T6490] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.233429][ T6490] refcnt 1 [ 42.233429][ T6490] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.233469][ T6490] vmg ffff8000a44c7a60 middle: [ 42.233486][ T6490] vma ffff0000dd498280 start 0000000020000000 end 0000000020800000 mm ffff0000dd624400 [ 42.233486][ T6490] prot 20000000000fc3 anon_vma ffff0000c724f440 vm_ops 0000000000000000 [ 42.233486][ T6490] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.233486][ T6490] refcnt 1 [ 42.233486][ T6490] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.233543][ T6490] vmg ffff8000a44c7a60 next: (NULL) [ 42.233561][ T6490] vmg ffff8000a44c7a60 vmi: [ 42.233578][ T6490] MAS: tree=ffff0000dd624440 enode=ffff0000c882660c [ 42.233596][ T6490] (ma_active) [ 42.233611][ T6490] Store Type: [ 42.233627][ T6490] node_store [ 42.233648][ T6490] [2/10] index=20000000 last=207fffff [ 42.233668][ T6490] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 42.233690][ T6490] maple_tree(ffff0000dd624440) flags 30B, height 2 root ffff0000c83e761e [ 42.233712][ T6490] 0-ffffffffffffffff: node ffff0000c83e7600 depth 0 type 3 parent ffff0000dd624441 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c882660c FFFFAE30FFFF ffff0000c83e7a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.233962][ T6490] 0-ffffae30ffff: node ffff0000c8826600 depth 1 type 1 parent ffff0000c83e7606 contents: 0000000000000000 1FFFEFFF ffff0000dd498140 1FFFFFFF ffff0000dd498280 207FFFFF ffff0000ddae23c0 20FFFFFF ffff0000dd4983c0 21000FFF 0000000000000000 AAAACA222FFF ffff0000dd498500 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000dd498640 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000dd498780 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.234179][ T6490] 0-1fffefff: 0000000000000000 [ 42.234206][ T6490] 1ffff000-1fffffff: ffff0000dd498140 [ 42.234235][ T6490] 20000000-207fffff: ffff0000dd498280 [ 42.234263][ T6490] 20800000-20ffffff: ffff0000ddae23c0 [ 42.234292][ T6490] 21000000-21000fff: ffff0000dd4983c0 [ 42.234321][ T6490] 21001000-aaaaca222fff: 0000000000000000 [ 42.234349][ T6490] aaaaca223000-aaaaca244fff: ffff0000dd498500 [ 42.234378][ T6490] aaaaca245000-ffffae26ffff: 0000000000000000 [ 42.234406][ T6490] ffffae270000-ffffae2fbfff: ffff0000dd498640 [ 42.234435][ T6490] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 42.234463][ T6490] ffffae30c000-ffffae30ffff: ffff0000dd498780 [ 42.234493][ T6490] ffffae310000-ffffffffffffffff: node ffff0000c83e7a00 depth 1 type 1 parent ffff0000c83e760e contents: ffff0000dd4988c0 FFFFAE312FFF ffff0000dd498a00 FFFFAE318FFF ffff0000dd498b40 FFFFAE31CFFF ffff0000dd498c80 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000dd498dc0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.234715][ T6490] ffffae310000-ffffae312fff: ffff0000dd4988c0 [ 42.234744][ T6490] ffffae313000-ffffae318fff: ffff0000dd498a00 [ 42.234773][ T6490] ffffae319000-ffffae31cfff: ffff0000dd498b40 [ 42.234802][ T6490] ffffae31d000-ffffae31efff: ffff0000dd498c80 [ 42.234831][ T6490] ffffae31f000-fffff3038fff: 0000000000000000 [ 42.234860][ T6490] fffff3039000-fffff3059fff: ffff0000dd498dc0 [ 42.234888][ T6490] fffff305a000-ffffffffffffffff: 0000000000000000 [ 42.235016][ T6490] ------------[ cut here ]------------ [ 42.235028][ T6490] WARNING: CPU: 0 PID: 6490 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.428413][ T6490] Modules linked in: [ 42.429517][ T6490] CPU: 0 UID: 0 PID: 6490 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.433270][ T6490] Tainted: [W]=WARN [ 42.434416][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.437317][ T6490] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.439502][ T6490] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.441246][ T6490] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.443014][ T6490] sp : ffff8000a44c7910 [ 42.444143][ T6490] x29: ffff8000a44c7990 x28: dfff800000000000 x27: 0000000000000001 [ 42.446355][ T6490] x26: 0000000020000000 x25: ffff8000a44c7a80 x24: 0000000020000000 [ 42.448647][ T6490] x23: 1ffff00014898f50 x22: ffff0000dd498280 x21: 0000000020800000 [ 42.450910][ T6490] x20: ffff0000dd498280 x19: ffff8000a44c7a60 x18: 0000000000000000 [ 42.453161][ T6490] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 42.455550][ T6490] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 42.457835][ T6490] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.460084][ T6490] x8 : ffff0000c879db80 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.462341][ T6490] x5 : ffff8000a44c6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 42.464590][ T6490] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.466854][ T6490] Call trace: [ 42.467753][ T6490] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.469468][ T6490] vma_modify+0x7c/0x424 [ 42.470715][ T6490] vma_modify_flags+0x18c/0x1dc [ 42.472065][ T6490] mlock_fixup+0x18c/0x2c4 [ 42.473270][ T6490] apply_mlockall_flags+0x290/0x344 [ 42.474709][ T6490] __arm64_sys_munlockall+0x11c/0x238 [ 42.476199][ T6490] invoke_syscall+0x98/0x2b8 [ 42.477586][ T6490] el0_svc_common+0x130/0x23c [ 42.478905][ T6490] do_el0_svc+0x48/0x58 [ 42.480145][ T6490] el0_svc+0x58/0x17c [ 42.481257][ T6490] el0t_64_sync_handler+0x78/0x108 [ 42.482718][ T6490] el0t_64_sync+0x198/0x19c [ 42.483970][ T6490] irq event stamp: 14190 [ 42.485124][ T6490] hardirqs last enabled at (14189): [] __console_unlock+0x70/0xc4 [ 42.487756][ T6490] hardirqs last disabled at (14190): [] el1_dbg+0x24/0x80 [ 42.490230][ T6490] softirqs last enabled at (12988): [] handle_softirqs+0xaf8/0xc88 [ 42.493036][ T6490] softirqs last disabled at (12791): [] __do_softirq+0x14/0x20 [ 42.495624][ T6490] ---[ end trace 0000000000000000 ]--- executing program [ 42.564524][ T6491] FAULT_INJECTION: forcing a failure. [ 42.564524][ T6491] name failslab, interval 1, probability 0 ** replaying previous printk message ** [ 42.564524][ T6491] FAULT_INJECTION: forcing a failure. [ 42.564524][ T6491] name failslab, interval 1, probability 0, space 0, times 0 [ 42.564603][ T6491] CPU: 0 UID: 0 PID: 6491 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.564621][ T6491] Tainted: [W]=WARN [ 42.564625][ T6491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.564632][ T6491] Call trace: [ 42.564636][ T6491] show_stack+0x2c/0x3c (C) [ 42.564653][ T6491] __dump_stack+0x30/0x40 [ 42.564664][ T6491] dump_stack_lvl+0xd8/0x12c [ 42.564674][ T6491] dump_stack+0x1c/0x28 [ 42.564684][ T6491] should_fail_ex+0x41c/0x594 [ 42.564703][ T6491] should_failslab+0xc0/0x128 [ 42.564716][ T6491] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.564731][ T6491] mas_alloc_nodes+0x268/0x788 [ 42.564744][ T6491] mas_preallocate+0x4b0/0x778 [ 42.564756][ T6491] commit_merge+0x1a4/0x5b0 [ 42.564769][ T6491] vma_merge_existing_range+0x1388/0x1964 [ 42.564783][ T6491] vma_modify+0x7c/0x424 [ 42.564795][ T6491] vma_modify_flags+0x18c/0x1dc [ 42.564807][ T6491] mlock_fixup+0x18c/0x2c4 [ 42.564819][ T6491] apply_mlockall_flags+0x290/0x344 [ 42.564831][ T6491] __arm64_sys_munlockall+0x11c/0x238 [ 42.564842][ T6491] invoke_syscall+0x98/0x2b8 [ 42.564853][ T6491] el0_svc_common+0x130/0x23c [ 42.564863][ T6491] do_el0_svc+0x48/0x58 [ 42.564873][ T6491] el0_svc+0x58/0x17c [ 42.564886][ T6491] el0t_64_sync_handler+0x78/0x108 [ 42.564899][ T6491] el0t_64_sync+0x198/0x19c [ 42.565842][ T6491] vmg ffff8000a44d7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.565870][ T6491] vmg ffff8000a44d7a60 state: mm ffff0000dd624c80 pgoff 20000 [ 42.565870][ T6491] vmi ffff8000a44d7c40 [20000000,20800000) [ 42.565870][ T6491] prev ffff0000c97e3140 middle ffff0000c97e3140 next 0000000000000000 target 0000000000000000 [ 42.565870][ T6491] start 20000000 end 20800000 flags 100077 [ 42.565870][ T6491] file 0000000000000000 anon_vma ffff0000c724f660 policy 0000000000000000 [ 42.565870][ T6491] uffd_ctx 0000000000000000 [ 42.565870][ T6491] anon_name 0000000000000000 [ 42.565870][ T6491] state 0 [ 42.565870][ T6491] just_expand 0 [ 42.565870][ T6491] __adjust_middle_start 0 __adjust_next_start 0 [ 42.565870][ T6491] __remove_middle 0 __remove_next 0 [ 42.565923][ T6491] vmg ffff8000a44d7a60 mm: [ 42.565942][ T6491] mm ffff0000dd624c80 task_size 281474976710656 [ 42.565942][ T6491] mmap_base 281473604251648 mmap_legacy_base 0 [ 42.565942][ T6491] pgd ffff0000c97e2000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 42.565942][ T6491] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.565942][ T6491] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.565942][ T6491] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 42.565942][ T6491] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 42.565942][ T6491] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 42.565942][ T6491] binfmt ffff80008f670700 flags 8000008d [ 42.565942][ T6491] ioctx_table 0000000000000000 [ 42.565942][ T6491] owner ffff0000c8608000 exe_file ffff0000c7dbce00 [ 42.565942][ T6491] notifier_subscriptions 0000000000000000 [ 42.565942][ T6491] numa_next_scan 4294941608 numa_scan_offset 0 numa_scan_seq 0 [ 42.565942][ T6491] tlb_flush_pending 0 [ 42.565942][ T6491] def_flags: 0x0() [ 42.566020][ T6491] vmg ffff8000a44d7a60 prev: [ 42.566038][ T6491] vma ffff0000c97e3140 start 0000000020000000 end 0000000020800000 mm ffff0000dd624c80 [ 42.566038][ T6491] prot 20000000000fc3 anon_vma ffff0000c724f660 vm_ops 0000000000000000 [ 42.566038][ T6491] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.566038][ T6491] refcnt 1 [ 42.566038][ T6491] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.566077][ T6491] vmg ffff8000a44d7a60 middle: [ 42.566094][ T6491] vma ffff0000c97e3140 start 0000000020000000 end 0000000020800000 mm ffff0000dd624c80 [ 42.566094][ T6491] prot 20000000000fc3 anon_vma ffff0000c724f660 vm_ops 0000000000000000 [ 42.566094][ T6491] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.566094][ T6491] refcnt 1 [ 42.566094][ T6491] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.566133][ T6491] vmg ffff8000a44d7a60 next: (NULL) [ 42.566150][ T6491] vmg ffff8000a44d7a60 vmi: [ 42.566167][ T6491] MAS: tree=ffff0000dd624cc0 enode=ffff0000c8826e0c [ 42.566179][ T6491] (ma_active) [ 42.566195][ T6491] Store Type: [ 42.566210][ T6491] node_store [ 42.566232][ T6491] [2/10] index=20000000 last=207fffff [ 42.566252][ T6491] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 42.566274][ T6491] maple_tree(ffff0000dd624cc0) flags 30B, height 2 root ffff0000c83e7c1e [ 42.566295][ T6491] 0-ffffffffffffffff: node ffff0000c83e7c00 depth 0 type 3 parent ffff0000dd624cc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c8826e0c FFFFAE30FFFF ffff0000c7a9380c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.566563][ T6491] 0-ffffae30ffff: node ffff0000c8826e00 depth 1 type 1 parent ffff0000c83e7c06 contents: 0000000000000000 1FFFEFFF ffff0000c97e3000 1FFFFFFF ffff0000c97e3140 207FFFFF ffff0000ddae2640 20FFFFFF ffff0000c97e3280 21000FFF 0000000000000000 AAAACA222FFF ffff0000c97e33c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c97e3500 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c97e3640 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.566786][ T6491] 0-1fffefff: 0000000000000000 [ 42.566814][ T6491] 1ffff000-1fffffff: ffff0000c97e3000 [ 42.566842][ T6491] 20000000-207fffff: ffff0000c97e3140 [ 42.566871][ T6491] 20800000-20ffffff: ffff0000ddae2640 [ 42.566899][ T6491] 21000000-21000fff: ffff0000c97e3280 [ 42.566928][ T6491] 21001000-aaaaca222fff: 0000000000000000 [ 42.566956][ T6491] aaaaca223000-aaaaca244fff: ffff0000c97e33c0 [ 42.566985][ T6491] aaaaca245000-ffffae26ffff: 0000000000000000 [ 42.567014][ T6491] ffffae270000-ffffae2fbfff: ffff0000c97e3500 [ 42.567042][ T6491] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 42.567071][ T6491] ffffae30c000-ffffae30ffff: ffff0000c97e3640 [ 42.567100][ T6491] ffffae310000-ffffffffffffffff: node ffff0000c7a93800 depth 1 type 1 parent ffff0000c83e7c0e contents: ffff0000c97e3780 FFFFAE312FFF ffff0000c97e38c0 FFFFAE318FFF ffff0000c97e3a00 FFFFAE31CFFF ffff0000c97e3b40 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c97e3c80 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.567314][ T6491] ffffae310000-ffffae312fff: ffff0000c97e3780 [ 42.567343][ T6491] ffffae313000-ffffae318fff: ffff0000c97e38c0 [ 42.567372][ T6491] ffffae319000-ffffae31cfff: ffff0000c97e3a00 [ 42.567401][ T6491] ffffae31d000-ffffae31efff: ffff0000c97e3b40 [ 42.567430][ T6491] ffffae31f000-fffff3038fff: 0000000000000000 [ 42.567459][ T6491] fffff3039000-fffff3059fff: ffff0000c97e3c80 [ 42.567488][ T6491] fffff305a000-ffffffffffffffff: 0000000000000000 [ 42.567624][ T6491] ------------[ cut here ]------------ [ 42.567638][ T6491] WARNING: CPU: 0 PID: 6491 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.761112][ T6491] Modules linked in: [ 42.762208][ T6491] CPU: 0 UID: 0 PID: 6491 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.765900][ T6491] Tainted: [W]=WARN [ 42.766954][ T6491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.769795][ T6491] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.771912][ T6491] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.773658][ T6491] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.775383][ T6491] sp : ffff8000a44d7910 [ 42.776491][ T6491] x29: ffff8000a44d7990 x28: dfff800000000000 x27: 0000000000000001 [ 42.778717][ T6491] x26: 0000000020000000 x25: ffff8000a44d7a80 x24: 0000000020000000 [ 42.780915][ T6491] x23: 1ffff0001489af50 x22: ffff0000c97e3140 x21: 0000000020800000 [ 42.783144][ T6491] x20: ffff0000c97e3140 x19: ffff8000a44d7a60 x18: 0000000000000000 [ 42.785359][ T6491] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 42.787633][ T6491] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 42.789857][ T6491] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.792069][ T6491] x8 : ffff0000c8608000 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.794312][ T6491] x5 : ffff8000a44d6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 42.796572][ T6491] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.798797][ T6491] Call trace: [ 42.799717][ T6491] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.801481][ T6491] vma_modify+0x7c/0x424 [ 42.802635][ T6491] vma_modify_flags+0x18c/0x1dc [ 42.803972][ T6491] mlock_fixup+0x18c/0x2c4 [ 42.805177][ T6491] apply_mlockall_flags+0x290/0x344 [ 42.806628][ T6491] __arm64_sys_munlockall+0x11c/0x238 [ 42.808137][ T6491] invoke_syscall+0x98/0x2b8 [ 42.809402][ T6491] el0_svc_common+0x130/0x23c [ 42.810698][ T6491] do_el0_svc+0x48/0x58 [ 42.811863][ T6491] el0_svc+0x58/0x17c [ 42.812976][ T6491] el0t_64_sync_handler+0x78/0x108 [ 42.814401][ T6491] el0t_64_sync+0x198/0x19c [ 42.815697][ T6491] irq event stamp: 14206 [ 42.816899][ T6491] hardirqs last enabled at (14205): [] __console_unlock+0x70/0xc4 [ 42.819467][ T6491] hardirqs last disabled at (14206): [] el1_dbg+0x24/0x80 [ 42.821937][ T6491] softirqs last enabled at (9404): [] handle_softirqs+0xaf8/0xc88 [ 42.824583][ T6491] softirqs last disabled at (9173): [] __do_softirq+0x14/0x20 [ 42.827099][ T6491] ---[ end trace 0000000000000000 ]--- executing program [ 42.896943][ T6492] FAULT_INJECTION: forcing a failure. [ 42.896943][ T6492] name failslab, interval 1, ** replaying previous printk message ** [ 42.896943][ T6492] FAULT_INJECTION: forcing a failure. [ 42.896943][ T6492] name failslab, interval 1, probability 0, space 0, times 0 [ 42.897017][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.897035][ T6492] Tainted: [W]=WARN [ 42.897040][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.897047][ T6492] Call trace: [ 42.897051][ T6492] show_stack+0x2c/0x3c (C) [ 42.897068][ T6492] __dump_stack+0x30/0x40 [ 42.897080][ T6492] dump_stack_lvl+0xd8/0x12c [ 42.897090][ T6492] dump_stack+0x1c/0x28 [ 42.897100][ T6492] should_fail_ex+0x41c/0x594 [ 42.897112][ T6492] should_failslab+0xc0/0x128 [ 42.897125][ T6492] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.897140][ T6492] mas_alloc_nodes+0x268/0x788 [ 42.897153][ T6492] mas_preallocate+0x4b0/0x778 [ 42.897165][ T6492] commit_merge+0x1a4/0x5b0 [ 42.897178][ T6492] vma_merge_existing_range+0x1388/0x1964 [ 42.897192][ T6492] vma_modify+0x7c/0x424 [ 42.897204][ T6492] vma_modify_flags+0x18c/0x1dc [ 42.897216][ T6492] mlock_fixup+0x18c/0x2c4 [ 42.897228][ T6492] apply_mlockall_flags+0x290/0x344 [ 42.897239][ T6492] __arm64_sys_munlockall+0x11c/0x238 [ 42.897251][ T6492] invoke_syscall+0x98/0x2b8 [ 42.897261][ T6492] el0_svc_common+0x130/0x23c [ 42.897272][ T6492] do_el0_svc+0x48/0x58 [ 42.897281][ T6492] el0_svc+0x58/0x17c [ 42.897295][ T6492] el0t_64_sync_handler+0x78/0x108 [ 42.897308][ T6492] el0t_64_sync+0x198/0x19c [ 42.897881][ T6492] vmg ffff8000a44e7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.897906][ T6492] vmg ffff8000a44e7a60 state: mm ffff0000dd625500 pgoff 20000 [ 42.897906][ T6492] vmi ffff8000a44e7c40 [20000000,20800000) [ 42.897906][ T6492] prev ffff0000c5c08000 middle ffff0000c5c08000 next 0000000000000000 target 0000000000000000 [ 42.897906][ T6492] start 20000000 end 20800000 flags 100077 [ 42.897906][ T6492] file 0000000000000000 anon_vma ffff0000c724f880 policy 0000000000000000 [ 42.897906][ T6492] uffd_ctx 0000000000000000 [ 42.897906][ T6492] anon_name 0000000000000000 [ 42.897906][ T6492] state 0 [ 42.897906][ T6492] just_expand 0 [ 42.897906][ T6492] __adjust_middle_start 0 __adjust_next_start 0 [ 42.897906][ T6492] __remove_middle 0 __remove_next 0 [ 42.897959][ T6492] vmg ffff8000a44e7a60 mm: [ 42.897977][ T6492] mm ffff0000dd625500 task_size 281474976710656 [ 42.897977][ T6492] mmap_base 281473604251648 mmap_legacy_base 0 [ 42.897977][ T6492] pgd ffff0000c8215000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 42.897977][ T6492] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.897977][ T6492] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.897977][ T6492] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 42.897977][ T6492] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 42.897977][ T6492] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 42.897977][ T6492] binfmt ffff80008f670700 flags 8000008d [ 42.897977][ T6492] ioctx_table 0000000000000000 [ 42.897977][ T6492] owner ffff0000c8609e80 exe_file ffff0000c7dbce00 [ 42.897977][ T6492] notifier_subscriptions 0000000000000000 [ 42.897977][ T6492] numa_next_scan 4294941641 numa_scan_offset 0 numa_scan_seq 0 [ 42.897977][ T6492] tlb_flush_pending 0 [ 42.897977][ T6492] def_flags: 0x0() [ 42.898055][ T6492] vmg ffff8000a44e7a60 prev: [ 42.898073][ T6492] vma ffff0000c5c08000 start 0000000020000000 end 0000000020800000 mm ffff0000dd625500 [ 42.898073][ T6492] prot 20000000000fc3 anon_vma ffff0000c724f880 vm_ops 0000000000000000 [ 42.898073][ T6492] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.898073][ T6492] refcnt 1 [ 42.898073][ T6492] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.898112][ T6492] vmg ffff8000a44e7a60 middle: [ 42.898129][ T6492] vma ffff0000c5c08000 start 0000000020000000 end 0000000020800000 mm ffff0000dd625500 [ 42.898129][ T6492] prot 20000000000fc3 anon_vma ffff0000c724f880 vm_ops 0000000000000000 [ 42.898129][ T6492] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.898129][ T6492] refcnt 1 [ 42.898129][ T6492] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.898167][ T6492] vmg ffff8000a44e7a60 next: (NULL) [ 42.898185][ T6492] vmg ffff8000a44e7a60 vmi: [ 42.898202][ T6492] MAS: tree=ffff0000dd625540 enode=ffff0000c882760c [ 42.898214][ T6492] (ma_active) [ 42.898230][ T6492] Store Type: [ 42.898245][ T6492] node_store [ 42.898267][ T6492] [2/10] index=20000000 last=207fffff [ 42.898287][ T6492] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 42.898309][ T6492] maple_tree(ffff0000dd625540) flags 30B, height 2 root ffff0000c7a9261e [ 42.898331][ T6492] 0-ffffffffffffffff: node ffff0000c7a92600 depth 0 type 3 parent ffff0000dd625541 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c882760c FFFFAE30FFFF ffff0000c7a9200c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.898590][ T6492] 0-ffffae30ffff: node ffff0000c8827600 depth 1 type 1 parent ffff0000c7a92606 contents: 0000000000000000 1FFFEFFF ffff0000c97e3dc0 1FFFFFFF ffff0000c5c08000 207FFFFF ffff0000ddae28c0 20FFFFFF ffff0000c5c08140 21000FFF 0000000000000000 AAAACA222FFF ffff0000c5c08280 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c5c083c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c5c08500 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.898815][ T6492] 0-1fffefff: 0000000000000000 [ 42.898843][ T6492] 1ffff000-1fffffff: ffff0000c97e3dc0 [ 42.898872][ T6492] 20000000-207fffff: ffff0000c5c08000 [ 42.898901][ T6492] 20800000-20ffffff: ffff0000ddae28c0 [ 42.898929][ T6492] 21000000-21000fff: ffff0000c5c08140 [ 42.898958][ T6492] 21001000-aaaaca222fff: 0000000000000000 [ 42.898986][ T6492] aaaaca223000-aaaaca244fff: ffff0000c5c08280 [ 42.899015][ T6492] aaaaca245000-ffffae26ffff: 0000000000000000 [ 42.899044][ T6492] ffffae270000-ffffae2fbfff: ffff0000c5c083c0 [ 42.899073][ T6492] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 42.899102][ T6492] ffffae30c000-ffffae30ffff: ffff0000c5c08500 [ 42.899131][ T6492] ffffae310000-ffffffffffffffff: node ffff0000c7a92000 depth 1 type 1 parent ffff0000c7a9260e contents: ffff0000c5c08640 FFFFAE312FFF ffff0000c5c08780 FFFFAE318FFF ffff0000c5c088c0 FFFFAE31CFFF ffff0000c5c08a00 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c5c08b40 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.899346][ T6492] ffffae310000-ffffae312fff: ffff0000c5c08640 [ 42.899375][ T6492] ffffae313000-ffffae318fff: ffff0000c5c08780 [ 42.899404][ T6492] ffffae319000-ffffae31cfff: ffff0000c5c088c0 [ 42.899433][ T6492] ffffae31d000-ffffae31efff: ffff0000c5c08a00 [ 42.899462][ T6492] ffffae31f000-fffff3038fff: 0000000000000000 [ 42.899490][ T6492] fffff3039000-fffff3059fff: ffff0000c5c08b40 [ 42.899519][ T6492] fffff305a000-ffffffffffffffff: 0000000000000000 [ 42.899652][ T6492] ------------[ cut here ]------------ [ 42.899665][ T6492] WARNING: CPU: 0 PID: 6492 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.096177][ T6492] Modules linked in: [ 43.097285][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.101017][ T6492] Tainted: [W]=WARN [ 43.102133][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.104994][ T6492] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.107142][ T6492] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.108932][ T6492] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.110775][ T6492] sp : ffff8000a44e7910 [ 43.111914][ T6492] x29: ffff8000a44e7990 x28: dfff800000000000 x27: 0000000000000001 [ 43.114169][ T6492] x26: 0000000020000000 x25: ffff8000a44e7a80 x24: 0000000020000000 [ 43.116433][ T6492] x23: 1ffff0001489cf50 x22: ffff0000c5c08000 x21: 0000000020800000 [ 43.118685][ T6492] x20: ffff0000c5c08000 x19: ffff8000a44e7a60 x18: 0000000000000000 [ 43.120931][ T6492] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 43.123244][ T6492] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 43.125449][ T6492] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.127710][ T6492] x8 : ffff0000c8609e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.130007][ T6492] x5 : ffff8000a44e6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 43.132307][ T6492] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.134547][ T6492] Call trace: [ 43.135447][ T6492] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.137193][ T6492] vma_modify+0x7c/0x424 [ 43.138426][ T6492] vma_modify_flags+0x18c/0x1dc [ 43.139808][ T6492] mlock_fixup+0x18c/0x2c4 [ 43.141117][ T6492] apply_mlockall_flags+0x290/0x344 [ 43.142593][ T6492] __arm64_sys_munlockall+0x11c/0x238 [ 43.144139][ T6492] invoke_syscall+0x98/0x2b8 [ 43.145468][ T6492] el0_svc_common+0x130/0x23c [ 43.146826][ T6492] do_el0_svc+0x48/0x58 [ 43.148014][ T6492] el0_svc+0x58/0x17c [ 43.149259][ T6492] el0t_64_sync_handler+0x78/0x108 [ 43.150776][ T6492] el0t_64_sync+0x198/0x19c [ 43.152116][ T6492] irq event stamp: 14368 [ 43.153371][ T6492] hardirqs last enabled at (14367): [] __console_unlock+0x70/0xc4 [ 43.156075][ T6492] hardirqs last disabled at (14368): [] el1_dbg+0x24/0x80 [ 43.158620][ T6492] softirqs last enabled at (11688): [] handle_softirqs+0xaf8/0xc88 [ 43.161330][ T6492] softirqs last disabled at (11679): [] __do_softirq+0x14/0x20 [ 43.163973][ T6492] ---[ end trace 0000000000000000 ]--- executing program [ 43.233354][ T6493] FAULT_INJECTION: forcing a failure. [ 43.233354][ T6493] name failslab, interval 1, probability 0, space 0, times 0 [ 43.233424] ** replaying previous printk message ** [ 43.233424][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.233442][ T6493] Tainted: [W]=WARN [ 43.233446][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.233453][ T6493] Call trace: [ 43.233457][ T6493] show_stack+0x2c/0x3c (C) [ 43.233475][ T6493] __dump_stack+0x30/0x40 [ 43.233486][ T6493] dump_stack_lvl+0xd8/0x12c [ 43.233496][ T6493] dump_stack+0x1c/0x28 [ 43.233505][ T6493] should_fail_ex+0x41c/0x594 [ 43.233517][ T6493] should_failslab+0xc0/0x128 [ 43.233530][ T6493] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.233554][ T6493] mas_alloc_nodes+0x268/0x788 [ 43.233568][ T6493] mas_preallocate+0x4b0/0x778 [ 43.233600][ T6493] commit_merge+0x1a4/0x5b0 [ 43.233614][ T6493] vma_merge_existing_range+0x1388/0x1964 [ 43.233628][ T6493] vma_modify+0x7c/0x424 [ 43.233640][ T6493] vma_modify_flags+0x18c/0x1dc [ 43.233653][ T6493] mlock_fixup+0x18c/0x2c4 [ 43.233665][ T6493] apply_mlockall_flags+0x290/0x344 [ 43.233676][ T6493] __arm64_sys_munlockall+0x11c/0x238 [ 43.233687][ T6493] invoke_syscall+0x98/0x2b8 [ 43.233698][ T6493] el0_svc_common+0x130/0x23c [ 43.233709][ T6493] do_el0_svc+0x48/0x58 [ 43.233718][ T6493] el0_svc+0x58/0x17c [ 43.233731][ T6493] el0t_64_sync_handler+0x78/0x108 [ 43.233744][ T6493] el0t_64_sync+0x198/0x19c [ 43.235590][ T6493] vmg ffff8000a44f7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.235622][ T6493] vmg ffff8000a44f7a60 state: mm ffff0000dd625d80 pgoff 20000 [ 43.235622][ T6493] vmi ffff8000a44f7c40 [20000000,20800000) [ 43.235622][ T6493] prev ffff0000c5c08dc0 middle ffff0000c5c08dc0 next 0000000000000000 target 0000000000000000 [ 43.235622][ T6493] start 20000000 end 20800000 flags 100077 [ 43.235622][ T6493] file 0000000000000000 anon_vma ffff0000c724faa0 policy 0000000000000000 [ 43.235622][ T6493] uffd_ctx 0000000000000000 [ 43.235622][ T6493] anon_name 0000000000000000 [ 43.235622][ T6493] state 0 [ 43.235622][ T6493] just_expand 0 [ 43.235622][ T6493] __adjust_middle_start 0 __adjust_next_start 0 [ 43.235622][ T6493] __remove_middle 0 __remove_next 0 [ 43.235675][ T6493] vmg ffff8000a44f7a60 mm: [ 43.235693][ T6493] mm ffff0000dd625d80 task_size 281474976710656 [ 43.235693][ T6493] mmap_base 281473604251648 mmap_legacy_base 0 [ 43.235693][ T6493] pgd ffff0000dc486000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 43.235693][ T6493] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.235693][ T6493] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.235693][ T6493] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 43.235693][ T6493] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 43.235693][ T6493] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 43.235693][ T6493] binfmt ffff80008f670700 flags 8000008d [ 43.235693][ T6493] ioctx_table 0000000000000000 [ 43.235693][ T6493] owner ffff0000c860bd00 exe_file ffff0000c7dbce00 [ 43.235693][ T6493] notifier_subscriptions 0000000000000000 [ 43.235693][ T6493] numa_next_scan 4294941675 numa_scan_offset 0 numa_scan_seq 0 [ 43.235693][ T6493] tlb_flush_pending 0 [ 43.235693][ T6493] def_flags: 0x0() [ 43.235777][ T6493] vmg ffff8000a44f7a60 prev: [ 43.235795][ T6493] vma ffff0000c5c08dc0 start 0000000020000000 end 0000000020800000 mm ffff0000dd625d80 [ 43.235795][ T6493] prot 20000000000fc3 anon_vma ffff0000c724faa0 vm_ops 0000000000000000 [ 43.235795][ T6493] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.235795][ T6493] refcnt 1 [ 43.235795][ T6493] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.235835][ T6493] vmg ffff8000a44f7a60 middle: [ 43.235853][ T6493] vma ffff0000c5c08dc0 start 0000000020000000 end 0000000020800000 mm ffff0000dd625d80 [ 43.235853][ T6493] prot 20000000000fc3 anon_vma ffff0000c724faa0 vm_ops 0000000000000000 [ 43.235853][ T6493] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.235853][ T6493] refcnt 1 [ 43.235853][ T6493] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.235891][ T6493] vmg ffff8000a44f7a60 next: (NULL) [ 43.235908][ T6493] vmg ffff8000a44f7a60 vmi: [ 43.235925][ T6493] MAS: tree=ffff0000dd625dc0 enode=ffff0000c8827e0c [ 43.235938][ T6493] (ma_active) [ 43.235953][ T6493] Store Type: [ 43.235969][ T6493] node_store [ 43.235991][ T6493] [2/10] index=20000000 last=207fffff [ 43.236011][ T6493] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 43.236033][ T6493] maple_tree(ffff0000dd625dc0) flags 30B, height 2 root ffff0000c7a9221e [ 43.236054][ T6493] 0-ffffffffffffffff: node ffff0000c7a92200 depth 0 type 3 parent ffff0000dd625dc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c8827e0c FFFFAE30FFFF ffff0000c7a93a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.236306][ T6493] 0-ffffae30ffff: node ffff0000c8827e00 depth 1 type 1 parent ffff0000c7a92206 contents: 0000000000000000 1FFFEFFF ffff0000c5c08c80 1FFFFFFF ffff0000c5c08dc0 207FFFFF ffff0000ddae2b40 20FFFFFF ffff0000dc487000 21000FFF 0000000000000000 AAAACA222FFF ffff0000dc487140 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000dc487280 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000dc4873c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.236524][ T6493] 0-1fffefff: 0000000000000000 [ 43.236558][ T6493] 1ffff000-1fffffff: ffff0000c5c08c80 [ 43.236587][ T6493] 20000000-207fffff: ffff0000c5c08dc0 [ 43.236615][ T6493] 20800000-20ffffff: ffff0000ddae2b40 [ 43.236644][ T6493] 21000000-21000fff: ffff0000dc487000 [ 43.236673][ T6493] 21001000-aaaaca222fff: 0000000000000000 [ 43.236701][ T6493] aaaaca223000-aaaaca244fff: ffff0000dc487140 [ 43.236730][ T6493] aaaaca245000-ffffae26ffff: 0000000000000000 [ 43.236762][ T6493] ffffae270000-ffffae2fbfff: ffff0000dc487280 [ 43.236791][ T6493] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 43.236820][ T6493] ffffae30c000-ffffae30ffff: ffff0000dc4873c0 [ 43.236849][ T6493] ffffae310000-ffffffffffffffff: node ffff0000c7a93a00 depth 1 type 1 parent ffff0000c7a9220e contents: ffff0000dc487500 FFFFAE312FFF ffff0000dc487640 FFFFAE318FFF ffff0000dc487780 FFFFAE31CFFF ffff0000dc4878c0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000dc487a00 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.237065][ T6493] ffffae310000-ffffae312fff: ffff0000dc487500 [ 43.237095][ T6493] ffffae313000-ffffae318fff: ffff0000dc487640 [ 43.237124][ T6493] ffffae319000-ffffae31cfff: ffff0000dc487780 [ 43.237153][ T6493] ffffae31d000-ffffae31efff: ffff0000dc4878c0 [ 43.237182][ T6493] ffffae31f000-fffff3038fff: 0000000000000000 [ 43.237211][ T6493] fffff3039000-fffff3059fff: ffff0000dc487a00 [ 43.237240][ T6493] fffff305a000-ffffffffffffffff: 0000000000000000 [ 43.237368][ T6493] ------------[ cut here ]------------ [ 43.237380][ T6493] WARNING: CPU: 0 PID: 6493 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.427947][ T6493] Modules linked in: [ 43.429040][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.432642][ T6493] Tainted: [W]=WARN [ 43.433683][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.436437][ T6493] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.438555][ T6493] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.440191][ T6493] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.441828][ T6493] sp : ffff8000a44f7910 [ 43.442967][ T6493] x29: ffff8000a44f7990 x28: dfff800000000000 x27: 0000000000000001 [ 43.445107][ T6493] x26: 0000000020000000 x25: ffff8000a44f7a80 x24: 0000000020000000 [ 43.447379][ T6493] x23: 1ffff0001489ef50 x22: ffff0000c5c08dc0 x21: 0000000020800000 [ 43.449595][ T6493] x20: ffff0000c5c08dc0 x19: ffff8000a44f7a60 x18: 0000000000000000 [ 43.451737][ T6493] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 43.453963][ T6493] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 43.456161][ T6493] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.458399][ T6493] x8 : ffff0000c860bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.460577][ T6493] x5 : ffff8000a44f6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 43.462774][ T6493] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.465049][ T6493] Call trace: [ 43.465928][ T6493] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.467639][ T6493] vma_modify+0x7c/0x424 [ 43.468814][ T6493] vma_modify_flags+0x18c/0x1dc [ 43.470128][ T6493] mlock_fixup+0x18c/0x2c4 [ 43.471362][ T6493] apply_mlockall_flags+0x290/0x344 [ 43.472833][ T6493] __arm64_sys_munlockall+0x11c/0x238 [ 43.474324][ T6493] invoke_syscall+0x98/0x2b8 [ 43.475597][ T6493] el0_svc_common+0x130/0x23c [ 43.476917][ T6493] do_el0_svc+0x48/0x58 [ 43.478061][ T6493] el0_svc+0x58/0x17c [ 43.479122][ T6493] el0t_64_sync_handler+0x78/0x108 [ 43.480503][ T6493] el0t_64_sync+0x198/0x19c [ 43.481769][ T6493] irq event stamp: 14358 [ 43.482969][ T6493] hardirqs last enabled at (14357): [] __console_unlock+0x70/0xc4 [ 43.485578][ T6493] hardirqs last disabled at (14358): [] el1_dbg+0x24/0x80 [ 43.487944][ T6493] softirqs last enabled at (10000): [] handle_softirqs+0xaf8/0xc88 [ 43.490623][ T6493] softirqs last disabled at (9635): [] __do_softirq+0x14/0x20 [ 43.493068][ T6493] ---[ end trace 0000000000000000 ]--- executing program [ 43.561724][ T6494] FAULT_INJECTION: forcing a failure. [ 43.561724][ T6494] name failslab, interval 1, probability 0, space 0, times 0 [ 43.5 ** replaying previous printk message ** [ 43.561792][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.561809][ T6494] Tainted: [W]=WARN [ 43.561814][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.561821][ T6494] Call trace: [ 43.561825][ T6494] show_stack+0x2c/0x3c (C) [ 43.561841][ T6494] __dump_stack+0x30/0x40 [ 43.561852][ T6494] dump_stack_lvl+0xd8/0x12c [ 43.561863][ T6494] dump_stack+0x1c/0x28 [ 43.561872][ T6494] should_fail_ex+0x41c/0x594 [ 43.561884][ T6494] should_failslab+0xc0/0x128 [ 43.561898][ T6494] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.561912][ T6494] mas_alloc_nodes+0x268/0x788 [ 43.561926][ T6494] mas_preallocate+0x4b0/0x778 [ 43.561938][ T6494] commit_merge+0x1a4/0x5b0 [ 43.561951][ T6494] vma_merge_existing_range+0x1388/0x1964 [ 43.561965][ T6494] vma_modify+0x7c/0x424 [ 43.561977][ T6494] vma_modify_flags+0x18c/0x1dc [ 43.561990][ T6494] mlock_fixup+0x18c/0x2c4 [ 43.562002][ T6494] apply_mlockall_flags+0x290/0x344 [ 43.562013][ T6494] __arm64_sys_munlockall+0x11c/0x238 [ 43.562025][ T6494] invoke_syscall+0x98/0x2b8 [ 43.562035][ T6494] el0_svc_common+0x130/0x23c [ 43.562046][ T6494] do_el0_svc+0x48/0x58 [ 43.562056][ T6494] el0_svc+0x58/0x17c [ 43.562069][ T6494] el0t_64_sync_handler+0x78/0x108 [ 43.562082][ T6494] el0t_64_sync+0x198/0x19c [ 43.563680][ T6494] vmg ffff8000a4507a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.563709][ T6494] vmg ffff8000a4507a60 state: mm ffff0000dd626600 pgoff 20000 [ 43.563709][ T6494] vmi ffff8000a4507c40 [20000000,20800000) [ 43.563709][ T6494] prev ffff0000dc487c80 middle ffff0000dc487c80 next 0000000000000000 target 0000000000000000 [ 43.563709][ T6494] start 20000000 end 20800000 flags 100077 [ 43.563709][ T6494] file 0000000000000000 anon_vma ffff0000c724fcc0 policy 0000000000000000 [ 43.563709][ T6494] uffd_ctx 0000000000000000 [ 43.563709][ T6494] anon_name 0000000000000000 [ 43.563709][ T6494] state 0 [ 43.563709][ T6494] just_expand 0 [ 43.563709][ T6494] __adjust_middle_start 0 __adjust_next_start 0 [ 43.563709][ T6494] __remove_middle 0 __remove_next 0 [ 43.563762][ T6494] vmg ffff8000a4507a60 mm: [ 43.563780][ T6494] mm ffff0000dd626600 task_size 281474976710656 [ 43.563780][ T6494] mmap_base 281473604251648 mmap_legacy_base 0 [ 43.563780][ T6494] pgd ffff0000c983e000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 43.563780][ T6494] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.563780][ T6494] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.563780][ T6494] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 43.563780][ T6494] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 43.563780][ T6494] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 43.563780][ T6494] binfmt ffff80008f670700 flags 8000008d [ 43.563780][ T6494] ioctx_table 0000000000000000 [ 43.563780][ T6494] owner ffff0000c860db80 exe_file ffff0000c7dbce00 [ 43.563780][ T6494] notifier_subscriptions 0000000000000000 [ 43.563780][ T6494] numa_next_scan 4294941708 numa_scan_offset 0 numa_scan_seq 0 [ 43.563780][ T6494] tlb_flush_pending 0 [ 43.563780][ T6494] def_flags: 0x0() [ 43.563859][ T6494] vmg ffff8000a4507a60 prev: [ 43.563877][ T6494] vma ffff0000dc487c80 start 0000000020000000 end 0000000020800000 mm ffff0000dd626600 [ 43.563877][ T6494] prot 20000000000fc3 anon_vma ffff0000c724fcc0 vm_ops 0000000000000000 [ 43.563877][ T6494] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.563877][ T6494] refcnt 1 [ 43.563877][ T6494] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.563917][ T6494] vmg ffff8000a4507a60 middle: [ 43.563934][ T6494] vma ffff0000dc487c80 start 0000000020000000 end 0000000020800000 mm ffff0000dd626600 [ 43.563934][ T6494] prot 20000000000fc3 anon_vma ffff0000c724fcc0 vm_ops 0000000000000000 [ 43.563934][ T6494] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.563934][ T6494] refcnt 1 [ 43.563934][ T6494] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.563972][ T6494] vmg ffff8000a4507a60 next: (NULL) [ 43.563989][ T6494] vmg ffff8000a4507a60 vmi: [ 43.564006][ T6494] MAS: tree=ffff0000dd626640 enode=ffff0000d3fd480c [ 43.564019][ T6494] (ma_active) [ 43.564034][ T6494] Store Type: [ 43.564050][ T6494] node_store [ 43.564072][ T6494] [2/10] index=20000000 last=207fffff [ 43.564091][ T6494] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 43.564113][ T6494] maple_tree(ffff0000dd626640) flags 30B, height 2 root ffff0000c7a9321e [ 43.564135][ T6494] 0-ffffffffffffffff: node ffff0000c7a93200 depth 0 type 3 parent ffff0000dd626641 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3fd480c FFFFAE30FFFF ffff0000c7a93e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.564386][ T6494] 0-ffffae30ffff: node ffff0000d3fd4800 depth 1 type 1 parent ffff0000c7a93206 contents: 0000000000000000 1FFFEFFF ffff0000dc487b40 1FFFFFFF ffff0000dc487c80 207FFFFF ffff0000ddae2dc0 20FFFFFF ffff0000dc487dc0 21000FFF 0000000000000000 AAAACA222FFF ffff0000c983f000 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c983f140 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c983f280 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.564616][ T6494] 0-1fffefff: 0000000000000000 [ 43.564645][ T6494] 1ffff000-1fffffff: ffff0000dc487b40 [ 43.564674][ T6494] 20000000-207fffff: ffff0000dc487c80 [ 43.564702][ T6494] 20800000-20ffffff: ffff0000ddae2dc0 [ 43.564731][ T6494] 21000000-21000fff: ffff0000dc487dc0 [ 43.564759][ T6494] 21001000-aaaaca222fff: 0000000000000000 [ 43.564788][ T6494] aaaaca223000-aaaaca244fff: ffff0000c983f000 [ 43.564817][ T6494] aaaaca245000-ffffae26ffff: 0000000000000000 [ 43.564846][ T6494] ffffae270000-ffffae2fbfff: ffff0000c983f140 [ 43.564875][ T6494] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 43.564904][ T6494] ffffae30c000-ffffae30ffff: ffff0000c983f280 [ 43.564933][ T6494] ffffae310000-ffffffffffffffff: node ffff0000c7a93e00 depth 1 type 1 parent ffff0000c7a9320e contents: ffff0000c983f3c0 FFFFAE312FFF ffff0000c983f500 FFFFAE318FFF ffff0000c983f640 FFFFAE31CFFF ffff0000c983f780 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c983f8c0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.565148][ T6494] ffffae310000-ffffae312fff: ffff0000c983f3c0 [ 43.565177][ T6494] ffffae313000-ffffae318fff: ffff0000c983f500 [ 43.565206][ T6494] ffffae319000-ffffae31cfff: ffff0000c983f640 [ 43.565235][ T6494] ffffae31d000-ffffae31efff: ffff0000c983f780 [ 43.565265][ T6494] ffffae31f000-fffff3038fff: 0000000000000000 [ 43.565293][ T6494] fffff3039000-fffff3059fff: ffff0000c983f8c0 [ 43.565322][ T6494] fffff305a000-ffffffffffffffff: 0000000000000000 [ 43.565449][ T6494] ------------[ cut here ]------------ [ 43.565462][ T6494] WARNING: CPU: 0 PID: 6494 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.756894][ T6494] Modules linked in: [ 43.757971][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.761638][ T6494] Tainted: [W]=WARN [ 43.762677][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.765417][ T6494] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.767585][ T6494] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.769237][ T6494] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.771015][ T6494] sp : ffff8000a4507910 [ 43.772160][ T6494] x29: ffff8000a4507990 x28: dfff800000000000 x27: 0000000000000001 [ 43.774472][ T6494] x26: 0000000020000000 x25: ffff8000a4507a80 x24: 0000000020000000 [ 43.776747][ T6494] x23: 1ffff000148a0f50 x22: ffff0000dc487c80 x21: 0000000020800000 [ 43.779021][ T6494] x20: ffff0000dc487c80 x19: ffff8000a4507a60 x18: 0000000000000000 [ 43.781286][ T6494] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 43.783484][ T6494] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 43.785748][ T6494] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.788037][ T6494] x8 : ffff0000c860db80 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.790349][ T6494] x5 : ffff8000a4506ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 43.792615][ T6494] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.794877][ T6494] Call trace: [ 43.795831][ T6494] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.797518][ T6494] vma_modify+0x7c/0x424 [ 43.798704][ T6494] vma_modify_flags+0x18c/0x1dc [ 43.800120][ T6494] mlock_fixup+0x18c/0x2c4 [ 43.801394][ T6494] apply_mlockall_flags+0x290/0x344 [ 43.802905][ T6494] __arm64_sys_munlockall+0x11c/0x238 [ 43.804443][ T6494] invoke_syscall+0x98/0x2b8 [ 43.805820][ T6494] el0_svc_common+0x130/0x23c [ 43.807152][ T6494] do_el0_svc+0x48/0x58 [ 43.808326][ T6494] el0_svc+0x58/0x17c [ 43.809496][ T6494] el0t_64_sync_handler+0x78/0x108 [ 43.811036][ T6494] el0t_64_sync+0x198/0x19c [ 43.812311][ T6494] irq event stamp: 14502 [ 43.813586][ T6494] hardirqs last enabled at (14501): [] __console_unlock+0x70/0xc4 [ 43.816302][ T6494] hardirqs last disabled at (14502): [] el1_dbg+0x24/0x80 [ 43.818756][ T6494] softirqs last enabled at (10578): [] handle_softirqs+0xaf8/0xc88 [ 43.821414][ T6494] softirqs last disabled at (10077): [] __do_softirq+0x14/0x20 [ 43.823957][ T6494] ---[ end trace 0000000000000000 ]--- executing program [ 43.893847][ T6495] FAULT_INJECTION: forcing a failure. [ 43.893847][ T6495] name failslab, interval 1, probability 0, space 0, times 0 [ 43.89391 ** replaying previous printk message ** [ 43.893919][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.893937][ T6495] Tainted: [W]=WARN [ 43.893942][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.893949][ T6495] Call trace: [ 43.893953][ T6495] show_stack+0x2c/0x3c (C) [ 43.893970][ T6495] __dump_stack+0x30/0x40 [ 43.893982][ T6495] dump_stack_lvl+0xd8/0x12c [ 43.893992][ T6495] dump_stack+0x1c/0x28 [ 43.894001][ T6495] should_fail_ex+0x41c/0x594 [ 43.894013][ T6495] should_failslab+0xc0/0x128 [ 43.894026][ T6495] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.894041][ T6495] mas_alloc_nodes+0x268/0x788 [ 43.894054][ T6495] mas_preallocate+0x4b0/0x778 [ 43.894066][ T6495] commit_merge+0x1a4/0x5b0 [ 43.894079][ T6495] vma_merge_existing_range+0x1388/0x1964 [ 43.894092][ T6495] vma_modify+0x7c/0x424 [ 43.894105][ T6495] vma_modify_flags+0x18c/0x1dc [ 43.894118][ T6495] mlock_fixup+0x18c/0x2c4 [ 43.894129][ T6495] apply_mlockall_flags+0x290/0x344 [ 43.894141][ T6495] __arm64_sys_munlockall+0x11c/0x238 [ 43.894152][ T6495] invoke_syscall+0x98/0x2b8 [ 43.894163][ T6495] el0_svc_common+0x130/0x23c [ 43.894173][ T6495] do_el0_svc+0x48/0x58 [ 43.894183][ T6495] el0_svc+0x58/0x17c [ 43.894196][ T6495] el0t_64_sync_handler+0x78/0x108 [ 43.894209][ T6495] el0t_64_sync+0x198/0x19c [ 43.895827][ T6495] vmg ffff8000a4517a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.895856][ T6495] vmg ffff8000a4517a60 state: mm ffff0000dd626e80 pgoff 20000 [ 43.895856][ T6495] vmi ffff8000a4517c40 [20000000,20800000) [ 43.895856][ T6495] prev ffff0000c983fb40 middle ffff0000c983fb40 next 0000000000000000 target 0000000000000000 [ 43.895856][ T6495] start 20000000 end 20800000 flags 100077 [ 43.895856][ T6495] file 0000000000000000 anon_vma ffff0000c724fee0 policy 0000000000000000 [ 43.895856][ T6495] uffd_ctx 0000000000000000 [ 43.895856][ T6495] anon_name 0000000000000000 [ 43.895856][ T6495] state 0 [ 43.895856][ T6495] just_expand 0 [ 43.895856][ T6495] __adjust_middle_start 0 __adjust_next_start 0 [ 43.895856][ T6495] __remove_middle 0 __remove_next 0 [ 43.895910][ T6495] vmg ffff8000a4517a60 mm: [ 43.895928][ T6495] mm ffff0000dd626e80 task_size 281474976710656 [ 43.895928][ T6495] mmap_base 281473604251648 mmap_legacy_base 0 [ 43.895928][ T6495] pgd ffff0000c8948000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 43.895928][ T6495] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.895928][ T6495] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.895928][ T6495] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 43.895928][ T6495] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 43.895928][ T6495] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 43.895928][ T6495] binfmt ffff80008f670700 flags 8000008d [ 43.895928][ T6495] ioctx_table 0000000000000000 [ 43.895928][ T6495] owner ffff0000c87c0000 exe_file ffff0000c7dbce00 [ 43.895928][ T6495] notifier_subscriptions 0000000000000000 [ 43.895928][ T6495] numa_next_scan 4294941741 numa_scan_offset 0 numa_scan_seq 0 [ 43.895928][ T6495] tlb_flush_pending 0 [ 43.895928][ T6495] def_flags: 0x0() [ 43.896006][ T6495] vmg ffff8000a4517a60 prev: [ 43.896024][ T6495] vma ffff0000c983fb40 start 0000000020000000 end 0000000020800000 mm ffff0000dd626e80 [ 43.896024][ T6495] prot 20000000000fc3 anon_vma ffff0000c724fee0 vm_ops 0000000000000000 [ 43.896024][ T6495] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.896024][ T6495] refcnt 1 [ 43.896024][ T6495] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.896063][ T6495] vmg ffff8000a4517a60 middle: [ 43.896081][ T6495] vma ffff0000c983fb40 start 0000000020000000 end 0000000020800000 mm ffff0000dd626e80 [ 43.896081][ T6495] prot 20000000000fc3 anon_vma ffff0000c724fee0 vm_ops 0000000000000000 [ 43.896081][ T6495] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.896081][ T6495] refcnt 1 [ 43.896081][ T6495] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.896119][ T6495] vmg ffff8000a4517a60 next: (NULL) [ 43.896137][ T6495] vmg ffff8000a4517a60 vmi: [ 43.896154][ T6495] MAS: tree=ffff0000dd626ec0 enode=ffff0000d3fd580c [ 43.896167][ T6495] (ma_active) [ 43.896182][ T6495] Store Type: [ 43.896197][ T6495] node_store [ 43.896219][ T6495] [2/10] index=20000000 last=207fffff [ 43.896239][ T6495] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 43.896261][ T6495] maple_tree(ffff0000dd626ec0) flags 30B, height 2 root ffff0000c7a9281e [ 43.896283][ T6495] 0-ffffffffffffffff: node ffff0000c7a92800 depth 0 type 3 parent ffff0000dd626ec1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3fd580c FFFFAE30FFFF ffff0000c7dc800c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.896549][ T6495] 0-ffffae30ffff: node ffff0000d3fd5800 depth 1 type 1 parent ffff0000c7a92806 contents: 0000000000000000 1FFFEFFF ffff0000c983fa00 1FFFFFFF ffff0000c983fb40 207FFFFF ffff0000dc480140 20FFFFFF ffff0000c983fc80 21000FFF 0000000000000000 AAAACA222FFF ffff0000c983fdc0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c894d000 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c894d140 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.896771][ T6495] 0-1fffefff: 0000000000000000 [ 43.896799][ T6495] 1ffff000-1fffffff: ffff0000c983fa00 [ 43.896828][ T6495] 20000000-207fffff: ffff0000c983fb40 [ 43.896857][ T6495] 20800000-20ffffff: ffff0000dc480140 [ 43.896886][ T6495] 21000000-21000fff: ffff0000c983fc80 [ 43.896914][ T6495] 21001000-aaaaca222fff: 0000000000000000 [ 43.896943][ T6495] aaaaca223000-aaaaca244fff: ffff0000c983fdc0 [ 43.896972][ T6495] aaaaca245000-ffffae26ffff: 0000000000000000 [ 43.897001][ T6495] ffffae270000-ffffae2fbfff: ffff0000c894d000 [ 43.897030][ T6495] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 43.897059][ T6495] ffffae30c000-ffffae30ffff: ffff0000c894d140 [ 43.897088][ T6495] ffffae310000-ffffffffffffffff: node ffff0000c7dc8000 depth 1 type 1 parent ffff0000c7a9280e contents: ffff0000c894d280 FFFFAE312FFF ffff0000c894d3c0 FFFFAE318FFF ffff0000c894d500 FFFFAE31CFFF ffff0000c894d640 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c894d780 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.897304][ T6495] ffffae310000-ffffae312fff: ffff0000c894d280 [ 43.897333][ T6495] ffffae313000-ffffae318fff: ffff0000c894d3c0 [ 43.897363][ T6495] ffffae319000-ffffae31cfff: ffff0000c894d500 [ 43.897392][ T6495] ffffae31d000-ffffae31efff: ffff0000c894d640 [ 43.897421][ T6495] ffffae31f000-fffff3038fff: 0000000000000000 [ 43.897450][ T6495] fffff3039000-fffff3059fff: ffff0000c894d780 [ 43.897479][ T6495] fffff305a000-ffffffffffffffff: 0000000000000000 [ 43.897617][ T6495] ------------[ cut here ]------------ [ 43.897630][ T6495] WARNING: CPU: 0 PID: 6495 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.092840][ T6495] Modules linked in: [ 44.093914][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.097473][ T6495] Tainted: [W]=WARN [ 44.098526][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.101309][ T6495] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.103451][ T6495] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.105152][ T6495] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.106875][ T6495] sp : ffff8000a4517910 [ 44.108016][ T6495] x29: ffff8000a4517990 x28: dfff800000000000 x27: 0000000000000001 [ 44.110186][ T6495] x26: 0000000020000000 x25: ffff8000a4517a80 x24: 0000000020000000 [ 44.112381][ T6495] x23: 1ffff000148a2f50 x22: ffff0000c983fb40 x21: 0000000020800000 [ 44.114602][ T6495] x20: ffff0000c983fb40 x19: ffff8000a4517a60 x18: 0000000000000000 [ 44.116827][ T6495] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 44.119130][ T6495] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 44.121442][ T6495] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.123647][ T6495] x8 : ffff0000c87c0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.125918][ T6495] x5 : ffff8000a4516ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 44.128150][ T6495] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.130414][ T6495] Call trace: [ 44.131351][ T6495] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.133045][ T6495] vma_modify+0x7c/0x424 [ 44.134232][ T6495] vma_modify_flags+0x18c/0x1dc [ 44.135571][ T6495] mlock_fixup+0x18c/0x2c4 [ 44.136815][ T6495] apply_mlockall_flags+0x290/0x344 [ 44.138218][ T6495] __arm64_sys_munlockall+0x11c/0x238 [ 44.139701][ T6495] invoke_syscall+0x98/0x2b8 [ 44.141061][ T6495] el0_svc_common+0x130/0x23c [ 44.142350][ T6495] do_el0_svc+0x48/0x58 [ 44.143530][ T6495] el0_svc+0x58/0x17c [ 44.144630][ T6495] el0t_64_sync_handler+0x78/0x108 [ 44.146085][ T6495] el0t_64_sync+0x198/0x19c [ 44.147366][ T6495] irq event stamp: 14016 [ 44.148517][ T6495] hardirqs last enabled at (14015): [] __console_unlock+0x70/0xc4 [ 44.151221][ T6495] hardirqs last disabled at (14016): [] el1_dbg+0x24/0x80 [ 44.153669][ T6495] softirqs last enabled at (9390): [] handle_softirqs+0xaf8/0xc88 [ 44.156372][ T6495] softirqs last disabled at (9375): [] __do_softirq+0x14/0x20 [ 44.158921][ T6495] ---[ end trace 0000000000000000 ]--- executing program [ 44.228645][ T6496] FAULT_INJECTION: forcing a failure. [ 44.228645][ T6496] name failslab, interval 1, probability 0, space 0, times 0 [ 44.228722][ T6496] C ** replaying previous printk message ** [ 44.228722][ T6496] CPU: 0 UID: 0 PID: 6496 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.228740][ T6496] Tainted: [W]=WARN [ 44.228745][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.228752][ T6496] Call trace: [ 44.228756][ T6496] show_stack+0x2c/0x3c (C) [ 44.228773][ T6496] __dump_stack+0x30/0x40 [ 44.228785][ T6496] dump_stack_lvl+0xd8/0x12c [ 44.228795][ T6496] dump_stack+0x1c/0x28 [ 44.228804][ T6496] should_fail_ex+0x41c/0x594 [ 44.228816][ T6496] should_failslab+0xc0/0x128 [ 44.228830][ T6496] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.228844][ T6496] mas_alloc_nodes+0x268/0x788 [ 44.228857][ T6496] mas_preallocate+0x4b0/0x778 [ 44.228869][ T6496] commit_merge+0x1a4/0x5b0 [ 44.228882][ T6496] vma_merge_existing_range+0x1388/0x1964 [ 44.228895][ T6496] vma_modify+0x7c/0x424 [ 44.228907][ T6496] vma_modify_flags+0x18c/0x1dc [ 44.228920][ T6496] mlock_fixup+0x18c/0x2c4 [ 44.228932][ T6496] apply_mlockall_flags+0x290/0x344 [ 44.228943][ T6496] __arm64_sys_munlockall+0x11c/0x238 [ 44.228954][ T6496] invoke_syscall+0x98/0x2b8 [ 44.228965][ T6496] el0_svc_common+0x130/0x23c [ 44.228975][ T6496] do_el0_svc+0x48/0x58 [ 44.228985][ T6496] el0_svc+0x58/0x17c [ 44.228998][ T6496] el0t_64_sync_handler+0x78/0x108 [ 44.229011][ T6496] el0t_64_sync+0x198/0x19c [ 44.231441][ T6496] vmg ffff8000a4527a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.231473][ T6496] vmg ffff8000a4527a60 state: mm ffff0000dd627700 pgoff 20000 [ 44.231473][ T6496] vmi ffff8000a4527c40 [20000000,20800000) [ 44.231473][ T6496] prev ffff0000c894da00 middle ffff0000c894da00 next 0000000000000000 target 0000000000000000 [ 44.231473][ T6496] start 20000000 end 20800000 flags 100077 [ 44.231473][ T6496] file 0000000000000000 anon_vma ffff0000c969f110 policy 0000000000000000 [ 44.231473][ T6496] uffd_ctx 0000000000000000 [ 44.231473][ T6496] anon_name 0000000000000000 [ 44.231473][ T6496] state 0 [ 44.231473][ T6496] just_expand 0 [ 44.231473][ T6496] __adjust_middle_start 0 __adjust_next_start 0 [ 44.231473][ T6496] __remove_middle 0 __remove_next 0 [ 44.231526][ T6496] vmg ffff8000a4527a60 mm: [ 44.231558][ T6496] mm ffff0000dd627700 task_size 281474976710656 [ 44.231558][ T6496] mmap_base 281473604251648 mmap_legacy_base 0 [ 44.231558][ T6496] pgd ffff0000c7b5c000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 44.231558][ T6496] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.231558][ T6496] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.231558][ T6496] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 44.231558][ T6496] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 44.231558][ T6496] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 44.231558][ T6496] binfmt ffff80008f670700 flags 8000008d [ 44.231558][ T6496] ioctx_table 0000000000000000 [ 44.231558][ T6496] owner ffff0000c87c1e80 exe_file ffff0000c7dbce00 [ 44.231558][ T6496] notifier_subscriptions 0000000000000000 [ 44.231558][ T6496] numa_next_scan 4294941775 numa_scan_offset 0 numa_scan_seq 0 [ 44.231558][ T6496] tlb_flush_pending 0 [ 44.231558][ T6496] def_flags: 0x0() [ 44.231638][ T6496] vmg ffff8000a4527a60 prev: [ 44.231655][ T6496] vma ffff0000c894da00 start 0000000020000000 end 0000000020800000 mm ffff0000dd627700 [ 44.231655][ T6496] prot 20000000000fc3 anon_vma ffff0000c969f110 vm_ops 0000000000000000 [ 44.231655][ T6496] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.231655][ T6496] refcnt 1 [ 44.231655][ T6496] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.231695][ T6496] vmg ffff8000a4527a60 middle: [ 44.231718][ T6496] vma ffff0000c894da00 start 0000000020000000 end 0000000020800000 mm ffff0000dd627700 [ 44.231718][ T6496] prot 20000000000fc3 anon_vma ffff0000c969f110 vm_ops 0000000000000000 [ 44.231718][ T6496] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.231718][ T6496] refcnt 1 [ 44.231718][ T6496] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.231758][ T6496] vmg ffff8000a4527a60 next: (NULL) [ 44.231775][ T6496] vmg ffff8000a4527a60 vmi: [ 44.231792][ T6496] MAS: tree=ffff0000dd627740 enode=ffff0000d96b260c [ 44.231805][ T6496] (ma_active) [ 44.231821][ T6496] Store Type: [ 44.231836][ T6496] node_store [ 44.231858][ T6496] [2/10] index=20000000 last=207fffff [ 44.231878][ T6496] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 44.231900][ T6496] maple_tree(ffff0000dd627740) flags 30B, height 2 root ffff0000c906961e [ 44.231922][ T6496] 0-ffffffffffffffff: node ffff0000c9069600 depth 0 type 3 parent ffff0000dd627741 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d96b260c FFFFAE30FFFF ffff0000c906800c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.232173][ T6496] 0-ffffae30ffff: node ffff0000d96b2600 depth 1 type 1 parent ffff0000c9069606 contents: 0000000000000000 1FFFEFFF ffff0000c894d8c0 1FFFFFFF ffff0000c894da00 207FFFFF ffff0000dc4803c0 20FFFFFF ffff0000c894db40 21000FFF 0000000000000000 AAAACA222FFF ffff0000c894dc80 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c894ddc0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c8340000 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.232391][ T6496] 0-1fffefff: 0000000000000000 [ 44.232419][ T6496] 1ffff000-1fffffff: ffff0000c894d8c0 [ 44.232448][ T6496] 20000000-207fffff: ffff0000c894da00 [ 44.232476][ T6496] 20800000-20ffffff: ffff0000dc4803c0 [ 44.232505][ T6496] 21000000-21000fff: ffff0000c894db40 [ 44.232549][ T6496] 21001000-aaaaca222fff: 0000000000000000 [ 44.232578][ T6496] aaaaca223000-aaaaca244fff: ffff0000c894dc80 [ 44.232607][ T6496] aaaaca245000-ffffae26ffff: 0000000000000000 [ 44.232636][ T6496] ffffae270000-ffffae2fbfff: ffff0000c894ddc0 [ 44.232665][ T6496] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 44.232693][ T6496] ffffae30c000-ffffae30ffff: ffff0000c8340000 [ 44.232731][ T6496] ffffae310000-ffffffffffffffff: node ffff0000c9068000 depth 1 type 1 parent ffff0000c906960e contents: ffff0000c8340140 FFFFAE312FFF ffff0000c8340280 FFFFAE318FFF ffff0000c83403c0 FFFFAE31CFFF ffff0000c8340500 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8340640 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.232946][ T6496] ffffae310000-ffffae312fff: ffff0000c8340140 [ 44.232975][ T6496] ffffae313000-ffffae318fff: ffff0000c8340280 [ 44.233005][ T6496] ffffae319000-ffffae31cfff: ffff0000c83403c0 [ 44.233034][ T6496] ffffae31d000-ffffae31efff: ffff0000c8340500 [ 44.233063][ T6496] ffffae31f000-fffff3038fff: 0000000000000000 [ 44.233091][ T6496] fffff3039000-fffff3059fff: ffff0000c8340640 [ 44.233120][ T6496] fffff305a000-ffffffffffffffff: 0000000000000000 [ 44.233248][ T6496] ------------[ cut here ]------------ [ 44.233260][ T6496] WARNING: CPU: 0 PID: 6496 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.423620][ T6496] Modules linked in: [ 44.424716][ T6496] CPU: 0 UID: 0 PID: 6496 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.428309][ T6496] Tainted: [W]=WARN [ 44.429351][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.432073][ T6496] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.434228][ T6496] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.435923][ T6496] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.437555][ T6496] sp : ffff8000a4527910 [ 44.438702][ T6496] x29: ffff8000a4527990 x28: dfff800000000000 x27: 0000000000000001 [ 44.440914][ T6496] x26: 0000000020000000 x25: ffff8000a4527a80 x24: 0000000020000000 [ 44.443176][ T6496] x23: 1ffff000148a4f50 x22: ffff0000c894da00 x21: 0000000020800000 [ 44.445376][ T6496] x20: ffff0000c894da00 x19: ffff8000a4527a60 x18: 0000000000000000 [ 44.447651][ T6496] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 44.449888][ T6496] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 44.452099][ T6496] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.454443][ T6496] x8 : ffff0000c87c1e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.456738][ T6496] x5 : ffff8000a4526ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 44.458911][ T6496] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.461163][ T6496] Call trace: [ 44.462068][ T6496] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.463745][ T6496] vma_modify+0x7c/0x424 [ 44.464899][ T6496] vma_modify_flags+0x18c/0x1dc [ 44.466255][ T6496] mlock_fixup+0x18c/0x2c4 [ 44.467490][ T6496] apply_mlockall_flags+0x290/0x344 [ 44.468978][ T6496] __arm64_sys_munlockall+0x11c/0x238 [ 44.470410][ T6496] invoke_syscall+0x98/0x2b8 [ 44.471701][ T6496] el0_svc_common+0x130/0x23c [ 44.473045][ T6496] do_el0_svc+0x48/0x58 [ 44.474200][ T6496] el0_svc+0x58/0x17c [ 44.475308][ T6496] el0t_64_sync_handler+0x78/0x108 [ 44.476696][ T6496] el0t_64_sync+0x198/0x19c [ 44.477967][ T6496] irq event stamp: 14604 [ 44.479135][ T6496] hardirqs last enabled at (14603): [] __console_unlock+0x70/0xc4 [ 44.481798][ T6496] hardirqs last disabled at (14604): [] el1_dbg+0x24/0x80 [ 44.484234][ T6496] softirqs last enabled at (11438): [] handle_softirqs+0xaf8/0xc88 [ 44.486878][ T6496] softirqs last disabled at (11417): [] __do_softirq+0x14/0x20 [ 44.489398][ T6496] ---[ end trace 0000000000000000 ]--- executing program [ 44.557891][ T6497] FAULT_INJECTION: forcing a failure. [ 44.557891][ T6497] name fa ** replaying previous printk message ** [ 44.557891][ T6497] FAULT_INJECTION: forcing a failure. [ 44.557891][ T6497] name failslab, interval 1, probability 0, space 0, times 0 [ 44.557970][ T6497] CPU: 1 UID: 0 PID: 6497 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.557987][ T6497] Tainted: [W]=WARN [ 44.557992][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.557998][ T6497] Call trace: [ 44.558002][ T6497] show_stack+0x2c/0x3c (C) [ 44.558019][ T6497] __dump_stack+0x30/0x40 [ 44.558031][ T6497] dump_stack_lvl+0xd8/0x12c [ 44.558041][ T6497] dump_stack+0x1c/0x28 [ 44.558050][ T6497] should_fail_ex+0x41c/0x594 [ 44.558063][ T6497] should_failslab+0xc0/0x128 [ 44.558076][ T6497] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.558090][ T6497] mas_alloc_nodes+0x268/0x788 [ 44.558103][ T6497] mas_preallocate+0x4b0/0x778 [ 44.558115][ T6497] commit_merge+0x1a4/0x5b0 [ 44.558128][ T6497] vma_merge_existing_range+0x1388/0x1964 [ 44.558142][ T6497] vma_modify+0x7c/0x424 [ 44.558154][ T6497] vma_modify_flags+0x18c/0x1dc [ 44.558167][ T6497] mlock_fixup+0x18c/0x2c4 [ 44.558179][ T6497] apply_mlockall_flags+0x290/0x344 [ 44.558190][ T6497] __arm64_sys_munlockall+0x11c/0x238 [ 44.558202][ T6497] invoke_syscall+0x98/0x2b8 [ 44.558212][ T6497] el0_svc_common+0x130/0x23c [ 44.558223][ T6497] do_el0_svc+0x48/0x58 [ 44.558232][ T6497] el0_svc+0x58/0x17c [ 44.558246][ T6497] el0t_64_sync_handler+0x78/0x108 [ 44.558259][ T6497] el0t_64_sync+0x198/0x19c [ 44.558430][ T6497] vmg ffff8000a43b7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.558453][ T6497] vmg ffff8000a43b7a60 state: mm ffff0000c959a200 pgoff 20000 [ 44.558453][ T6497] vmi ffff8000a43b7c40 [20000000,20800000) [ 44.558453][ T6497] prev ffff0000dc480640 middle ffff0000dc480640 next 0000000000000000 target 0000000000000000 [ 44.558453][ T6497] start 20000000 end 20800000 flags 100077 [ 44.558453][ T6497] file 0000000000000000 anon_vma ffff0000c8345220 policy 0000000000000000 [ 44.558453][ T6497] uffd_ctx 0000000000000000 [ 44.558453][ T6497] anon_name 0000000000000000 [ 44.558453][ T6497] state 0 [ 44.558453][ T6497] just_expand 0 [ 44.558453][ T6497] __adjust_middle_start 0 __adjust_next_start 0 [ 44.558453][ T6497] __remove_middle 0 __remove_next 0 [ 44.558506][ T6497] vmg ffff8000a43b7a60 mm: [ 44.558523][ T6497] mm ffff0000c959a200 task_size 281474976710656 [ 44.558523][ T6497] mmap_base 281473604251648 mmap_legacy_base 0 [ 44.558523][ T6497] pgd ffff0000c894e000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 44.558523][ T6497] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.558523][ T6497] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.558523][ T6497] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 44.558523][ T6497] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 44.558523][ T6497] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 44.558523][ T6497] binfmt ffff80008f670700 flags 8000008d [ 44.558523][ T6497] ioctx_table 0000000000000000 [ 44.558523][ T6497] owner ffff0000c9d23d00 exe_file ffff0000c7dbce00 [ 44.558523][ T6497] notifier_subscriptions 0000000000000000 [ 44.558523][ T6497] numa_next_scan 4294941808 numa_scan_offset 0 numa_scan_seq 0 [ 44.558523][ T6497] tlb_flush_pending 0 [ 44.558523][ T6497] def_flags: 0x0() [ 44.558612][ T6497] vmg ffff8000a43b7a60 prev: [ 44.558630][ T6497] vma ffff0000dc480640 start 0000000020000000 end 0000000020800000 mm ffff0000c959a200 [ 44.558630][ T6497] prot 20000000000fc3 anon_vma ffff0000c8345220 vm_ops 0000000000000000 [ 44.558630][ T6497] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.558630][ T6497] refcnt 1 [ 44.558630][ T6497] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.558670][ T6497] vmg ffff8000a43b7a60 middle: [ 44.558687][ T6497] vma ffff0000dc480640 start 0000000020000000 end 0000000020800000 mm ffff0000c959a200 [ 44.558687][ T6497] prot 20000000000fc3 anon_vma ffff0000c8345220 vm_ops 0000000000000000 [ 44.558687][ T6497] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.558687][ T6497] refcnt 1 [ 44.558687][ T6497] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.558725][ T6497] vmg ffff8000a43b7a60 next: (NULL) [ 44.558742][ T6497] vmg ffff8000a43b7a60 vmi: [ 44.558759][ T6497] MAS: tree=ffff0000c959a240 enode=ffff0000d3fd4e0c [ 44.558776][ T6497] (ma_active) [ 44.558791][ T6497] Store Type: [ 44.558807][ T6497] node_store [ 44.558829][ T6497] [2/10] index=20000000 last=207fffff [ 44.558849][ T6497] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 44.558870][ T6497] maple_tree(ffff0000c959a240) flags 30B, height 2 root ffff0000d96b201e [ 44.558892][ T6497] 0-ffffffffffffffff: node ffff0000d96b2000 depth 0 type 3 parent ffff0000c959a241 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3fd4e0c FFFFAE30FFFF ffff0000c656200c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.559151][ T6497] 0-ffffae30ffff: node ffff0000d3fd4e00 depth 1 type 1 parent ffff0000d96b2006 contents: 0000000000000000 1FFFEFFF ffff0000dc480500 1FFFFFFF ffff0000dc480640 207FFFFF ffff0000c83408c0 20FFFFFF ffff0000dc480780 21000FFF 0000000000000000 AAAACA222FFF ffff0000dc4808c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000dc480a00 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000dc480b40 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.559379][ T6497] 0-1fffefff: 0000000000000000 [ 44.559407][ T6497] 1ffff000-1fffffff: ffff0000dc480500 [ 44.559436][ T6497] 20000000-207fffff: ffff0000dc480640 [ 44.559465][ T6497] 20800000-20ffffff: ffff0000c83408c0 [ 44.559493][ T6497] 21000000-21000fff: ffff0000dc480780 [ 44.559522][ T6497] 21001000-aaaaca222fff: 0000000000000000 [ 44.559555][ T6497] aaaaca223000-aaaaca244fff: ffff0000dc4808c0 [ 44.559584][ T6497] aaaaca245000-ffffae26ffff: 0000000000000000 [ 44.559613][ T6497] ffffae270000-ffffae2fbfff: ffff0000dc480a00 [ 44.559642][ T6497] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 44.559670][ T6497] ffffae30c000-ffffae30ffff: ffff0000dc480b40 [ 44.559699][ T6497] ffffae310000-ffffffffffffffff: node ffff0000c6562000 depth 1 type 1 parent ffff0000d96b200e contents: ffff0000dc480c80 FFFFAE312FFF ffff0000dc480dc0 FFFFAE318FFF ffff0000c894c000 FFFFAE31CFFF ffff0000c894c140 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c894c280 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.559924][ T6497] ffffae310000-ffffae312fff: ffff0000dc480c80 [ 44.559957][ T6497] ffffae313000-ffffae318fff: ffff0000dc480dc0 [ 44.559992][ T6497] ffffae319000-ffffae31cfff: ffff0000c894c000 [ 44.560021][ T6497] ffffae31d000-ffffae31efff: ffff0000c894c140 [ 44.560050][ T6497] ffffae31f000-fffff3038fff: 0000000000000000 [ 44.560085][ T6497] fffff3039000-fffff3059fff: ffff0000c894c280 [ 44.560114][ T6497] fffff305a000-ffffffffffffffff: 0000000000000000 [ 44.560246][ T6497] ------------[ cut here ]------------ [ 44.560259][ T6497] WARNING: CPU: 1 PID: 6497 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.760804][ T6497] Modules linked in: [ 44.761949][ T6497] CPU: 1 UID: 0 PID: 6497 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.765688][ T6497] Tainted: [W]=WARN [ 44.766775][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.769649][ T6497] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.771945][ T6497] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.773756][ T6497] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.775491][ T6497] sp : ffff8000a43b7910 [ 44.776687][ T6497] x29: ffff8000a43b7990 x28: dfff800000000000 x27: 0000000000000001 [ 44.778920][ T6497] x26: 0000000020000000 x25: ffff8000a43b7a80 x24: 0000000020000000 [ 44.781250][ T6497] x23: 1ffff00014876f50 x22: ffff0000dc480640 x21: 0000000020800000 [ 44.783566][ T6497] x20: ffff0000dc480640 x19: ffff8000a43b7a60 x18: 0000000000000000 [ 44.785901][ T6497] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 44.788156][ T6497] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 44.790445][ T6497] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.792706][ T6497] x8 : ffff0000c9d23d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.794973][ T6497] x5 : ffff8000a43b6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 44.797027][ T6497] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.799053][ T6497] Call trace: [ 44.799880][ T6497] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.801641][ T6497] vma_modify+0x7c/0x424 [ 44.802913][ T6497] vma_modify_flags+0x18c/0x1dc [ 44.804318][ T6497] mlock_fixup+0x18c/0x2c4 [ 44.805667][ T6497] apply_mlockall_flags+0x290/0x344 [ 44.807210][ T6497] __arm64_sys_munlockall+0x11c/0x238 [ 44.808745][ T6497] invoke_syscall+0x98/0x2b8 [ 44.810105][ T6497] el0_svc_common+0x130/0x23c [ 44.811477][ T6497] do_el0_svc+0x48/0x58 [ 44.812696][ T6497] el0_svc+0x58/0x17c [ 44.813869][ T6497] el0t_64_sync_handler+0x78/0x108 [ 44.815349][ T6497] el0t_64_sync+0x198/0x19c [ 44.816653][ T6497] irq event stamp: 13896 [ 44.817919][ T6497] hardirqs last enabled at (13895): [] __console_unlock+0x70/0xc4 [ 44.820674][ T6497] hardirqs last disabled at (13896): [] el1_dbg+0x24/0x80 [ 44.823134][ T6497] softirqs last enabled at (10982): [] handle_softirqs+0xaf8/0xc88 [ 44.826004][ T6497] softirqs last disabled at (10973): [] __do_softirq+0x14/0x20 [ 44.828681][ T6497] ---[ end trace 0000000000000000 ]--- executing program [ 44.895125][ T6498] FAULT_INJECTION: forcing a failure. [ 44.895125][ T6498] name failslab, ** replaying previous printk message ** [ 44.895125][ T6498] FAULT_INJECTION: forcing a failure. [ 44.895125][ T6498] name failslab, interval 1, probability 0, space 0, times 0 [ 44.895200][ T6498] CPU: 1 UID: 0 PID: 6498 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.895218][ T6498] Tainted: [W]=WARN [ 44.895223][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.895230][ T6498] Call trace: [ 44.895234][ T6498] show_stack+0x2c/0x3c (C) [ 44.895252][ T6498] __dump_stack+0x30/0x40 [ 44.895263][ T6498] dump_stack_lvl+0xd8/0x12c [ 44.895274][ T6498] dump_stack+0x1c/0x28 [ 44.895284][ T6498] should_fail_ex+0x41c/0x594 [ 44.895296][ T6498] should_failslab+0xc0/0x128 [ 44.895310][ T6498] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.895325][ T6498] mas_alloc_nodes+0x268/0x788 [ 44.895339][ T6498] mas_preallocate+0x4b0/0x778 [ 44.895351][ T6498] commit_merge+0x1a4/0x5b0 [ 44.895364][ T6498] vma_merge_existing_range+0x1388/0x1964 [ 44.895378][ T6498] vma_modify+0x7c/0x424 [ 44.895390][ T6498] vma_modify_flags+0x18c/0x1dc [ 44.895403][ T6498] mlock_fixup+0x18c/0x2c4 [ 44.895415][ T6498] apply_mlockall_flags+0x290/0x344 [ 44.895427][ T6498] __arm64_sys_munlockall+0x11c/0x238 [ 44.895439][ T6498] invoke_syscall+0x98/0x2b8 [ 44.895450][ T6498] el0_svc_common+0x130/0x23c [ 44.895460][ T6498] do_el0_svc+0x48/0x58 [ 44.895470][ T6498] el0_svc+0x58/0x17c [ 44.895483][ T6498] el0t_64_sync_handler+0x78/0x108 [ 44.895497][ T6498] el0t_64_sync+0x198/0x19c [ 44.895684][ T6498] vmg ffff8000a44c7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.895706][ T6498] vmg ffff8000a44c7a60 state: mm ffff0000c959aa80 pgoff 20000 [ 44.895706][ T6498] vmi ffff8000a44c7c40 [20000000,20800000) [ 44.895706][ T6498] prev ffff0000c894c500 middle ffff0000c894c500 next 0000000000000000 target 0000000000000000 [ 44.895706][ T6498] start 20000000 end 20800000 flags 100077 [ 44.895706][ T6498] file 0000000000000000 anon_vma ffff0000c8345440 policy 0000000000000000 [ 44.895706][ T6498] uffd_ctx 0000000000000000 [ 44.895706][ T6498] anon_name 0000000000000000 [ 44.895706][ T6498] state 0 [ 44.895706][ T6498] just_expand 0 [ 44.895706][ T6498] __adjust_middle_start 0 __adjust_next_start 0 [ 44.895706][ T6498] __remove_middle 0 __remove_next 0 [ 44.895760][ T6498] vmg ffff8000a44c7a60 mm: [ 44.895784][ T6498] mm ffff0000c959aa80 task_size 281474976710656 [ 44.895784][ T6498] mmap_base 281473604251648 mmap_legacy_base 0 [ 44.895784][ T6498] pgd ffff0000dc481000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 44.895784][ T6498] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.895784][ T6498] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.895784][ T6498] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 44.895784][ T6498] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 44.895784][ T6498] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 44.895784][ T6498] binfmt ffff80008f670700 flags 8000008d [ 44.895784][ T6498] ioctx_table 0000000000000000 [ 44.895784][ T6498] owner ffff0000c9d25b80 exe_file ffff0000c7dbce00 [ 44.895784][ T6498] notifier_subscriptions 0000000000000000 [ 44.895784][ T6498] numa_next_scan 4294941841 numa_scan_offset 0 numa_scan_seq 0 [ 44.895784][ T6498] tlb_flush_pending 0 [ 44.895784][ T6498] def_flags: 0x0() [ 44.895864][ T6498] vmg ffff8000a44c7a60 prev: [ 44.895882][ T6498] vma ffff0000c894c500 start 0000000020000000 end 0000000020800000 mm ffff0000c959aa80 [ 44.895882][ T6498] prot 20000000000fc3 anon_vma ffff0000c8345440 vm_ops 0000000000000000 [ 44.895882][ T6498] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.895882][ T6498] refcnt 1 [ 44.895882][ T6498] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.895922][ T6498] vmg ffff8000a44c7a60 middle: [ 44.895939][ T6498] vma ffff0000c894c500 start 0000000020000000 end 0000000020800000 mm ffff0000c959aa80 [ 44.895939][ T6498] prot 20000000000fc3 anon_vma ffff0000c8345440 vm_ops 0000000000000000 [ 44.895939][ T6498] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.895939][ T6498] refcnt 1 [ 44.895939][ T6498] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.895978][ T6498] vmg ffff8000a44c7a60 next: (NULL) [ 44.895995][ T6498] vmg ffff8000a44c7a60 vmi: [ 44.896012][ T6498] MAS: tree=ffff0000c959aac0 enode=ffff0000c7a92e0c [ 44.896025][ T6498] (ma_active) [ 44.896041][ T6498] Store Type: [ 44.896056][ T6498] node_store [ 44.896078][ T6498] [2/10] index=20000000 last=207fffff [ 44.896098][ T6498] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 44.896133][ T6498] maple_tree(ffff0000c959aac0) flags 30B, height 2 root ffff0000c656281e [ 44.896156][ T6498] 0-ffffffffffffffff: node ffff0000c6562800 depth 0 type 3 parent ffff0000c959aac1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c7a92e0c FFFFAE30FFFF ffff0000c656320c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.896437][ T6498] 0-ffffae30ffff: node ffff0000c7a92e00 depth 1 type 1 parent ffff0000c6562806 contents: 0000000000000000 1FFFEFFF ffff0000c894c3c0 1FFFFFFF ffff0000c894c500 207FFFFF ffff0000c8340b40 20FFFFFF ffff0000c894c640 21000FFF 0000000000000000 AAAACA222FFF ffff0000c894c780 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c894c8c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c894ca00 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.896677][ T6498] 0-1fffefff: 0000000000000000 [ 44.896708][ T6498] 1ffff000-1fffffff: ffff0000c894c3c0 [ 44.896737][ T6498] 20000000-207fffff: ffff0000c894c500 [ 44.896772][ T6498] 20800000-20ffffff: ffff0000c8340b40 [ 44.896801][ T6498] 21000000-21000fff: ffff0000c894c640 [ 44.896830][ T6498] 21001000-aaaaca222fff: 0000000000000000 [ 44.896858][ T6498] aaaaca223000-aaaaca244fff: ffff0000c894c780 [ 44.896891][ T6498] aaaaca245000-ffffae26ffff: 0000000000000000 [ 44.896924][ T6498] ffffae270000-ffffae2fbfff: ffff0000c894c8c0 [ 44.896953][ T6498] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 44.896988][ T6498] ffffae30c000-ffffae30ffff: ffff0000c894ca00 [ 44.897018][ T6498] ffffae310000-ffffffffffffffff: node ffff0000c6563200 depth 1 type 1 parent ffff0000c656280e contents: ffff0000c894cb40 FFFFAE312FFF ffff0000c894cc80 FFFFAE318FFF ffff0000c894cdc0 FFFFAE31CFFF ffff0000c9858000 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c9858140 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.897259][ T6498] ffffae310000-ffffae312fff: ffff0000c894cb40 [ 44.897289][ T6498] ffffae313000-ffffae318fff: ffff0000c894cc80 [ 44.897321][ T6498] ffffae319000-ffffae31cfff: ffff0000c894cdc0 [ 44.897353][ T6498] ffffae31d000-ffffae31efff: ffff0000c9858000 [ 44.897388][ T6498] ffffae31f000-fffff3038fff: 0000000000000000 [ 44.897420][ T6498] fffff3039000-fffff3059fff: ffff0000c9858140 [ 44.897452][ T6498] fffff305a000-ffffffffffffffff: 0000000000000000 [ 44.897598][ T6498] ------------[ cut here ]------------ [ 44.897616][ T6498] WARNING: CPU: 1 PID: 6498 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 45.095494][ T6498] Modules linked in: [ 45.096581][ T6498] CPU: 1 UID: 0 PID: 6498 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.100162][ T6498] Tainted: [W]=WARN [ 45.101179][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.103962][ T6498] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 45.106074][ T6498] pc : vma_merge_existing_range+0x14a8/0x1964 [ 45.107780][ T6498] lr : vma_merge_existing_range+0x14a8/0x1964 [ 45.109459][ T6498] sp : ffff8000a44c7910 [ 45.110607][ T6498] x29: ffff8000a44c7990 x28: dfff800000000000 x27: 0000000000000001 [ 45.112775][ T6498] x26: 0000000020000000 x25: ffff8000a44c7a80 x24: 0000000020000000 [ 45.114996][ T6498] x23: 1ffff00014898f50 x22: ffff0000c894c500 x21: 0000000020800000 [ 45.117201][ T6498] x20: ffff0000c894c500 x19: ffff8000a44c7a60 x18: 0000000000000000 [ 45.119431][ T6498] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 45.121630][ T6498] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 45.123842][ T6498] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 45.126012][ T6498] x8 : ffff0000c9d25b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 45.128259][ T6498] x5 : ffff8000a44c6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 45.130422][ T6498] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 45.132676][ T6498] Call trace: [ 45.133592][ T6498] vma_merge_existing_range+0x14a8/0x1964 (P) [ 45.135269][ T6498] vma_modify+0x7c/0x424 [ 45.136415][ T6498] vma_modify_flags+0x18c/0x1dc [ 45.137715][ T6498] mlock_fixup+0x18c/0x2c4 [ 45.138941][ T6498] apply_mlockall_flags+0x290/0x344 [ 45.140386][ T6498] __arm64_sys_munlockall+0x11c/0x238 [ 45.141940][ T6498] invoke_syscall+0x98/0x2b8 [ 45.143223][ T6498] el0_svc_common+0x130/0x23c [ 45.144573][ T6498] do_el0_svc+0x48/0x58 [ 45.145770][ T6498] el0_svc+0x58/0x17c [ 45.146785][ T6498] el0t_64_sync_handler+0x78/0x108 [ 45.148081][ T6498] el0t_64_sync+0x198/0x19c [ 45.149223][ T6498] irq event stamp: 14108 [ 45.150292][ T6498] hardirqs last enabled at (14107): [] __console_unlock+0x70/0xc4 [ 45.152818][ T6498] hardirqs last disabled at (14108): [] el1_dbg+0x24/0x80 [ 45.155271][ T6498] softirqs last enabled at (11978): [] handle_softirqs+0xaf8/0xc88 [ 45.157901][ T6498] softirqs last disabled at (11967): [] __do_softirq+0x14/0x20 [ 45.160379][ T6498] ---[ end trace 0000000000000000 ]--- executing program [ 45.235118][ T6499] FAULT_INJECTION: forcing a failure. [ 45.235118][ T6499] name failslab, interval 1, probability 0, space 0, times 0 [ 45.2351 ** replaying previous printk message ** [ 45.235191][ T6499] CPU: 1 UID: 0 PID: 6499 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.235209][ T6499] Tainted: [W]=WARN [ 45.235213][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.235221][ T6499] Call trace: [ 45.235225][ T6499] show_stack+0x2c/0x3c (C) [ 45.235242][ T6499] __dump_stack+0x30/0x40 [ 45.235254][ T6499] dump_stack_lvl+0xd8/0x12c [ 45.235264][ T6499] dump_stack+0x1c/0x28 [ 45.235274][ T6499] should_fail_ex+0x41c/0x594 [ 45.235286][ T6499] should_failslab+0xc0/0x128 [ 45.235300][ T6499] kmem_cache_alloc_noprof+0x80/0x3e8 [ 45.235314][ T6499] mas_alloc_nodes+0x268/0x788 [ 45.235328][ T6499] mas_preallocate+0x4b0/0x778 [ 45.235340][ T6499] commit_merge+0x1a4/0x5b0 [ 45.235353][ T6499] vma_merge_existing_range+0x1388/0x1964 [ 45.235367][ T6499] vma_modify+0x7c/0x424 [ 45.235379][ T6499] vma_modify_flags+0x18c/0x1dc [ 45.235392][ T6499] mlock_fixup+0x18c/0x2c4 [ 45.235403][ T6499] apply_mlockall_flags+0x290/0x344 [ 45.235415][ T6499] __arm64_sys_munlockall+0x11c/0x238 [ 45.235426][ T6499] invoke_syscall+0x98/0x2b8 [ 45.235437][ T6499] el0_svc_common+0x130/0x23c [ 45.235447][ T6499] do_el0_svc+0x48/0x58 [ 45.235457][ T6499] el0_svc+0x58/0x17c [ 45.235470][ T6499] el0t_64_sync_handler+0x78/0x108 [ 45.235484][ T6499] el0t_64_sync+0x198/0x19c [ 45.237150][ T6499] vmg ffff80009c447a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 45.237180][ T6499] vmg ffff80009c447a60 state: mm ffff0000c959b300 pgoff 20000 [ 45.237180][ T6499] vmi ffff80009c447c40 [20000000,20800000) [ 45.237180][ T6499] prev ffff0000c98583c0 middle ffff0000c98583c0 next 0000000000000000 target 0000000000000000 [ 45.237180][ T6499] start 20000000 end 20800000 flags 100077 [ 45.237180][ T6499] file 0000000000000000 anon_vma ffff0000c8345660 policy 0000000000000000 [ 45.237180][ T6499] uffd_ctx 0000000000000000 [ 45.237180][ T6499] anon_name 0000000000000000 [ 45.237180][ T6499] state 0 [ 45.237180][ T6499] just_expand 0 [ 45.237180][ T6499] __adjust_middle_start 0 __adjust_next_start 0 [ 45.237180][ T6499] __remove_middle 0 __remove_next 0 [ 45.237233][ T6499] vmg ffff80009c447a60 mm: [ 45.237252][ T6499] mm ffff0000c959b300 task_size 281474976710656 [ 45.237252][ T6499] mmap_base 281473604251648 mmap_legacy_base 0 [ 45.237252][ T6499] pgd ffff0000c9b15000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 45.237252][ T6499] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 45.237252][ T6499] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 45.237252][ T6499] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 45.237252][ T6499] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 45.237252][ T6499] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 45.237252][ T6499] binfmt ffff80008f670700 flags 8000008d [ 45.237252][ T6499] ioctx_table 0000000000000000 [ 45.237252][ T6499] owner ffff0000d8f00000 exe_file ffff0000c7dbce00 [ 45.237252][ T6499] notifier_subscriptions 0000000000000000 [ 45.237252][ T6499] numa_next_scan 4294941875 numa_scan_offset 0 numa_scan_seq 0 [ 45.237252][ T6499] tlb_flush_pending 0 [ 45.237252][ T6499] def_flags: 0x0() [ 45.237331][ T6499] vmg ffff80009c447a60 prev: [ 45.237349][ T6499] vma ffff0000c98583c0 start 0000000020000000 end 0000000020800000 mm ffff0000c959b300 [ 45.237349][ T6499] prot 20000000000fc3 anon_vma ffff0000c8345660 vm_ops 0000000000000000 [ 45.237349][ T6499] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.237349][ T6499] refcnt 1 [ 45.237349][ T6499] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.237388][ T6499] vmg ffff80009c447a60 middle: [ 45.237405][ T6499] vma ffff0000c98583c0 start 0000000020000000 end 0000000020800000 mm ffff0000c959b300 [ 45.237405][ T6499] prot 20000000000fc3 anon_vma ffff0000c8345660 vm_ops 0000000000000000 [ 45.237405][ T6499] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.237405][ T6499] refcnt 1 [ 45.237405][ T6499] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.237444][ T6499] vmg ffff80009c447a60 next: (NULL) [ 45.237461][ T6499] vmg ffff80009c447a60 vmi: [ 45.237478][ T6499] MAS: tree=ffff0000c959b340 enode=ffff0000c27fc60c [ 45.237491][ T6499] (ma_active) [ 45.237506][ T6499] Store Type: [ 45.237522][ T6499] node_store [ 45.237552][ T6499] [2/10] index=20000000 last=207fffff [ 45.237573][ T6499] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 45.237596][ T6499] maple_tree(ffff0000c959b340) flags 30B, height 2 root ffff0000c6562c1e [ 45.237617][ T6499] 0-ffffffffffffffff: node ffff0000c6562c00 depth 0 type 3 parent ffff0000c959b341 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c27fc60c FFFFAE30FFFF ffff0000c656300c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 45.237875][ T6499] 0-ffffae30ffff: node ffff0000c27fc600 depth 1 type 1 parent ffff0000c6562c06 contents: 0000000000000000 1FFFEFFF ffff0000c9858280 1FFFFFFF ffff0000c98583c0 207FFFFF ffff0000c8340dc0 20FFFFFF ffff0000c9858500 21000FFF 0000000000000000 AAAACA222FFF ffff0000c9858640 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c9858780 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c98588c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 45.238093][ T6499] 0-1fffefff: 0000000000000000 [ 45.238121][ T6499] 1ffff000-1fffffff: ffff0000c9858280 [ 45.238150][ T6499] 20000000-207fffff: ffff0000c98583c0 [ 45.238178][ T6499] 20800000-20ffffff: ffff0000c8340dc0 [ 45.238207][ T6499] 21000000-21000fff: ffff0000c9858500 [ 45.238235][ T6499] 21001000-aaaaca222fff: 0000000000000000 [ 45.238264][ T6499] aaaaca223000-aaaaca244fff: ffff0000c9858640 [ 45.238293][ T6499] aaaaca245000-ffffae26ffff: 0000000000000000 [ 45.238321][ T6499] ffffae270000-ffffae2fbfff: ffff0000c9858780 [ 45.238350][ T6499] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 45.238379][ T6499] ffffae30c000-ffffae30ffff: ffff0000c98588c0 [ 45.238408][ T6499] ffffae310000-ffffffffffffffff: node ffff0000c6563000 depth 1 type 1 parent ffff0000c6562c0e contents: ffff0000c9858a00 FFFFAE312FFF ffff0000c9858b40 FFFFAE318FFF ffff0000c9858c80 FFFFAE31CFFF ffff0000c9858dc0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8810000 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 45.238627][ T6499] ffffae310000-ffffae312fff: ffff0000c9858a00 [ 45.238656][ T6499] ffffae313000-ffffae318fff: ffff0000c9858b40 [ 45.238685][ T6499] ffffae319000-ffffae31cfff: ffff0000c9858c80 [ 45.238714][ T6499] ffffae31d000-ffffae31efff: ffff0000c9858dc0 [ 45.238747][ T6499] ffffae31f000-fffff3038fff: 0000000000000000 [ 45.238776][ T6499] fffff3039000-fffff3059fff: ffff0000c8810000 [ 45.238805][ T6499] fffff305a000-ffffffffffffffff: 0000000000000000 [ 45.238932][ T6499] ------------[ cut here ]------------ [ 45.238944][ T6499] WARNING: CPU: 1 PID: 6499 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 45.428217][ T6499] Modules linked in: [ 45.429416][ T6499] CPU: 1 UID: 0 PID: 6499 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.433229][ T6499] Tainted: [W]=WARN [ 45.434269][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.437092][ T6499] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 45.439339][ T6499] pc : vma_merge_existing_range+0x14a8/0x1964 [ 45.441066][ T6499] lr : vma_merge_existing_range+0x14a8/0x1964 [ 45.442706][ T6499] sp : ffff80009c447910 [ 45.443841][ T6499] x29: ffff80009c447990 x28: dfff800000000000 x27: 0000000000000001 [ 45.446050][ T6499] x26: 0000000020000000 x25: ffff80009c447a80 x24: 0000000020000000 [ 45.448238][ T6499] x23: 1ffff00013888f50 x22: ffff0000c98583c0 x21: 0000000020800000 [ 45.450470][ T6499] x20: ffff0000c98583c0 x19: ffff80009c447a60 x18: 0000000000000000 [ 45.452680][ T6499] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 45.454918][ T6499] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 45.457108][ T6499] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 45.459397][ T6499] x8 : ffff0000d8f00000 x7 : 0000000000000001 x6 : 0000000000000001 [ 45.461710][ T6499] x5 : ffff80009c446ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 45.463981][ T6499] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 45.466166][ T6499] Call trace: [ 45.467076][ T6499] vma_merge_existing_range+0x14a8/0x1964 (P) [ 45.468772][ T6499] vma_modify+0x7c/0x424 [ 45.469911][ T6499] vma_modify_flags+0x18c/0x1dc [ 45.471266][ T6499] mlock_fixup+0x18c/0x2c4 [ 45.472425][ T6499] apply_mlockall_flags+0x290/0x344 [ 45.473879][ T6499] __arm64_sys_munlockall+0x11c/0x238 [ 45.475387][ T6499] invoke_syscall+0x98/0x2b8 [ 45.476644][ T6499] el0_svc_common+0x130/0x23c [ 45.477888][ T6499] do_el0_svc+0x48/0x58 [ 45.479081][ T6499] el0_svc+0x58/0x17c [ 45.480141][ T6499] el0t_64_sync_handler+0x78/0x108 [ 45.481570][ T6499] el0t_64_sync+0x198/0x19c [ 45.482807][ T6499] irq event stamp: 14432 [ 45.484005][ T6499] hardirqs last enabled at (14431): [] __console_unlock+0x70/0xc4 [ 45.486685][ T6499] hardirqs last disabled at (14432): [] el1_dbg+0x24/0x80 [ 45.489100][ T6499] softirqs last enabled at (12310): [] handle_softirqs+0xaf8/0xc88 [ 45.491778][ T6499] softirqs last disabled at (12171): [] __do_softirq+0x14/0x20 [ 45.494238][ T6499] ---[ end trace 0000000000000000 ]--- executing program [ 45.569008][ T6501] FAULT_INJECTION: forcing a failure. [ 45.569008][ T6501] name failslab, inte ** replaying previous printk message ** [ 45.569008][ T6501] FAULT_INJECTION: forcing a failure. [ 45.569008][ T6501] name failslab, interval 1, probability 0, space 0, times 0 [ 45.569085][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.569101][ T6501] Tainted: [W]=WARN [ 45.569105][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.569113][ T6501] Call trace: [ 45.569117][ T6501] show_stack+0x2c/0x3c (C) [ 45.569133][ T6501] __dump_stack+0x30/0x40 [ 45.569145][ T6501] dump_stack_lvl+0xd8/0x12c [ 45.569155][ T6501] dump_stack+0x1c/0x28 [ 45.569165][ T6501] should_fail_ex+0x41c/0x594 [ 45.569178][ T6501] should_failslab+0xc0/0x128 [ 45.569191][ T6501] kmem_cache_alloc_noprof+0x80/0x3e8 [ 45.569206][ T6501] mas_alloc_nodes+0x268/0x788 [ 45.569219][ T6501] mas_preallocate+0x4b0/0x778 [ 45.569231][ T6501] commit_merge+0x1a4/0x5b0 [ 45.569244][ T6501] vma_merge_existing_range+0x1388/0x1964 [ 45.569258][ T6501] vma_modify+0x7c/0x424 [ 45.569270][ T6501] vma_modify_flags+0x18c/0x1dc [ 45.569283][ T6501] mlock_fixup+0x18c/0x2c4 [ 45.569295][ T6501] apply_mlockall_flags+0x290/0x344 [ 45.569306][ T6501] __arm64_sys_munlockall+0x11c/0x238 [ 45.569318][ T6501] invoke_syscall+0x98/0x2b8 [ 45.569328][ T6501] el0_svc_common+0x130/0x23c [ 45.569339][ T6501] do_el0_svc+0x48/0x58 [ 45.569349][ T6501] el0_svc+0x58/0x17c [ 45.569362][ T6501] el0t_64_sync_handler+0x78/0x108 [ 45.569375][ T6501] el0t_64_sync+0x198/0x19c [ 45.569392][ T6501] vmg ffff8000a4527a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 45.569586][ T6501] vmg ffff8000a4527a60 state: mm ffff0000c98b8000 pgoff 20000 [ 45.569586][ T6501] vmi ffff8000a4527c40 [20000000,20800000) [ 45.569586][ T6501] prev ffff0000c985a140 middle ffff0000c985a140 next 0000000000000000 target 0000000000000000 [ 45.569586][ T6501] start 20000000 end 20800000 flags 100077 [ 45.569586][ T6501] file 0000000000000000 anon_vma ffff0000c8fb0990 policy 0000000000000000 [ 45.569586][ T6501] uffd_ctx 0000000000000000 [ 45.569586][ T6501] anon_name 0000000000000000 [ 45.569586][ T6501] state 0 [ 45.569586][ T6501] just_expand 0 [ 45.569586][ T6501] __adjust_middle_start 0 __adjust_next_start 0 [ 45.569586][ T6501] __remove_middle 0 __remove_next 0 [ 45.569639][ T6501] vmg ffff8000a4527a60 mm: [ 45.569656][ T6501] mm ffff0000c98b8000 task_size 281474976710656 [ 45.569656][ T6501] mmap_base 281473604251648 mmap_legacy_base 0 [ 45.569656][ T6501] pgd ffff0000c9859000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 45.569656][ T6501] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 45.569656][ T6501] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 45.569656][ T6501] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 45.569656][ T6501] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 45.569656][ T6501] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 45.569656][ T6501] binfmt ffff80008f670700 flags 8000008d [ 45.569656][ T6501] ioctx_table 0000000000000000 [ 45.569656][ T6501] owner ffff0000c87c3d00 exe_file ffff0000c7dbce00 [ 45.569656][ T6501] notifier_subscriptions 0000000000000000 [ 45.569656][ T6501] numa_next_scan 4294941909 numa_scan_offset 0 numa_scan_seq 0 [ 45.569656][ T6501] tlb_flush_pending 0 [ 45.569656][ T6501] def_flags: 0x0() [ 45.569735][ T6501] vmg ffff8000a4527a60 prev: [ 45.569752][ T6501] vma ffff0000c985a140 start 0000000020000000 end 0000000020800000 mm ffff0000c98b8000 [ 45.569752][ T6501] prot 20000000000fc3 anon_vma ffff0000c8fb0990 vm_ops 0000000000000000 [ 45.569752][ T6501] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.569752][ T6501] refcnt 1 [ 45.569752][ T6501] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.569796][ T6501] vmg ffff8000a4527a60 middle: [ 45.569813][ T6501] vma ffff0000c985a140 start 0000000020000000 end 0000000020800000 mm ffff0000c98b8000 [ 45.569813][ T6501] prot 20000000000fc3 anon_vma ffff0000c8fb0990 vm_ops 0000000000000000 [ 45.569813][ T6501] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.569813][ T6501] refcnt 1 [ 45.569813][ T6501] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.569852][ T6501] vmg ffff8000a4527a60 next: (NULL) [ 45.569869][ T6501] vmg ffff8000a4527a60 vmi: [ 45.569887][ T6501] MAS: tree=ffff0000c98b8040 enode=ffff0000d12fda0c [ 45.569901][ T6501] (ma_active) [ 45.569917][ T6501] Store Type: [ 45.569934][ T6501] node_store [ 45.569957][ T6501] [2/10] index=20000000 last=207fffff [ 45.569978][ T6501] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 45.570013][ T6501] maple_tree(ffff0000c98b8040) flags 30B, height 2 root ffff0000cf72401e [ 45.570041][ T6501] 0-ffffffffffffffff: node ffff0000cf724000 depth 0 type 3 parent ffff0000c98b8041 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d12fda0c FFFFAE30FFFF ffff0000cf72540c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 45.570389][ T6501] 0-ffffae30ffff: node ffff0000d12fda00 depth 1 type 1 parent ffff0000cf724006 contents: 0000000000000000 1FFFEFFF ffff0000c985a000 1FFFFFFF ffff0000c985a140 207FFFFF ffff0000dd5a7a00 20FFFFFF ffff0000c985a280 21000FFF 0000000000000000 AAAACA222FFF ffff0000c985a3c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c985a500 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c985a640 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 45.570638][ T6501] 0-1fffefff: 0000000000000000 [ 45.570670][ T6501] 1ffff000-1fffffff: ffff0000c985a000 [ 45.570704][ T6501] 20000000-207fffff: ffff0000c985a140 [ 45.570735][ T6501] 20800000-20ffffff: ffff0000dd5a7a00 [ 45.570768][ T6501] 21000000-21000fff: ffff0000c985a280 [ 45.570805][ T6501] 21001000-aaaaca222fff: 0000000000000000 [ 45.570838][ T6501] aaaaca223000-aaaaca244fff: ffff0000c985a3c0 [ 45.570869][ T6501] aaaaca245000-ffffae26ffff: 0000000000000000 [ 45.570902][ T6501] ffffae270000-ffffae2fbfff: ffff0000c985a500 [ 45.570933][ T6501] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 45.570964][ T6501] ffffae30c000-ffffae30ffff: ffff0000c985a640 [ 45.570998][ T6501] ffffae310000-ffffffffffffffff: node ffff0000cf725400 depth 1 type 1 parent ffff0000cf72400e contents: ffff0000c985a780 FFFFAE312FFF ffff0000c985a8c0 FFFFAE318FFF ffff0000c985aa00 FFFFAE31CFFF ffff0000c985ab40 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c985ac80 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 45.571236][ T6501] ffffae310000-ffffae312fff: ffff0000c985a780 [ 45.571267][ T6501] ffffae313000-ffffae318fff: ffff0000c985a8c0 [ 45.571298][ T6501] ffffae319000-ffffae31cfff: ffff0000c985aa00 [ 45.571332][ T6501] ffffae31d000-ffffae31efff: ffff0000c985ab40 [ 45.571366][ T6501] ffffae31f000-fffff3038fff: 0000000000000000 [ 45.571398][ T6501] fffff3039000-fffff3059fff: ffff0000c985ac80 [ 45.571430][ T6501] fffff305a000-ffffffffffffffff: 0000000000000000 [ 45.571576][ T6501] ------------[ cut here ]------------ [ 45.571590][ T6501] WARNING: CPU: 0 PID: 6501 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 45.774333][ T6501] Modules linked in: [ 45.775480][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.779265][ T6501] Tainted: [W]=WARN [ 45.780359][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.783336][ T6501] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 45.785597][ T6501] pc : vma_merge_existing_range+0x14a8/0x1964 [ 45.787357][ T6501] lr : vma_merge_existing_range+0x14a8/0x1964 [ 45.789111][ T6501] sp : ffff8000a4527910 [ 45.790285][ T6501] x29: ffff8000a4527990 x28: dfff800000000000 x27: 0000000000000001 [ 45.792609][ T6501] x26: 0000000020000000 x25: ffff8000a4527a80 x24: 0000000020000000 [ 45.795004][ T6501] x23: 1ffff000148a4f50 x22: ffff0000c985a140 x21: 0000000020800000 [ 45.797404][ T6501] x20: ffff0000c985a140 x19: ffff8000a4527a60 x18: 0000000000000000 [ 45.799744][ T6501] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 45.802051][ T6501] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 45.804413][ T6501] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 45.806794][ T6501] x8 : ffff0000c87c3d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 45.809128][ T6501] x5 : ffff8000a4526ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 45.811450][ T6501] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 45.813815][ T6501] Call trace: [ 45.814751][ T6501] vma_merge_existing_range+0x14a8/0x1964 (P) [ 45.816564][ T6501] vma_modify+0x7c/0x424 [ 45.817800][ T6501] vma_modify_flags+0x18c/0x1dc [ 45.819234][ T6501] mlock_fixup+0x18c/0x2c4 [ 45.820496][ T6501] apply_mlockall_flags+0x290/0x344 [ 45.822015][ T6501] __arm64_sys_munlockall+0x11c/0x238 [ 45.823562][ T6501] invoke_syscall+0x98/0x2b8 [ 45.824922][ T6501] el0_svc_common+0x130/0x23c [ 45.826319][ T6501] do_el0_svc+0x48/0x58 [ 45.827501][ T6501] el0_svc+0x58/0x17c [ 45.828720][ T6501] el0t_64_sync_handler+0x78/0x108 [ 45.830235][ T6501] el0t_64_sync+0x198/0x19c [ 45.831579][ T6501] irq event stamp: 14740 [ 45.832786][ T6501] hardirqs last enabled at (14739): [] __console_unlock+0x70/0xc4 [ 45.835519][ T6501] hardirqs last disabled at (14740): [] el1_dbg+0x24/0x80 [ 45.838078][ T6501] softirqs last enabled at (11572): [] handle_softirqs+0xaf8/0xc88 [ 45.840876][ T6501] softirqs last disabled at (11113): [] __do_softirq+0x14/0x20 [ 45.843602][ T6501] ---[ end trace 0000000000000000 ]--- executing program [ 45.914656][ T6502] FAULT_INJECTION: forcing a failure. [ 45.914656][ T6502] name failsla ** replaying previous printk message ** [ 45.914656][ T6502] FAULT_INJECTION: forcing a failure. [ 45.914656][ T6502] name failslab, interval 1, probability 0, space 0, times 0 [ 45.914728][ T6502] CPU: 0 UID: 0 PID: 6502 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.914743][ T6502] Tainted: [W]=WARN [ 45.914748][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.914755][ T6502] Call trace: [ 45.914758][ T6502] show_stack+0x2c/0x3c (C) [ 45.914781][ T6502] __dump_stack+0x30/0x40 [ 45.914793][ T6502] dump_stack_lvl+0xd8/0x12c [ 45.914803][ T6502] dump_stack+0x1c/0x28 [ 45.914812][ T6502] should_fail_ex+0x41c/0x594 [ 45.914825][ T6502] should_failslab+0xc0/0x128 [ 45.914838][ T6502] kmem_cache_alloc_noprof+0x80/0x3e8 [ 45.914853][ T6502] mas_alloc_nodes+0x268/0x788 [ 45.914866][ T6502] mas_preallocate+0x4b0/0x778 [ 45.914878][ T6502] commit_merge+0x1a4/0x5b0 [ 45.914890][ T6502] vma_merge_existing_range+0x1388/0x1964 [ 45.914904][ T6502] vma_modify+0x7c/0x424 [ 45.914917][ T6502] vma_modify_flags+0x18c/0x1dc [ 45.914929][ T6502] mlock_fixup+0x18c/0x2c4 [ 45.914941][ T6502] apply_mlockall_flags+0x290/0x344 [ 45.914952][ T6502] __arm64_sys_munlockall+0x11c/0x238 [ 45.914964][ T6502] invoke_syscall+0x98/0x2b8 [ 45.914974][ T6502] el0_svc_common+0x130/0x23c [ 45.914985][ T6502] do_el0_svc+0x48/0x58 [ 45.914994][ T6502] el0_svc+0x58/0x17c [ 45.915007][ T6502] el0t_64_sync_handler+0x78/0x108 [ 45.915020][ T6502] el0t_64_sync+0x198/0x19c [ 45.915037][ T6502] vmg ffff8000a43b7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 45.915218][ T6502] vmg ffff8000a43b7a60 state: mm ffff0000c98b8880 pgoff 20000 [ 45.915218][ T6502] vmi ffff8000a43b7c40 [20000000,20800000) [ 45.915218][ T6502] prev ffff0000c7b5e000 middle ffff0000c7b5e000 next 0000000000000000 target 0000000000000000 [ 45.915218][ T6502] start 20000000 end 20800000 flags 100077 [ 45.915218][ T6502] file 0000000000000000 anon_vma ffff0000c8fb0bb0 policy 0000000000000000 [ 45.915218][ T6502] uffd_ctx 0000000000000000 [ 45.915218][ T6502] anon_name 0000000000000000 [ 45.915218][ T6502] state 0 [ 45.915218][ T6502] just_expand 0 [ 45.915218][ T6502] __adjust_middle_start 0 __adjust_next_start 0 [ 45.915218][ T6502] __remove_middle 0 __remove_next 0 [ 45.915271][ T6502] vmg ffff8000a43b7a60 mm: [ 45.915289][ T6502] mm ffff0000c98b8880 task_size 281474976710656 [ 45.915289][ T6502] mmap_base 281473604251648 mmap_legacy_base 0 [ 45.915289][ T6502] pgd ffff0000c7b5d000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 45.915289][ T6502] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 45.915289][ T6502] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 45.915289][ T6502] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 45.915289][ T6502] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 45.915289][ T6502] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 45.915289][ T6502] binfmt ffff80008f670700 flags 8000008d [ 45.915289][ T6502] ioctx_table 0000000000000000 [ 45.915289][ T6502] owner ffff0000c87c5b80 exe_file ffff0000c7dbce00 [ 45.915289][ T6502] notifier_subscriptions 0000000000000000 [ 45.915289][ T6502] numa_next_scan 4294941943 numa_scan_offset 0 numa_scan_seq 0 [ 45.915289][ T6502] tlb_flush_pending 0 [ 45.915289][ T6502] def_flags: 0x0() [ 45.915368][ T6502] vmg ffff8000a43b7a60 prev: [ 45.915385][ T6502] vma ffff0000c7b5e000 start 0000000020000000 end 0000000020800000 mm ffff0000c98b8880 [ 45.915385][ T6502] prot 20000000000fc3 anon_vma ffff0000c8fb0bb0 vm_ops 0000000000000000 [ 45.915385][ T6502] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.915385][ T6502] refcnt 1 [ 45.915385][ T6502] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.915424][ T6502] vmg ffff8000a43b7a60 middle: [ 45.915441][ T6502] vma ffff0000c7b5e000 start 0000000020000000 end 0000000020800000 mm ffff0000c98b8880 [ 45.915441][ T6502] prot 20000000000fc3 anon_vma ffff0000c8fb0bb0 vm_ops 0000000000000000 [ 45.915441][ T6502] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.915441][ T6502] refcnt 1 [ 45.915441][ T6502] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.915479][ T6502] vmg ffff8000a43b7a60 next: (NULL) [ 45.915497][ T6502] vmg ffff8000a43b7a60 vmi: [ 45.915514][ T6502] MAS: tree=ffff0000c98b88c0 enode=ffff0000db15e20c [ 45.915527][ T6502] (ma_active) [ 45.915550][ T6502] Store Type: [ 45.915565][ T6502] node_store [ 45.915587][ T6502] [2/10] index=20000000 last=207fffff [ 45.915610][ T6502] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 45.915632][ T6502] maple_tree(ffff0000c98b88c0) flags 30B, height 2 root ffff0000cf725a1e [ 45.915654][ T6502] 0-ffffffffffffffff: node ffff0000cf725a00 depth 0 type 3 parent ffff0000c98b88c1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000db15e20c FFFFAE30FFFF ffff0000cf72520c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 45.915912][ T6502] 0-ffffae30ffff: node ffff0000db15e200 depth 1 type 1 parent ffff0000cf725a06 contents: 0000000000000000 1FFFEFFF ffff0000c985adc0 1FFFFFFF ffff0000c7b5e000 207FFFFF ffff0000dd5a7c80 20FFFFFF ffff0000c7b5e140 21000FFF 0000000000000000 AAAACA222FFF ffff0000c7b5e280 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c7b5e3c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c7b5e500 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 45.916129][ T6502] 0-1fffefff: 0000000000000000 [ 45.916157][ T6502] 1ffff000-1fffffff: ffff0000c985adc0 [ 45.916186][ T6502] 20000000-207fffff: ffff0000c7b5e000 [ 45.916214][ T6502] 20800000-20ffffff: ffff0000dd5a7c80 [ 45.916243][ T6502] 21000000-21000fff: ffff0000c7b5e140 [ 45.916271][ T6502] 21001000-aaaaca222fff: 0000000000000000 [ 45.916300][ T6502] aaaaca223000-aaaaca244fff: ffff0000c7b5e280 [ 45.916329][ T6502] aaaaca245000-ffffae26ffff: 0000000000000000 [ 45.916357][ T6502] ffffae270000-ffffae2fbfff: ffff0000c7b5e3c0 [ 45.916386][ T6502] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 45.916415][ T6502] ffffae30c000-ffffae30ffff: ffff0000c7b5e500 [ 45.916444][ T6502] ffffae310000-ffffffffffffffff: node ffff0000cf725200 depth 1 type 1 parent ffff0000cf725a0e contents: ffff0000c7b5e640 FFFFAE312FFF ffff0000c7b5e780 FFFFAE318FFF ffff0000c7b5e8c0 FFFFAE31CFFF ffff0000c7b5ea00 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c7b5eb40 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 45.916682][ T6502] ffffae310000-ffffae312fff: ffff0000c7b5e640 [ 45.916714][ T6502] ffffae313000-ffffae318fff: ffff0000c7b5e780 [ 45.916746][ T6502] ffffae319000-ffffae31cfff: ffff0000c7b5e8c0 [ 45.916784][ T6502] ffffae31d000-ffffae31efff: ffff0000c7b5ea00 [ 45.916816][ T6502] ffffae31f000-fffff3038fff: 0000000000000000 [ 45.916847][ T6502] fffff3039000-fffff3059fff: ffff0000c7b5eb40 [ 45.916880][ T6502] fffff305a000-ffffffffffffffff: 0000000000000000 [ 45.917021][ T6502] ------------[ cut here ]------------ [ 45.917036][ T6502] WARNING: CPU: 0 PID: 6502 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 46.116469][ T6502] Modules linked in: [ 46.117573][ T6502] CPU: 0 UID: 0 PID: 6502 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.121233][ T6502] Tainted: [W]=WARN [ 46.122275][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.125012][ T6502] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.127277][ T6502] pc : vma_merge_existing_range+0x14a8/0x1964 [ 46.128963][ T6502] lr : vma_merge_existing_range+0x14a8/0x1964 [ 46.130617][ T6502] sp : ffff8000a43b7910 [ 46.131795][ T6502] x29: ffff8000a43b7990 x28: dfff800000000000 x27: 0000000000000001 [ 46.134019][ T6502] x26: 0000000020000000 x25: ffff8000a43b7a80 x24: 0000000020000000 [ 46.136248][ T6502] x23: 1ffff00014876f50 x22: ffff0000c7b5e000 x21: 0000000020800000 [ 46.138458][ T6502] x20: ffff0000c7b5e000 x19: ffff8000a43b7a60 x18: 0000000000000000 [ 46.140734][ T6502] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 46.142907][ T6502] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 46.145123][ T6502] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 46.147310][ T6502] x8 : ffff0000c87c5b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 46.149498][ T6502] x5 : ffff8000a43b6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 46.151759][ T6502] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 46.154012][ T6502] Call trace: [ 46.154966][ T6502] vma_merge_existing_range+0x14a8/0x1964 (P) [ 46.156635][ T6502] vma_modify+0x7c/0x424 [ 46.157806][ T6502] vma_modify_flags+0x18c/0x1dc [ 46.159173][ T6502] mlock_fixup+0x18c/0x2c4 [ 46.160399][ T6502] apply_mlockall_flags+0x290/0x344 [ 46.161857][ T6502] __arm64_sys_munlockall+0x11c/0x238 [ 46.163342][ T6502] invoke_syscall+0x98/0x2b8 [ 46.164648][ T6502] el0_svc_common+0x130/0x23c [ 46.165920][ T6502] do_el0_svc+0x48/0x58 [ 46.167107][ T6502] el0_svc+0x58/0x17c [ 46.168188][ T6502] el0t_64_sync_handler+0x78/0x108 [ 46.169596][ T6502] el0t_64_sync+0x198/0x19c [ 46.170839][ T6502] irq event stamp: 14028 [ 46.172022][ T6502] hardirqs last enabled at (14027): [] __console_unlock+0x70/0xc4 [ 46.174712][ T6502] hardirqs last disabled at (14028): [] el1_dbg+0x24/0x80 [ 46.177144][ T6502] softirqs last enabled at (11946): [] handle_softirqs+0xaf8/0xc88 [ 46.179761][ T6502] softirqs last disabled at (11937): [] __do_softirq+0x14/0x20 [ 46.182260][ T6502] ---[ end trace 0000000000000000 ]--- executing program [ 46.252724][ T6503] FAULT_INJECTION: forcing a failure. [ 46.252724][ T6503] name failslab, interval 1, probability 0, space 0, times 0 [ 46.252807][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.252831][ T6503] Tainted: [W]=WARN [ 46.252836][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.252843][ T6503] Call trace: [ 46.252847][ T6503] show_stack+0x2c/0x3c (C) [ 46.252863][ T6503] __dump_stack+0x30/0x40 [ 46.252875][ T6503] dump_stack_lvl+0xd8/0x12c [ 46.252885][ T6503] dump_stack+0x1c/0x28 [ 46.252894][ T6503] should_fail_ex+0x41c/0x594 [ 46.252906][ T6503] should_failslab+0xc0/0x128 [ 46.252919][ T6503] kmem_cache_alloc_noprof+0x80/0x3e8 [ 46.252934][ T6503] mas_alloc_nodes+0x268/0x788 [ 46.252948][ T6503] mas_preallocate+0x4b0/0x778 [ 46.252960][ T6503] commit_merge+0x1a4/0x5b0 [ 46.252973][ T6503] vma_merge_existing_range+0x1388/0x1964 [ 46.252987][ T6503] vma_modify+0x7c/0x424 [ 46.252999][ T6503] vma_modify_flags+0x18c/0x1dc [ 46.253011][ T6503] mlock_fixup+0x18c/0x2c4 [ 46.253023][ T6503] apply_mlockall_flags+0x290/0x344 [ 46.253034][ T6503] __arm64_sys_munlockall+0x11c/0x238 [ 46.253046][ T6503] invoke_syscall+0x98/0x2b8 [ 46.253057][ T6503] el0_svc_common+0x130/0x23c [ 46.253067][ T6503] do_el0_svc+0x48/0x58 [ 46.253077][ T6503] el0_svc+0x58/0x17c [ 46.253090][ T6503] el0t_64_sync_handler+0x78/0x108 [ 46.253103][ T6503] el0t_64_sync+0x198/0x19c [ 46.253269][ T6503] vmg ffff80009c3f7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 46.253298][ T6503] vmg ffff80009c3f7a60 state: mm ffff0000c98b9100 pgoff 20000 [ 46.253298][ T6503] vmi ffff80009c3f7c40 [20000000,20800000) [ 46.253298][ T6503] prev ffff0000c7b5edc0 middle ffff0000c7b5edc0 next 0000000000000000 target 0000000000000000 [ 46.253298][ T6503] start 20000000 end 20800000 flags 100077 [ 46.253298][ T6503] file 0000000000000000 anon_vma ffff0000c8fb0dd0 policy 0000000000000000 [ 46.253298][ T6503] uffd_ctx 0000000000000000 [ 46.253298][ T6503] anon_name 0000000000000000 [ 46.253298][ T6503] state 0 [ 46.253298][ T6503] just_expand 0 [ 46.253298][ T6503] __adjust_middle_start 0 __adjust_next_start 0 [ 46.253298][ T6503] __remove_middle 0 __remove_next 0 [ 46.253357][ T6503] vmg ffff80009c3f7a60 mm: [ 46.253381][ T6503] mm ffff0000c98b9100 task_size 281474976710656 [ 46.253381][ T6503] mmap_base 281473604251648 mmap_legacy_base 0 [ 46.253381][ T6503] pgd ffff0000c80ce000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 46.253381][ T6503] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 46.253381][ T6503] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 46.253381][ T6503] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 46.253381][ T6503] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 46.253381][ T6503] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 46.253381][ T6503] binfmt ffff80008f670700 flags 8000008d [ 46.253381][ T6503] ioctx_table 0000000000000000 [ 46.253381][ T6503] owner ffff0000c8fa8000 exe_file ffff0000c7dbce00 [ 46.253381][ T6503] notifier_subscriptions 0000000000000000 [ 46.253381][ T6503] numa_next_scan 4294941977 numa_scan_offset 0 numa_scan_seq 0 [ 46.253381][ T6503] tlb_flush_pending 0 [ 46.253381][ T6503] def_flags: 0x0() [ 46.253465][ T6503] vmg ffff80009c3f7a60 prev: [ 46.253487][ T6503] vma ffff0000c7b5edc0 start 0000000020000000 end 0000000020800000 mm ffff0000c98b9100 [ 46.253487][ T6503] prot 20000000000fc3 anon_vma ffff0000c8fb0dd0 vm_ops 0000000000000000 [ 46.253487][ T6503] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.253487][ T6503] refcnt 1 [ 46.253487][ T6503] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.253533][ T6503] vmg ffff80009c3f7a60 middle: [ 46.253562][ T6503] vma ffff0000c7b5edc0 start 0000000020000000 end 0000000020800000 mm ffff0000c98b9100 [ 46.253562][ T6503] prot 20000000000fc3 anon_vma ffff0000c8fb0dd0 vm_ops 0000000000000000 [ 46.253562][ T6503] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.253562][ T6503] refcnt 1 [ 46.253562][ T6503] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.253606][ T6503] vmg ffff80009c3f7a60 next: (NULL) [ 46.253628][ T6503] vmg ffff80009c3f7a60 vmi: [ 46.253651][ T6503] MAS: tree=ffff0000c98b9140 enode=ffff0000db15ea0c [ 46.253669][ T6503] (ma_active) [ 46.253689][ T6503] Store Type: [ 46.253710][ T6503] node_store [ 46.253737][ T6503] [2/10] index=20000000 last=207fffff [ 46.253763][ T6503] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 46.253790][ T6503] maple_tree(ffff0000c98b9140) flags 30B, height 2 root ffff0000cf72461e [ 46.253821][ T6503] 0-ffffffffffffffff: node ffff0000cf724600 depth 0 type 3 parent ffff0000c98b9141 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000db15ea0c FFFFAE30FFFF ffff0000cf72580c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 46.254194][ T6503] 0-ffffae30ffff: node ffff0000db15ea00 depth 1 type 1 parent ffff0000cf724606 contents: 0000000000000000 1FFFEFFF ffff0000c7b5ec80 1FFFFFFF ffff0000c7b5edc0 207FFFFF ffff0000dd9e2000 20FFFFFF ffff0000c8fb1000 21000FFF 0000000000000000 AAAACA222FFF ffff0000c8fb1140 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c8fb1280 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c8fb13c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 46.254504][ T6503] 0-1fffefff: 0000000000000000 [ 46.254547][ T6503] 1ffff000-1fffffff: ffff0000c7b5ec80 [ 46.254586][ T6503] 20000000-207fffff: ffff0000c7b5edc0 [ 46.254625][ T6503] 20800000-20ffffff: ffff0000dd9e2000 [ 46.254664][ T6503] 21000000-21000fff: ffff0000c8fb1000 [ 46.254702][ T6503] 21001000-aaaaca222fff: 0000000000000000 [ 46.254741][ T6503] aaaaca223000-aaaaca244fff: ffff0000c8fb1140 [ 46.254780][ T6503] aaaaca245000-ffffae26ffff: 0000000000000000 [ 46.254821][ T6503] ffffae270000-ffffae2fbfff: ffff0000c8fb1280 [ 46.254861][ T6503] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 46.254899][ T6503] ffffae30c000-ffffae30ffff: ffff0000c8fb13c0 [ 46.254939][ T6503] ffffae310000-ffffffffffffffff: node ffff0000cf725800 depth 1 type 1 parent ffff0000cf72460e contents: ffff0000c8fb1500 FFFFAE312FFF ffff0000c8fb1640 FFFFAE318FFF ffff0000c8fb1780 FFFFAE31CFFF ffff0000c8fb18c0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8fb1a00 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 46.255248][ T6503] ffffae310000-ffffae312fff: ffff0000c8fb1500 [ 46.255287][ T6503] ffffae313000-ffffae318fff: ffff0000c8fb1640 [ 46.255327][ T6503] ffffae319000-ffffae31cfff: ffff0000c8fb1780 [ 46.255366][ T6503] ffffae31d000-ffffae31efff: ffff0000c8fb18c0 [ 46.255405][ T6503] ffffae31f000-fffff3038fff: 0000000000000000 [ 46.255443][ T6503] fffff3039000-fffff3059fff: ffff0000c8fb1a00 [ 46.255482][ T6503] fffff305a000-ffffffffffffffff: 0000000000000000 [ 46.255627][ T6503] ------------[ cut here ]------------ [ 46.255641][ T6503] WARNING: CPU: 0 PID: 6503 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 46.451953][ T6503] Modules linked in: [ 46.453045][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.456765][ T6503] Tainted: [W]=WARN [ 46.457833][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.460574][ T6503] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.462742][ T6503] pc : vma_merge_existing_range+0x14a8/0x1964 [ 46.464453][ T6503] lr : vma_merge_existing_range+0x14a8/0x1964 [ 46.466163][ T6503] sp : ffff80009c3f7910 [ 46.467314][ T6503] x29: ffff80009c3f7990 x28: dfff800000000000 x27: 0000000000000001 [ 46.469575][ T6503] x26: 0000000020000000 x25: ffff80009c3f7a80 x24: 0000000020000000 [ 46.471832][ T6503] x23: 1ffff0001387ef50 x22: ffff0000c7b5edc0 x21: 0000000020800000 [ 46.474158][ T6503] x20: ffff0000c7b5edc0 x19: ffff80009c3f7a60 x18: 0000000000000000 [ 46.476433][ T6503] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 46.478699][ T6503] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 46.481039][ T6503] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 46.483508][ T6503] x8 : ffff0000c8fa8000 x7 : 0000000000000001 x6 : 0000000000000001 [ 46.485748][ T6503] x5 : ffff80009c3f6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 46.488213][ T6503] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 46.490604][ T6503] Call trace: [ 46.491516][ T6503] vma_merge_existing_range+0x14a8/0x1964 (P) [ 46.493254][ T6503] vma_modify+0x7c/0x424 [ 46.494427][ T6503] vma_modify_flags+0x18c/0x1dc [ 46.495781][ T6503] mlock_fixup+0x18c/0x2c4 [ 46.496988][ T6503] apply_mlockall_flags+0x290/0x344 [ 46.498496][ T6503] __arm64_sys_munlockall+0x11c/0x238 [ 46.499985][ T6503] invoke_syscall+0x98/0x2b8 [ 46.501278][ T6503] el0_svc_common+0x130/0x23c [ 46.502587][ T6503] do_el0_svc+0x48/0x58 [ 46.503779][ T6503] el0_svc+0x58/0x17c [ 46.504920][ T6503] el0t_64_sync_handler+0x78/0x108 [ 46.506384][ T6503] el0t_64_sync+0x198/0x19c [ 46.507681][ T6503] irq event stamp: 14698 [ 46.508929][ T6503] hardirqs last enabled at (14697): [] __console_unlock+0x70/0xc4 [ 46.511559][ T6503] hardirqs last disabled at (14698): [] el1_dbg+0x24/0x80 [ 46.513957][ T6503] softirqs last enabled at (13048): [] handle_softirqs+0xaf8/0xc88 [ 46.516566][ T6503] softirqs last disabled at (12903): [] __do_softirq+0x14/0x20 [ 46.519067][ T6503] ---[ end trace 0000000000000000 ]--- executing program [ 46.590877][ T6505] FAULT_INJECTION: forcing a failure. [ 46.590877][ T6505] name f ** replaying previous printk message ** [ 46.590877][ T6505] FAULT_INJECTION: forcing a failure. [ 46.590877][ T6505] name failslab, interval 1, probability 0, space 0, times 0 [ 46.590946][ T6505] CPU: 0 UID: 0 PID: 6505 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.590964][ T6505] Tainted: [W]=WARN [ 46.590968][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.590976][ T6505] Call trace: [ 46.590980][ T6505] show_stack+0x2c/0x3c (C) [ 46.590997][ T6505] __dump_stack+0x30/0x40 [ 46.591008][ T6505] dump_stack_lvl+0xd8/0x12c [ 46.591018][ T6505] dump_stack+0x1c/0x28 [ 46.591027][ T6505] should_fail_ex+0x41c/0x594 [ 46.591039][ T6505] should_failslab+0xc0/0x128 [ 46.591053][ T6505] kmem_cache_alloc_noprof+0x80/0x3e8 [ 46.591067][ T6505] mas_alloc_nodes+0x268/0x788 [ 46.591080][ T6505] mas_preallocate+0x4b0/0x778 [ 46.591092][ T6505] commit_merge+0x1a4/0x5b0 [ 46.591105][ T6505] vma_merge_existing_range+0x1388/0x1964 [ 46.591119][ T6505] vma_modify+0x7c/0x424 [ 46.591131][ T6505] vma_modify_flags+0x18c/0x1dc [ 46.591144][ T6505] mlock_fixup+0x18c/0x2c4 [ 46.591156][ T6505] apply_mlockall_flags+0x290/0x344 [ 46.591167][ T6505] __arm64_sys_munlockall+0x11c/0x238 [ 46.591178][ T6505] invoke_syscall+0x98/0x2b8 [ 46.591189][ T6505] el0_svc_common+0x130/0x23c [ 46.591199][ T6505] do_el0_svc+0x48/0x58 [ 46.591209][ T6505] el0_svc+0x58/0x17c [ 46.591222][ T6505] el0t_64_sync_handler+0x78/0x108 [ 46.591242][ T6505] el0t_64_sync+0x198/0x19c [ 46.591416][ T6505] vmg ffff80009c447a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 46.591439][ T6505] vmg ffff80009c447a60 state: mm ffff0000c959c400 pgoff 20000 [ 46.591439][ T6505] vmi ffff80009c447c40 [20000000,20800000) [ 46.591439][ T6505] prev ffff0000dd9e2280 middle ffff0000dd9e2280 next 0000000000000000 target 0000000000000000 [ 46.591439][ T6505] start 20000000 end 20800000 flags 100077 [ 46.591439][ T6505] file 0000000000000000 anon_vma ffff0000c8601550 policy 0000000000000000 [ 46.591439][ T6505] uffd_ctx 0000000000000000 [ 46.591439][ T6505] anon_name 0000000000000000 [ 46.591439][ T6505] state 0 [ 46.591439][ T6505] just_expand 0 [ 46.591439][ T6505] __adjust_middle_start 0 __adjust_next_start 0 [ 46.591439][ T6505] __remove_middle 0 __remove_next 0 [ 46.591492][ T6505] vmg ffff80009c447a60 mm: [ 46.591510][ T6505] mm ffff0000c959c400 task_size 281474976710656 [ 46.591510][ T6505] mmap_base 281473604251648 mmap_legacy_base 0 [ 46.591510][ T6505] pgd ffff0000c80ce000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 46.591510][ T6505] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 46.591510][ T6505] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 46.591510][ T6505] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 46.591510][ T6505] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 46.591510][ T6505] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 46.591510][ T6505] binfmt ffff80008f670700 flags 8000008d [ 46.591510][ T6505] ioctx_table 0000000000000000 [ 46.591510][ T6505] owner ffff0000d8f03d00 exe_file ffff0000c7dbce00 [ 46.591510][ T6505] notifier_subscriptions 0000000000000000 [ 46.591510][ T6505] numa_next_scan 4294942011 numa_scan_offset 0 numa_scan_seq 0 [ 46.591510][ T6505] tlb_flush_pending 0 [ 46.591510][ T6505] def_flags: 0x0() [ 46.591600][ T6505] vmg ffff80009c447a60 prev: [ 46.591618][ T6505] vma ffff0000dd9e2280 start 0000000020000000 end 0000000020800000 mm ffff0000c959c400 [ 46.591618][ T6505] prot 20000000000fc3 anon_vma ffff0000c8601550 vm_ops 0000000000000000 [ 46.591618][ T6505] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.591618][ T6505] refcnt 1 [ 46.591618][ T6505] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.591657][ T6505] vmg ffff80009c447a60 middle: [ 46.591674][ T6505] vma ffff0000dd9e2280 start 0000000020000000 end 0000000020800000 mm ffff0000c959c400 [ 46.591674][ T6505] prot 20000000000fc3 anon_vma ffff0000c8601550 vm_ops 0000000000000000 [ 46.591674][ T6505] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.591674][ T6505] refcnt 1 [ 46.591674][ T6505] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.591713][ T6505] vmg ffff80009c447a60 next: (NULL) [ 46.591734][ T6505] vmg ffff80009c447a60 vmi: [ 46.591752][ T6505] MAS: tree=ffff0000c959c440 enode=ffff0000db15f80c [ 46.591764][ T6505] (ma_active) [ 46.591780][ T6505] Store Type: [ 46.591795][ T6505] node_store [ 46.591822][ T6505] [2/10] index=20000000 last=207fffff [ 46.591842][ T6505] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 46.591864][ T6505] maple_tree(ffff0000c959c440) flags 30B, height 2 root ffff0000db15ee1e [ 46.591890][ T6505] 0-ffffffffffffffff: node ffff0000db15ee00 depth 0 type 3 parent ffff0000c959c441 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000db15f80c FFFFAE30FFFF ffff0000db15f20c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 46.592142][ T6505] 0-ffffae30ffff: node ffff0000db15f800 depth 1 type 1 parent ffff0000db15ee06 contents: 0000000000000000 1FFFEFFF ffff0000dd9e2140 1FFFFFFF ffff0000dd9e2280 207FFFFF ffff0000c8948140 20FFFFFF ffff0000dd9e23c0 21000FFF 0000000000000000 AAAACA222FFF ffff0000dd9e2500 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000dd9e2640 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000dd9e2780 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 46.592364][ T6505] 0-1fffefff: 0000000000000000 [ 46.592393][ T6505] 1ffff000-1fffffff: ffff0000dd9e2140 [ 46.592421][ T6505] 20000000-207fffff: ffff0000dd9e2280 [ 46.592450][ T6505] 20800000-20ffffff: ffff0000c8948140 [ 46.592478][ T6505] 21000000-21000fff: ffff0000dd9e23c0 [ 46.592507][ T6505] 21001000-aaaaca222fff: 0000000000000000 [ 46.592543][ T6505] aaaaca223000-aaaaca244fff: ffff0000dd9e2500 [ 46.592573][ T6505] aaaaca245000-ffffae26ffff: 0000000000000000 [ 46.592601][ T6505] ffffae270000-ffffae2fbfff: ffff0000dd9e2640 [ 46.592630][ T6505] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 46.592659][ T6505] ffffae30c000-ffffae30ffff: ffff0000dd9e2780 [ 46.592688][ T6505] ffffae310000-ffffffffffffffff: node ffff0000db15f200 depth 1 type 1 parent ffff0000db15ee0e contents: ffff0000dd9e28c0 FFFFAE312FFF ffff0000dd9e2a00 FFFFAE318FFF ffff0000dd9e2b40 FFFFAE31CFFF ffff0000dd9e2c80 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000dd9e2dc0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 46.592912][ T6505] ffffae310000-ffffae312fff: ffff0000dd9e28c0 [ 46.592941][ T6505] ffffae313000-ffffae318fff: ffff0000dd9e2a00 [ 46.592970][ T6505] ffffae319000-ffffae31cfff: ffff0000dd9e2b40 [ 46.592999][ T6505] ffffae31d000-ffffae31efff: ffff0000dd9e2c80 [ 46.593031][ T6505] ffffae31f000-fffff3038fff: 0000000000000000 [ 46.593060][ T6505] fffff3039000-fffff3059fff: ffff0000dd9e2dc0 [ 46.593089][ T6505] fffff305a000-ffffffffffffffff: 0000000000000000 [ 46.593218][ T6505] ------------[ cut here ]------------ [ 46.593231][ T6505] WARNING: CPU: 0 PID: 6505 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 46.784492][ T6505] Modules linked in: [ 46.785570][ T6505] CPU: 0 UID: 0 PID: 6505 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.789124][ T6505] Tainted: [W]=WARN [ 46.790184][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.792997][ T6505] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.795203][ T6505] pc : vma_merge_existing_range+0x14a8/0x1964 [ 46.796896][ T6505] lr : vma_merge_existing_range+0x14a8/0x1964 [ 46.798559][ T6505] sp : ffff80009c447910 [ 46.799763][ T6505] x29: ffff80009c447990 x28: dfff800000000000 x27: 0000000000000001 [ 46.802048][ T6505] x26: 0000000020000000 x25: ffff80009c447a80 x24: 0000000020000000 [ 46.804329][ T6505] x23: 1ffff00013888f50 x22: ffff0000dd9e2280 x21: 0000000020800000 [ 46.806711][ T6505] x20: ffff0000dd9e2280 x19: ffff80009c447a60 x18: 0000000000000000 [ 46.808977][ T6505] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 46.811280][ T6505] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 46.813596][ T6505] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 46.816004][ T6505] x8 : ffff0000d8f03d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 46.818392][ T6505] x5 : ffff80009c446ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 46.820694][ T6505] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 46.823035][ T6505] Call trace: [ 46.823983][ T6505] vma_merge_existing_range+0x14a8/0x1964 (P) [ 46.825714][ T6505] vma_modify+0x7c/0x424 [ 46.826923][ T6505] vma_modify_flags+0x18c/0x1dc [ 46.828252][ T6505] mlock_fixup+0x18c/0x2c4 [ 46.829466][ T6505] apply_mlockall_flags+0x290/0x344 [ 46.830946][ T6505] __arm64_sys_munlockall+0x11c/0x238 [ 46.832477][ T6505] invoke_syscall+0x98/0x2b8 [ 46.833830][ T6505] el0_svc_common+0x130/0x23c [ 46.835136][ T6505] do_el0_svc+0x48/0x58 [ 46.836363][ T6505] el0_svc+0x58/0x17c [ 46.837556][ T6505] el0t_64_sync_handler+0x78/0x108 [ 46.838993][ T6505] el0t_64_sync+0x198/0x19c [ 46.840272][ T6505] irq event stamp: 14108 [ 46.841549][ T6505] hardirqs last enabled at (14107): [] __console_unlock+0x70/0xc4 [ 46.844374][ T6505] hardirqs last disabled at (14108): [] el1_dbg+0x24/0x80 [ 46.846812][ T6505] softirqs last enabled at (10318): [] handle_softirqs+0xaf8/0xc88 [ 46.849555][ T6505] softirqs last disabled at (10309): [] __do_softirq+0x14/0x20 [ 46.852122][ T6505] ---[ end trace 0000000000000000 ]--- executing program [ 46.930003][ T6507] FAULT_INJECTION: forcing a failure. [ 46.930003][ T6507] name failslab, interval 1, probability 0, space 0, times 0 [ ** replaying previous printk message ** [ 46.930076][ T6507] CPU: 1 UID: 0 PID: 6507 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 46.930092][ T6507] Tainted: [W]=WARN [ 46.930096][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.930103][ T6507] Call trace: [ 46.930107][ T6507] show_stack+0x2c/0x3c (C) [ 46.930124][ T6507] __dump_stack+0x30/0x40 [ 46.930136][ T6507] dump_stack_lvl+0xd8/0x12c [ 46.930146][ T6507] dump_stack+0x1c/0x28 [ 46.930155][ T6507] should_fail_ex+0x41c/0x594 [ 46.930168][ T6507] should_failslab+0xc0/0x128 [ 46.930181][ T6507] kmem_cache_alloc_noprof+0x80/0x3e8 [ 46.930195][ T6507] mas_alloc_nodes+0x268/0x788 [ 46.930212][ T6507] mas_preallocate+0x4b0/0x778 [ 46.930224][ T6507] commit_merge+0x1a4/0x5b0 [ 46.930237][ T6507] vma_merge_existing_range+0x1388/0x1964 [ 46.930251][ T6507] vma_modify+0x7c/0x424 [ 46.930263][ T6507] vma_modify_flags+0x18c/0x1dc [ 46.930275][ T6507] mlock_fixup+0x18c/0x2c4 [ 46.930287][ T6507] apply_mlockall_flags+0x290/0x344 [ 46.930298][ T6507] __arm64_sys_munlockall+0x11c/0x238 [ 46.930310][ T6507] invoke_syscall+0x98/0x2b8 [ 46.930320][ T6507] el0_svc_common+0x130/0x23c [ 46.930331][ T6507] do_el0_svc+0x48/0x58 [ 46.930341][ T6507] el0_svc+0x58/0x17c [ 46.930353][ T6507] el0t_64_sync_handler+0x78/0x108 [ 46.930367][ T6507] el0t_64_sync+0x198/0x19c [ 46.931990][ T6507] vmg ffff8000a4557a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 46.932017][ T6507] vmg ffff8000a4557a60 state: mm ffff0000c98baa80 pgoff 20000 [ 46.932017][ T6507] vmi ffff8000a4557c40 [20000000,20800000) [ 46.932017][ T6507] prev ffff0000c8f00c80 middle ffff0000c8f00c80 next 0000000000000000 target 0000000000000000 [ 46.932017][ T6507] start 20000000 end 20800000 flags 100077 [ 46.932017][ T6507] file 0000000000000000 anon_vma ffff0000c8601770 policy 0000000000000000 [ 46.932017][ T6507] uffd_ctx 0000000000000000 [ 46.932017][ T6507] anon_name 0000000000000000 [ 46.932017][ T6507] state 0 [ 46.932017][ T6507] just_expand 0 [ 46.932017][ T6507] __adjust_middle_start 0 __adjust_next_start 0 [ 46.932017][ T6507] __remove_middle 0 __remove_next 0 [ 46.932071][ T6507] vmg ffff8000a4557a60 mm: [ 46.932089][ T6507] mm ffff0000c98baa80 task_size 281474976710656 [ 46.932089][ T6507] mmap_base 281473604251648 mmap_legacy_base 0 [ 46.932089][ T6507] pgd ffff0000c8e91000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 46.932089][ T6507] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 46.932089][ T6507] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 46.932089][ T6507] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 46.932089][ T6507] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 46.932089][ T6507] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 46.932089][ T6507] binfmt ffff80008f670700 flags 8000008d [ 46.932089][ T6507] ioctx_table 0000000000000000 [ 46.932089][ T6507] owner ffff0000c8fadb80 exe_file ffff0000c7dbce00 [ 46.932089][ T6507] notifier_subscriptions 0000000000000000 [ 46.932089][ T6507] numa_next_scan 4294942044 numa_scan_offset 0 numa_scan_seq 0 [ 46.932089][ T6507] tlb_flush_pending 0 [ 46.932089][ T6507] def_flags: 0x0() [ 46.932167][ T6507] vmg ffff8000a4557a60 prev: [ 46.932184][ T6507] vma ffff0000c8f00c80 start 0000000020000000 end 0000000020800000 mm ffff0000c98baa80 [ 46.932184][ T6507] prot 20000000000fc3 anon_vma ffff0000c8601770 vm_ops 0000000000000000 [ 46.932184][ T6507] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.932184][ T6507] refcnt 1 [ 46.932184][ T6507] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.932224][ T6507] vmg ffff8000a4557a60 middle: [ 46.932241][ T6507] vma ffff0000c8f00c80 start 0000000020000000 end 0000000020800000 mm ffff0000c98baa80 [ 46.932241][ T6507] prot 20000000000fc3 anon_vma ffff0000c8601770 vm_ops 0000000000000000 [ 46.932241][ T6507] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 46.932241][ T6507] refcnt 1 [ 46.932241][ T6507] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 46.932279][ T6507] vmg ffff8000a4557a60 next: (NULL) [ 46.932297][ T6507] vmg ffff8000a4557a60 vmi: [ 46.932314][ T6507] MAS: tree=ffff0000c98baac0 enode=ffff0000d5eae00c [ 46.932326][ T6507] (ma_active) [ 46.932342][ T6507] Store Type: [ 46.932357][ T6507] node_store [ 46.932379][ T6507] [2/10] index=20000000 last=207fffff [ 46.932399][ T6507] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 46.932421][ T6507] maple_tree(ffff0000c98baac0) flags 30B, height 2 root ffff0000c960261e [ 46.932442][ T6507] 0-ffffffffffffffff: node ffff0000c9602600 depth 0 type 3 parent ffff0000c98baac1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5eae00c FFFFAE30FFFF ffff0000c9602a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 46.932704][ T6507] 0-ffffae30ffff: node ffff0000d5eae000 depth 1 type 1 parent ffff0000c9602606 contents: 0000000000000000 1FFFEFFF ffff0000c8f00b40 1FFFFFFF ffff0000c8f00c80 207FFFFF ffff0000c89483c0 20FFFFFF ffff0000c8f00dc0 21000FFF 0000000000000000 AAAACA222FFF ffff0000c8e92000 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c8e92140 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c8e92280 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 46.932932][ T6507] 0-1fffefff: 0000000000000000 [ 46.932960][ T6507] 1ffff000-1fffffff: ffff0000c8f00b40 [ 46.932989][ T6507] 20000000-207fffff: ffff0000c8f00c80 [ 46.933018][ T6507] 20800000-20ffffff: ffff0000c89483c0 [ 46.933046][ T6507] 21000000-21000fff: ffff0000c8f00dc0 [ 46.933075][ T6507] 21001000-aaaaca222fff: 0000000000000000 [ 46.933103][ T6507] aaaaca223000-aaaaca244fff: ffff0000c8e92000 [ 46.933132][ T6507] aaaaca245000-ffffae26ffff: 0000000000000000 [ 46.933161][ T6507] ffffae270000-ffffae2fbfff: ffff0000c8e92140 [ 46.933190][ T6507] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 46.933218][ T6507] ffffae30c000-ffffae30ffff: ffff0000c8e92280 [ 46.933247][ T6507] ffffae310000-ffffffffffffffff: node ffff0000c9602a00 depth 1 type 1 parent ffff0000c960260e contents: ffff0000c8e923c0 FFFFAE312FFF ffff0000c8e92500 FFFFAE318FFF ffff0000c8e92640 FFFFAE31CFFF ffff0000c8e92780 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8e928c0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 46.933463][ T6507] ffffae310000-ffffae312fff: ffff0000c8e923c0 [ 46.933492][ T6507] ffffae313000-ffffae318fff: ffff0000c8e92500 [ 46.933521][ T6507] ffffae319000-ffffae31cfff: ffff0000c8e92640 [ 46.933555][ T6507] ffffae31d000-ffffae31efff: ffff0000c8e92780 [ 46.933584][ T6507] ffffae31f000-fffff3038fff: 0000000000000000 [ 46.933613][ T6507] fffff3039000-fffff3059fff: ffff0000c8e928c0 [ 46.933642][ T6507] fffff305a000-ffffffffffffffff: 0000000000000000 [ 46.933773][ T6507] ------------[ cut here ]------------ [ 46.933786][ T6507] WARNING: CPU: 1 PID: 6507 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 47.126519][ T6507] Modules linked in: [ 47.127762][ T6507] CPU: 1 UID: 0 PID: 6507 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47.131871][ T6507] Tainted: [W]=WARN [ 47.132935][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.135717][ T6507] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 47.137886][ T6507] pc : vma_merge_existing_range+0x14a8/0x1964 [ 47.139648][ T6507] lr : vma_merge_existing_range+0x14a8/0x1964 [ 47.141359][ T6507] sp : ffff8000a4557910 [ 47.142559][ T6507] x29: ffff8000a4557990 x28: dfff800000000000 x27: 0000000000000001 [ 47.144740][ T6507] x26: 0000000020000000 x25: ffff8000a4557a80 x24: 0000000020000000 [ 47.147027][ T6507] x23: 1ffff000148aaf50 x22: ffff0000c8f00c80 x21: 0000000020800000 [ 47.149240][ T6507] x20: ffff0000c8f00c80 x19: ffff8000a4557a60 x18: 0000000000000000 [ 47.151486][ T6507] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 47.153730][ T6507] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 47.155960][ T6507] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 47.158325][ T6507] x8 : ffff0000c8fadb80 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.160611][ T6507] x5 : ffff8000a4556ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 47.162865][ T6507] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 47.165256][ T6507] Call trace: [ 47.166201][ T6507] vma_merge_existing_range+0x14a8/0x1964 (P) [ 47.167944][ T6507] vma_modify+0x7c/0x424 [ 47.169142][ T6507] vma_modify_flags+0x18c/0x1dc [ 47.171830][ T6507] mlock_fixup+0x18c/0x2c4 [ 47.173077][ T6507] apply_mlockall_flags+0x290/0x344 [ 47.174488][ T6507] __arm64_sys_munlockall+0x11c/0x238 [ 47.175983][ T6507] invoke_syscall+0x98/0x2b8 [ 47.177259][ T6507] el0_svc_common+0x130/0x23c [ 47.178566][ T6507] do_el0_svc+0x48/0x58 [ 47.179731][ T6507] el0_svc+0x58/0x17c [ 47.180881][ T6507] el0t_64_sync_handler+0x78/0x108 [ 47.182292][ T6507] el0t_64_sync+0x198/0x19c [ 47.183523][ T6507] irq event stamp: 14638 [ 47.184676][ T6507] hardirqs last enabled at (14637): [] __console_unlock+0x70/0xc4 [ 47.187369][ T6507] hardirqs last disabled at (14638): [] el1_dbg+0x24/0x80 [ 47.189863][ T6507] softirqs last enabled at (13866): [] handle_softirqs+0xaf8/0xc88 [ 47.192506][ T6507] softirqs last disabled at (13855): [] __do_softirq+0x14/0x20 [ 47.195112][ T6507] ---[ end trace 0000000000000000 ]--- executing program [ 47.267607][ T6509] FAULT_INJECTION: forcing a failure. [ 47.267607][ T6509] name fails ** replaying previous printk message ** [ 47.267607][ T6509] FAULT_INJECTION: forcing a failure. [ 47.267607][ T6509] name failslab, interval 1, probability 0, space 0, times 0 [ 47.267681][ T6509] CPU: 1 UID: 0 PID: 6509 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47.267698][ T6509] Tainted: [W]=WARN [ 47.267703][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.267717][ T6509] Call trace: [ 47.267721][ T6509] show_stack+0x2c/0x3c (C) [ 47.267738][ T6509] __dump_stack+0x30/0x40 [ 47.267749][ T6509] dump_stack_lvl+0xd8/0x12c [ 47.267759][ T6509] dump_stack+0x1c/0x28 [ 47.267769][ T6509] should_fail_ex+0x41c/0x594 [ 47.267781][ T6509] should_failslab+0xc0/0x128 [ 47.267794][ T6509] kmem_cache_alloc_noprof+0x80/0x3e8 [ 47.267809][ T6509] mas_alloc_nodes+0x268/0x788 [ 47.267822][ T6509] mas_preallocate+0x4b0/0x778 [ 47.267834][ T6509] commit_merge+0x1a4/0x5b0 [ 47.267847][ T6509] vma_merge_existing_range+0x1388/0x1964 [ 47.267861][ T6509] vma_modify+0x7c/0x424 [ 47.267873][ T6509] vma_modify_flags+0x18c/0x1dc [ 47.267886][ T6509] mlock_fixup+0x18c/0x2c4 [ 47.267898][ T6509] apply_mlockall_flags+0x290/0x344 [ 47.267909][ T6509] __arm64_sys_munlockall+0x11c/0x238 [ 47.267921][ T6509] invoke_syscall+0x98/0x2b8 [ 47.267931][ T6509] el0_svc_common+0x130/0x23c [ 47.267942][ T6509] do_el0_svc+0x48/0x58 [ 47.267952][ T6509] el0_svc+0x58/0x17c [ 47.267965][ T6509] el0t_64_sync_handler+0x78/0x108 [ 47.267978][ T6509] el0t_64_sync+0x198/0x19c [ 47.268147][ T6509] vmg ffff8000a4527a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 47.268169][ T6509] vmg ffff8000a4527a60 state: mm ffff0000c959d500 pgoff 20000 [ 47.268169][ T6509] vmi ffff8000a4527c40 [20000000,20800000) [ 47.268169][ T6509] prev ffff0000db252dc0 middle ffff0000db252dc0 next 0000000000000000 target 0000000000000000 [ 47.268169][ T6509] start 20000000 end 20800000 flags 100077 [ 47.268169][ T6509] file 0000000000000000 anon_vma ffff0000c8f02aa0 policy 0000000000000000 [ 47.268169][ T6509] uffd_ctx 0000000000000000 [ 47.268169][ T6509] anon_name 0000000000000000 [ 47.268169][ T6509] state 0 [ 47.268169][ T6509] just_expand 0 [ 47.268169][ T6509] __adjust_middle_start 0 __adjust_next_start 0 [ 47.268169][ T6509] __remove_middle 0 __remove_next 0 [ 47.268223][ T6509] vmg ffff8000a4527a60 mm: [ 47.268241][ T6509] mm ffff0000c959d500 task_size 281474976710656 [ 47.268241][ T6509] mmap_base 281473604251648 mmap_legacy_base 0 [ 47.268241][ T6509] pgd ffff0000c876f000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 47.268241][ T6509] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 47.268241][ T6509] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 47.268241][ T6509] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 47.268241][ T6509] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 47.268241][ T6509] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 47.268241][ T6509] binfmt ffff80008f670700 flags 8000008d [ 47.268241][ T6509] ioctx_table 0000000000000000 [ 47.268241][ T6509] owner ffff0000cb5e0000 exe_file ffff0000c7dbce00 [ 47.268241][ T6509] notifier_subscriptions 0000000000000000 [ 47.268241][ T6509] numa_next_scan 4294942078 numa_scan_offset 0 numa_scan_seq 0 [ 47.268241][ T6509] tlb_flush_pending 0 [ 47.268241][ T6509] def_flags: 0x0() [ 47.268321][ T6509] vmg ffff8000a4527a60 prev: [ 47.268338][ T6509] vma ffff0000db252dc0 start 0000000020000000 end 0000000020800000 mm ffff0000c959d500 [ 47.268338][ T6509] prot 20000000000fc3 anon_vma ffff0000c8f02aa0 vm_ops 0000000000000000 [ 47.268338][ T6509] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.268338][ T6509] refcnt 1 [ 47.268338][ T6509] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.268378][ T6509] vmg ffff8000a4527a60 middle: [ 47.268395][ T6509] vma ffff0000db252dc0 start 0000000020000000 end 0000000020800000 mm ffff0000c959d500 [ 47.268395][ T6509] prot 20000000000fc3 anon_vma ffff0000c8f02aa0 vm_ops 0000000000000000 [ 47.268395][ T6509] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.268395][ T6509] refcnt 1 [ 47.268395][ T6509] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.268434][ T6509] vmg ffff8000a4527a60 next: (NULL) [ 47.268451][ T6509] vmg ffff8000a4527a60 vmi: [ 47.268468][ T6509] MAS: tree=ffff0000c959d540 enode=ffff0000c960320c [ 47.268481][ T6509] (ma_active) [ 47.268496][ T6509] Store Type: [ 47.268512][ T6509] node_store [ 47.268540][ T6509] [2/10] index=20000000 last=207fffff [ 47.268561][ T6509] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 47.268583][ T6509] maple_tree(ffff0000c959d540) flags 30B, height 2 root ffff0000d62d961e [ 47.268605][ T6509] 0-ffffffffffffffff: node ffff0000d62d9600 depth 0 type 3 parent ffff0000c959d541 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c960320c FFFFAE30FFFF ffff0000d62d9a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 47.268858][ T6509] 0-ffffae30ffff: node ffff0000c9603200 depth 1 type 1 parent ffff0000d62d9606 contents: 0000000000000000 1FFFEFFF ffff0000db252c80 1FFFFFFF ffff0000db252dc0 207FFFFF ffff0000c8e92b40 20FFFFFF ffff0000cbf65000 21000FFF 0000000000000000 AAAACA222FFF ffff0000cbf65140 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000cbf65280 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000cbf653c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 47.269075][ T6509] 0-1fffefff: 0000000000000000 [ 47.269103][ T6509] 1ffff000-1fffffff: ffff0000db252c80 [ 47.269131][ T6509] 20000000-207fffff: ffff0000db252dc0 [ 47.269160][ T6509] 20800000-20ffffff: ffff0000c8e92b40 [ 47.269188][ T6509] 21000000-21000fff: ffff0000cbf65000 [ 47.269217][ T6509] 21001000-aaaaca222fff: 0000000000000000 [ 47.269245][ T6509] aaaaca223000-aaaaca244fff: ffff0000cbf65140 [ 47.269274][ T6509] aaaaca245000-ffffae26ffff: 0000000000000000 [ 47.269302][ T6509] ffffae270000-ffffae2fbfff: ffff0000cbf65280 [ 47.269331][ T6509] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 47.269360][ T6509] ffffae30c000-ffffae30ffff: ffff0000cbf653c0 [ 47.269389][ T6509] ffffae310000-ffffffffffffffff: node ffff0000d62d9a00 depth 1 type 1 parent ffff0000d62d960e contents: ffff0000cbf65500 FFFFAE312FFF ffff0000cbf65640 FFFFAE318FFF ffff0000cbf65780 FFFFAE31CFFF ffff0000cbf658c0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000cbf65a00 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 47.269607][ T6509] ffffae310000-ffffae312fff: ffff0000cbf65500 [ 47.269637][ T6509] ffffae313000-ffffae318fff: ffff0000cbf65640 [ 47.269666][ T6509] ffffae319000-ffffae31cfff: ffff0000cbf65780 [ 47.269695][ T6509] ffffae31d000-ffffae31efff: ffff0000cbf658c0 [ 47.269727][ T6509] ffffae31f000-fffff3038fff: 0000000000000000 [ 47.269755][ T6509] fffff3039000-fffff3059fff: ffff0000cbf65a00 [ 47.269784][ T6509] fffff305a000-ffffffffffffffff: 0000000000000000 [ 47.269912][ T6509] ------------[ cut here ]------------ [ 47.269924][ T6509] WARNING: CPU: 1 PID: 6509 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 47.462920][ T6509] Modules linked in: [ 47.463942][ T6509] CPU: 1 UID: 0 PID: 6509 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47.467365][ T6509] Tainted: [W]=WARN [ 47.468387][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.471014][ T6509] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 47.473023][ T6509] pc : vma_merge_existing_range+0x14a8/0x1964 [ 47.474666][ T6509] lr : vma_merge_existing_range+0x14a8/0x1964 [ 47.476295][ T6509] sp : ffff8000a4527910 [ 47.477387][ T6509] x29: ffff8000a4527990 x28: dfff800000000000 x27: 0000000000000001 [ 47.479499][ T6509] x26: 0000000020000000 x25: ffff8000a4527a80 x24: 0000000020000000 [ 47.481677][ T6509] x23: 1ffff000148a4f50 x22: ffff0000db252dc0 x21: 0000000020800000 [ 47.483788][ T6509] x20: ffff0000db252dc0 x19: ffff8000a4527a60 x18: 0000000000000000 [ 47.485975][ T6509] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 47.488157][ T6509] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 47.490312][ T6509] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 47.492473][ T6509] x8 : ffff0000cb5e0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.494624][ T6509] x5 : ffff8000a4526ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 47.496800][ T6509] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 47.498981][ T6509] Call trace: [ 47.499862][ T6509] vma_merge_existing_range+0x14a8/0x1964 (P) [ 47.501546][ T6509] vma_modify+0x7c/0x424 [ 47.502683][ T6509] vma_modify_flags+0x18c/0x1dc [ 47.504005][ T6509] mlock_fixup+0x18c/0x2c4 [ 47.505259][ T6509] apply_mlockall_flags+0x290/0x344 [ 47.506656][ T6509] __arm64_sys_munlockall+0x11c/0x238 [ 47.508132][ T6509] invoke_syscall+0x98/0x2b8 [ 47.509351][ T6509] el0_svc_common+0x130/0x23c [ 47.510669][ T6509] do_el0_svc+0x48/0x58 [ 47.511958][ T6509] el0_svc+0x58/0x17c [ 47.513139][ T6509] el0t_64_sync_handler+0x78/0x108 [ 47.514596][ T6509] el0t_64_sync+0x198/0x19c [ 47.515879][ T6509] irq event stamp: 14324 [ 47.517072][ T6509] hardirqs last enabled at (14323): [] __console_unlock+0x70/0xc4 [ 47.519644][ T6509] hardirqs last disabled at (14324): [] el1_dbg+0x24/0x80 [ 47.521986][ T6509] softirqs last enabled at (11660): [] handle_softirqs+0xaf8/0xc88 [ 47.524738][ T6509] softirqs last disabled at (11271): [] __do_softirq+0x14/0x20 [ 47.527245][ T6509] ---[ end trace 0000000000000000 ]--- executing program [ 47.596800][ T6511] FAULT_INJECTION: forcing a failure. [ 47.596800][ T6511] name failslab, interval 1, probability 0, space 0, times 0 [ 47.596880][ T6511] CPU: 1 UID: 0 PID: 6511 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47. ** replaying previous printk message ** [ 47.596898][ T6511] Tainted: [W]=WARN [ 47.596902][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.596909][ T6511] Call trace: [ 47.596913][ T6511] show_stack+0x2c/0x3c (C) [ 47.596930][ T6511] __dump_stack+0x30/0x40 [ 47.596942][ T6511] dump_stack_lvl+0xd8/0x12c [ 47.596952][ T6511] dump_stack+0x1c/0x28 [ 47.596961][ T6511] should_fail_ex+0x41c/0x594 [ 47.596974][ T6511] should_failslab+0xc0/0x128 [ 47.596987][ T6511] kmem_cache_alloc_noprof+0x80/0x3e8 [ 47.597002][ T6511] mas_alloc_nodes+0x268/0x788 [ 47.597016][ T6511] mas_preallocate+0x4b0/0x778 [ 47.597027][ T6511] commit_merge+0x1a4/0x5b0 [ 47.597040][ T6511] vma_merge_existing_range+0x1388/0x1964 [ 47.597054][ T6511] vma_modify+0x7c/0x424 [ 47.597066][ T6511] vma_modify_flags+0x18c/0x1dc [ 47.597079][ T6511] mlock_fixup+0x18c/0x2c4 [ 47.597091][ T6511] apply_mlockall_flags+0x290/0x344 [ 47.597102][ T6511] __arm64_sys_munlockall+0x11c/0x238 [ 47.597114][ T6511] invoke_syscall+0x98/0x2b8 [ 47.597124][ T6511] el0_svc_common+0x130/0x23c [ 47.597135][ T6511] do_el0_svc+0x48/0x58 [ 47.597145][ T6511] el0_svc+0x58/0x17c [ 47.597158][ T6511] el0t_64_sync_handler+0x78/0x108 [ 47.597171][ T6511] el0t_64_sync+0x198/0x19c [ 47.599855][ T6511] vmg ffff80009c3f7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 47.599888][ T6511] vmg ffff80009c3f7a60 state: mm ffff0000c959e600 pgoff 20000 [ 47.599888][ T6511] vmi ffff80009c3f7c40 [20000000,20800000) [ 47.599888][ T6511] prev ffff0000d685a500 middle ffff0000d685a500 next 0000000000000000 target 0000000000000000 [ 47.599888][ T6511] start 20000000 end 20800000 flags 100077 [ 47.599888][ T6511] file 0000000000000000 anon_vma ffff0000c8f02cc0 policy 0000000000000000 [ 47.599888][ T6511] uffd_ctx 0000000000000000 [ 47.599888][ T6511] anon_name 0000000000000000 [ 47.599888][ T6511] state 0 [ 47.599888][ T6511] just_expand 0 [ 47.599888][ T6511] __adjust_middle_start 0 __adjust_next_start 0 [ 47.599888][ T6511] __remove_middle 0 __remove_next 0 [ 47.599942][ T6511] vmg ffff80009c3f7a60 mm: [ 47.599960][ T6511] mm ffff0000c959e600 task_size 281474976710656 [ 47.599960][ T6511] mmap_base 281473604251648 mmap_legacy_base 0 [ 47.599960][ T6511] pgd ffff0000dd6ae000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 47.599960][ T6511] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 47.599960][ T6511] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 47.599960][ T6511] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 47.599960][ T6511] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 47.599960][ T6511] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 47.599960][ T6511] binfmt ffff80008f670700 flags 8000008d [ 47.599960][ T6511] ioctx_table 0000000000000000 [ 47.599960][ T6511] owner ffff0000cb5e3d00 exe_file ffff0000c7dbce00 [ 47.599960][ T6511] notifier_subscriptions 0000000000000000 [ 47.599960][ T6511] numa_next_scan 4294942111 numa_scan_offset 0 numa_scan_seq 0 [ 47.599960][ T6511] tlb_flush_pending 0 [ 47.599960][ T6511] def_flags: 0x0() [ 47.600038][ T6511] vmg ffff80009c3f7a60 prev: [ 47.600055][ T6511] vma ffff0000d685a500 start 0000000020000000 end 0000000020800000 mm ffff0000c959e600 [ 47.600055][ T6511] prot 20000000000fc3 anon_vma ffff0000c8f02cc0 vm_ops 0000000000000000 [ 47.600055][ T6511] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.600055][ T6511] refcnt 1 [ 47.600055][ T6511] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.600095][ T6511] vmg ffff80009c3f7a60 middle: [ 47.600112][ T6511] vma ffff0000d685a500 start 0000000020000000 end 0000000020800000 mm ffff0000c959e600 [ 47.600112][ T6511] prot 20000000000fc3 anon_vma ffff0000c8f02cc0 vm_ops 0000000000000000 [ 47.600112][ T6511] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.600112][ T6511] refcnt 1 [ 47.600112][ T6511] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.600150][ T6511] vmg ffff80009c3f7a60 next: (NULL) [ 47.600168][ T6511] vmg ffff80009c3f7a60 vmi: [ 47.600185][ T6511] MAS: tree=ffff0000c959e640 enode=ffff0000c9603a0c [ 47.600198][ T6511] (ma_active) [ 47.602986][ T6511] Store Type: [ 47.603006][ T6511] node_store [ 47.603028][ T6511] [2/10] index=20000000 last=207fffff [ 47.603048][ T6511] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 47.603071][ T6511] maple_tree(ffff0000c959e640) flags 30B, height 2 root ffff0000d85e801e [ 47.603093][ T6511] 0-ffffffffffffffff: node ffff0000d85e8000 depth 0 type 3 parent ffff0000c959e641 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c9603a0c FFFFAE30FFFF ffff0000d85e840c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 47.603344][ T6511] 0-ffffae30ffff: node ffff0000c9603a00 depth 1 type 1 parent ffff0000d85e8006 contents: 0000000000000000 1FFFEFFF ffff0000d685a3c0 1FFFFFFF ffff0000d685a500 207FFFFF ffff0000c8e92dc0 20FFFFFF ffff0000d685a640 21000FFF 0000000000000000 AAAACA222FFF ffff0000d685a780 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000d685a8c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000d685aa00 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 47.603572][ T6511] 0-1fffefff: 0000000000000000 [ 47.603600][ T6511] 1ffff000-1fffffff: ffff0000d685a3c0 [ 47.603629][ T6511] 20000000-207fffff: ffff0000d685a500 [ 47.603658][ T6511] 20800000-20ffffff: ffff0000c8e92dc0 [ 47.603686][ T6511] 21000000-21000fff: ffff0000d685a640 [ 47.603715][ T6511] 21001000-aaaaca222fff: 0000000000000000 [ 47.603743][ T6511] aaaaca223000-aaaaca244fff: ffff0000d685a780 [ 47.603772][ T6511] aaaaca245000-ffffae26ffff: 0000000000000000 [ 47.603801][ T6511] ffffae270000-ffffae2fbfff: ffff0000d685a8c0 [ 47.603830][ T6511] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 47.603862][ T6511] ffffae30c000-ffffae30ffff: ffff0000d685aa00 [ 47.603892][ T6511] ffffae310000-ffffffffffffffff: node ffff0000d85e8400 depth 1 type 1 parent ffff0000d85e800e contents: ffff0000d685ab40 FFFFAE312FFF ffff0000d685ac80 FFFFAE318FFF ffff0000d685adc0 FFFFAE31CFFF ffff0000d00ec000 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000d00ec140 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 47.604106][ T6511] ffffae310000-ffffae312fff: ffff0000d685ab40 [ 47.604135][ T6511] ffffae313000-ffffae318fff: ffff0000d685ac80 [ 47.604164][ T6511] ffffae319000-ffffae31cfff: ffff0000d685adc0 [ 47.604193][ T6511] ffffae31d000-ffffae31efff: ffff0000d00ec000 [ 47.604223][ T6511] ffffae31f000-fffff3038fff: 0000000000000000 [ 47.604251][ T6511] fffff3039000-fffff3059fff: ffff0000d00ec140 [ 47.604280][ T6511] fffff305a000-ffffffffffffffff: 0000000000000000 [ 47.604407][ T6511] ------------[ cut here ]------------ [ 47.604420][ T6511] WARNING: CPU: 1 PID: 6511 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 47.794041][ T6511] Modules linked in: [ 47.795130][ T6511] CPU: 1 UID: 0 PID: 6511 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47.798899][ T6511] Tainted: [W]=WARN [ 47.799960][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.802833][ T6511] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 47.805084][ T6511] pc : vma_merge_existing_range+0x14a8/0x1964 [ 47.806781][ T6511] lr : vma_merge_existing_range+0x14a8/0x1964 [ 47.808490][ T6511] sp : ffff80009c3f7910 [ 47.809675][ T6511] x29: ffff80009c3f7990 x28: dfff800000000000 x27: 0000000000000001 [ 47.811989][ T6511] x26: 0000000020000000 x25: ffff80009c3f7a80 x24: 0000000020000000 [ 47.814299][ T6511] x23: 1ffff0001387ef50 x22: ffff0000d685a500 x21: 0000000020800000 [ 47.816518][ T6511] x20: ffff0000d685a500 x19: ffff80009c3f7a60 x18: 0000000000000000 [ 47.818775][ T6511] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 47.821027][ T6511] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 47.823280][ T6511] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 47.825446][ T6511] x8 : ffff0000cb5e3d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.827604][ T6511] x5 : ffff80009c3f6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 47.829919][ T6511] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 47.832079][ T6511] Call trace: [ 47.833044][ T6511] vma_merge_existing_range+0x14a8/0x1964 (P) [ 47.834781][ T6511] vma_modify+0x7c/0x424 [ 47.835990][ T6511] vma_modify_flags+0x18c/0x1dc [ 47.837374][ T6511] mlock_fixup+0x18c/0x2c4 [ 47.838617][ T6511] apply_mlockall_flags+0x290/0x344 [ 47.840106][ T6511] __arm64_sys_munlockall+0x11c/0x238 [ 47.841640][ T6511] invoke_syscall+0x98/0x2b8 [ 47.843002][ T6511] el0_svc_common+0x130/0x23c [ 47.844362][ T6511] do_el0_svc+0x48/0x58 [ 47.845510][ T6511] el0_svc+0x58/0x17c [ 47.846649][ T6511] el0t_64_sync_handler+0x78/0x108 [ 47.848133][ T6511] el0t_64_sync+0x198/0x19c [ 47.849423][ T6511] irq event stamp: 14308 [ 47.850588][ T6511] hardirqs last enabled at (14307): [] __console_unlock+0x70/0xc4 [ 47.853214][ T6511] hardirqs last disabled at (14308): [] el1_dbg+0x24/0x80 [ 47.855634][ T6511] softirqs last enabled at (13624): [] handle_softirqs+0xaf8/0xc88 [ 47.858330][ T6511] softirqs last disabled at (13615): [] __do_softirq+0x14/0x20 [ 47.860875][ T6511] ---[ end trace 0000000000000000 ]--- executing program [ 47.931194][ T6512] FAULT_INJECTION: forcing a failure. [ 47.931194][ T6512] na ** replaying previous printk message ** [ 47.931194][ T6512] FAULT_INJECTION: forcing a failure. [ 47.931194][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 47.931266][ T6512] CPU: 1 UID: 0 PID: 6512 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 47.931284][ T6512] Tainted: [W]=WARN [ 47.931288][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.931295][ T6512] Call trace: [ 47.931299][ T6512] show_stack+0x2c/0x3c (C) [ 47.931316][ T6512] __dump_stack+0x30/0x40 [ 47.931327][ T6512] dump_stack_lvl+0xd8/0x12c [ 47.931337][ T6512] dump_stack+0x1c/0x28 [ 47.931347][ T6512] should_fail_ex+0x41c/0x594 [ 47.931359][ T6512] should_failslab+0xc0/0x128 [ 47.931373][ T6512] kmem_cache_alloc_noprof+0x80/0x3e8 [ 47.931387][ T6512] mas_alloc_nodes+0x268/0x788 [ 47.931400][ T6512] mas_preallocate+0x4b0/0x778 [ 47.931412][ T6512] commit_merge+0x1a4/0x5b0 [ 47.931425][ T6512] vma_merge_existing_range+0x1388/0x1964 [ 47.931439][ T6512] vma_modify+0x7c/0x424 [ 47.931451][ T6512] vma_modify_flags+0x18c/0x1dc [ 47.931464][ T6512] mlock_fixup+0x18c/0x2c4 [ 47.931476][ T6512] apply_mlockall_flags+0x290/0x344 [ 47.931487][ T6512] __arm64_sys_munlockall+0x11c/0x238 [ 47.931499][ T6512] invoke_syscall+0x98/0x2b8 [ 47.931510][ T6512] el0_svc_common+0x130/0x23c [ 47.931520][ T6512] do_el0_svc+0x48/0x58 [ 47.931530][ T6512] el0_svc+0x58/0x17c [ 47.931554][ T6512] el0t_64_sync_handler+0x78/0x108 [ 47.931568][ T6512] el0t_64_sync+0x198/0x19c [ 47.931763][ T6512] vmg ffff8000a3b67a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 47.931786][ T6512] vmg ffff8000a3b67a60 state: mm ffff0000c959ee80 pgoff 20000 [ 47.931786][ T6512] vmi ffff8000a3b67c40 [20000000,20800000) [ 47.931786][ T6512] prev ffff0000d00ec3c0 middle ffff0000d00ec3c0 next 0000000000000000 target 0000000000000000 [ 47.931786][ T6512] start 20000000 end 20800000 flags 100077 [ 47.931786][ T6512] file 0000000000000000 anon_vma ffff0000c8f02ee0 policy 0000000000000000 [ 47.931786][ T6512] uffd_ctx 0000000000000000 [ 47.931786][ T6512] anon_name 0000000000000000 [ 47.931786][ T6512] state 0 [ 47.931786][ T6512] just_expand 0 [ 47.931786][ T6512] __adjust_middle_start 0 __adjust_next_start 0 [ 47.931786][ T6512] __remove_middle 0 __remove_next 0 [ 47.931839][ T6512] vmg ffff8000a3b67a60 mm: [ 47.931864][ T6512] mm ffff0000c959ee80 task_size 281474976710656 [ 47.931864][ T6512] mmap_base 281473604251648 mmap_legacy_base 0 [ 47.931864][ T6512] pgd ffff0000d530f000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 47.931864][ T6512] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 47.931864][ T6512] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 47.931864][ T6512] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 47.931864][ T6512] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 47.931864][ T6512] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 47.931864][ T6512] binfmt ffff80008f670700 flags 8000008d [ 47.931864][ T6512] ioctx_table 0000000000000000 [ 47.931864][ T6512] owner ffff0000cb5e5b80 exe_file ffff0000c7dbce00 [ 47.931864][ T6512] notifier_subscriptions 0000000000000000 [ 47.931864][ T6512] numa_next_scan 4294942145 numa_scan_offset 0 numa_scan_seq 0 [ 47.931864][ T6512] tlb_flush_pending 0 [ 47.931864][ T6512] def_flags: 0x0() [ 47.931941][ T6512] vmg ffff8000a3b67a60 prev: [ 47.931959][ T6512] vma ffff0000d00ec3c0 start 0000000020000000 end 0000000020800000 mm ffff0000c959ee80 [ 47.931959][ T6512] prot 20000000000fc3 anon_vma ffff0000c8f02ee0 vm_ops 0000000000000000 [ 47.931959][ T6512] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.931959][ T6512] refcnt 1 [ 47.931959][ T6512] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.931999][ T6512] vmg ffff8000a3b67a60 middle: [ 47.932016][ T6512] vma ffff0000d00ec3c0 start 0000000020000000 end 0000000020800000 mm ffff0000c959ee80 [ 47.932016][ T6512] prot 20000000000fc3 anon_vma ffff0000c8f02ee0 vm_ops 0000000000000000 [ 47.932016][ T6512] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 47.932016][ T6512] refcnt 1 [ 47.932016][ T6512] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 47.932054][ T6512] vmg ffff8000a3b67a60 next: (NULL) [ 47.932072][ T6512] vmg ffff8000a3b67a60 vmi: [ 47.932089][ T6512] MAS: tree=ffff0000c959eec0 enode=ffff0000c77ff40c [ 47.932102][ T6512] (ma_active) [ 47.932117][ T6512] Store Type: [ 47.932133][ T6512] node_store [ 47.932155][ T6512] [2/10] index=20000000 last=207fffff [ 47.932175][ T6512] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 47.932197][ T6512] maple_tree(ffff0000c959eec0) flags 30B, height 2 root ffff0000d85e861e [ 47.932219][ T6512] 0-ffffffffffffffff: node ffff0000d85e8600 depth 0 type 3 parent ffff0000c959eec1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c77ff40c FFFFAE30FFFF ffff0000d85e8a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 47.932470][ T6512] 0-ffffae30ffff: node ffff0000c77ff400 depth 1 type 1 parent ffff0000d85e8606 contents: 0000000000000000 1FFFEFFF ffff0000d00ec280 1FFFFFFF ffff0000d00ec3c0 207FFFFF ffff0000cb506140 20FFFFFF ffff0000d00ec500 21000FFF 0000000000000000 AAAACA222FFF ffff0000d00ec640 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000d00ec780 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000d00ec8c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 47.932695][ T6512] 0-1fffefff: 0000000000000000 [ 47.932723][ T6512] 1ffff000-1fffffff: ffff0000d00ec280 [ 47.932753][ T6512] 20000000-207fffff: ffff0000d00ec3c0 [ 47.932781][ T6512] 20800000-20ffffff: ffff0000cb506140 [ 47.932810][ T6512] 21000000-21000fff: ffff0000d00ec500 [ 47.932838][ T6512] 21001000-aaaaca222fff: 0000000000000000 [ 47.932870][ T6512] aaaaca223000-aaaaca244fff: ffff0000d00ec640 [ 47.932900][ T6512] aaaaca245000-ffffae26ffff: 0000000000000000 [ 47.932929][ T6512] ffffae270000-ffffae2fbfff: ffff0000d00ec780 [ 47.932958][ T6512] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 47.932987][ T6512] ffffae30c000-ffffae30ffff: ffff0000d00ec8c0 [ 47.933016][ T6512] ffffae310000-ffffffffffffffff: node ffff0000d85e8a00 depth 1 type 1 parent ffff0000d85e860e contents: ffff0000d00eca00 FFFFAE312FFF ffff0000d00ecb40 FFFFAE318FFF ffff0000d00ecc80 FFFFAE31CFFF ffff0000d00ecdc0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000cfef2000 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 47.933232][ T6512] ffffae310000-ffffae312fff: ffff0000d00eca00 [ 47.933261][ T6512] ffffae313000-ffffae318fff: ffff0000d00ecb40 [ 47.933290][ T6512] ffffae319000-ffffae31cfff: ffff0000d00ecc80 [ 47.933319][ T6512] ffffae31d000-ffffae31efff: ffff0000d00ecdc0 [ 47.933349][ T6512] ffffae31f000-fffff3038fff: 0000000000000000 [ 47.933377][ T6512] fffff3039000-fffff3059fff: ffff0000cfef2000 [ 47.933406][ T6512] fffff305a000-ffffffffffffffff: 0000000000000000 [ 47.933533][ T6512] ------------[ cut here ]------------ [ 47.933552][ T6512] WARNING: CPU: 1 PID: 6512 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 48.130481][ T6512] Modules linked in: [ 48.131614][ T6512] CPU: 1 UID: 0 PID: 6512 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.135406][ T6512] Tainted: [W]=WARN [ 48.136586][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.139488][ T6512] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.141782][ T6512] pc : vma_merge_existing_range+0x14a8/0x1964 [ 48.143517][ T6512] lr : vma_merge_existing_range+0x14a8/0x1964 [ 48.145274][ T6512] sp : ffff8000a3b67910 [ 48.146452][ T6512] x29: ffff8000a3b67990 x28: dfff800000000000 x27: 0000000000000001 [ 48.148787][ T6512] x26: 0000000020000000 x25: ffff8000a3b67a80 x24: 0000000020000000 [ 48.151085][ T6512] x23: 1ffff0001476cf50 x22: ffff0000d00ec3c0 x21: 0000000020800000 [ 48.153451][ T6512] x20: ffff0000d00ec3c0 x19: ffff8000a3b67a60 x18: 0000000000000000 [ 48.155742][ T6512] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 48.158118][ T6512] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 48.160480][ T6512] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 48.162795][ T6512] x8 : ffff0000cb5e5b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 48.165162][ T6512] x5 : ffff8000a3b66ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 48.167455][ T6512] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 48.169749][ T6512] Call trace: [ 48.170667][ T6512] vma_merge_existing_range+0x14a8/0x1964 (P) [ 48.172464][ T6512] vma_modify+0x7c/0x424 [ 48.173693][ T6512] vma_modify_flags+0x18c/0x1dc [ 48.175083][ T6512] mlock_fixup+0x18c/0x2c4 [ 48.176393][ T6512] apply_mlockall_flags+0x290/0x344 [ 48.177944][ T6512] __arm64_sys_munlockall+0x11c/0x238 [ 48.179546][ T6512] invoke_syscall+0x98/0x2b8 [ 48.180878][ T6512] el0_svc_common+0x130/0x23c [ 48.182207][ T6512] do_el0_svc+0x48/0x58 [ 48.183422][ T6512] el0_svc+0x58/0x17c [ 48.184585][ T6512] el0t_64_sync_handler+0x78/0x108 [ 48.186079][ T6512] el0t_64_sync+0x198/0x19c [ 48.187404][ T6512] irq event stamp: 14446 [ 48.188656][ T6512] hardirqs last enabled at (14445): [] __console_unlock+0x70/0xc4 [ 48.191391][ T6512] hardirqs last disabled at (14446): [] el1_dbg+0x24/0x80 [ 48.193905][ T6512] softirqs last enabled at (13468): [] handle_softirqs+0xaf8/0xc88 [ 48.196727][ T6512] softirqs last disabled at (13329): [] __do_softirq+0x14/0x20 [ 48.199376][ T6512] ---[ end trace 0000000000000000 ]--- executing program [ 48.275442][ T6513] FAULT_INJECTION: forcing a failure. [ 48.275442][ T6513] name f ** replaying previous printk message ** [ 48.275442][ T6513] FAULT_INJECTION: forcing a failure. [ 48.275442][ T6513] name failslab, interval 1, probability 0, space 0, times 0 [ 48.275517][ T6513] CPU: 0 UID: 0 PID: 6513 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.275542][ T6513] Tainted: [W]=WARN [ 48.275548][ T6513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.275555][ T6513] Call trace: [ 48.275559][ T6513] show_stack+0x2c/0x3c (C) [ 48.275577][ T6513] __dump_stack+0x30/0x40 [ 48.275592][ T6513] dump_stack_lvl+0xd8/0x12c [ 48.275602][ T6513] dump_stack+0x1c/0x28 [ 48.275612][ T6513] should_fail_ex+0x41c/0x594 [ 48.275624][ T6513] should_failslab+0xc0/0x128 [ 48.275637][ T6513] kmem_cache_alloc_noprof+0x80/0x3e8 [ 48.275652][ T6513] mas_alloc_nodes+0x268/0x788 [ 48.275665][ T6513] mas_preallocate+0x4b0/0x778 [ 48.275677][ T6513] commit_merge+0x1a4/0x5b0 [ 48.275690][ T6513] vma_merge_existing_range+0x1388/0x1964 [ 48.275704][ T6513] vma_modify+0x7c/0x424 [ 48.275717][ T6513] vma_modify_flags+0x18c/0x1dc [ 48.275730][ T6513] mlock_fixup+0x18c/0x2c4 [ 48.275741][ T6513] apply_mlockall_flags+0x290/0x344 [ 48.275753][ T6513] __arm64_sys_munlockall+0x11c/0x238 [ 48.275764][ T6513] invoke_syscall+0x98/0x2b8 [ 48.275776][ T6513] el0_svc_common+0x130/0x23c [ 48.275791][ T6513] do_el0_svc+0x48/0x58 [ 48.275801][ T6513] el0_svc+0x58/0x17c [ 48.275814][ T6513] el0t_64_sync_handler+0x78/0x108 [ 48.275828][ T6513] el0t_64_sync+0x198/0x19c [ 48.276001][ T6513] vmg ffff8000a3b57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 48.276024][ T6513] vmg ffff8000a3b57a60 state: mm ffff0000c959f700 pgoff 20000 [ 48.276024][ T6513] vmi ffff8000a3b57c40 [20000000,20800000) [ 48.276024][ T6513] prev ffff0000cfef2280 middle ffff0000cfef2280 next 0000000000000000 target 0000000000000000 [ 48.276024][ T6513] start 20000000 end 20800000 flags 100077 [ 48.276024][ T6513] file 0000000000000000 anon_vma ffff0000cf0f6110 policy 0000000000000000 [ 48.276024][ T6513] uffd_ctx 0000000000000000 [ 48.276024][ T6513] anon_name 0000000000000000 [ 48.276024][ T6513] state 0 [ 48.276024][ T6513] just_expand 0 [ 48.276024][ T6513] __adjust_middle_start 0 __adjust_next_start 0 [ 48.276024][ T6513] __remove_middle 0 __remove_next 0 [ 48.276079][ T6513] vmg ffff8000a3b57a60 mm: [ 48.276097][ T6513] mm ffff0000c959f700 task_size 281474976710656 [ 48.276097][ T6513] mmap_base 281473604251648 mmap_legacy_base 0 [ 48.276097][ T6513] pgd ffff0000c9a91000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 48.276097][ T6513] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 48.276097][ T6513] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 48.276097][ T6513] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 48.276097][ T6513] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 48.276097][ T6513] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 48.276097][ T6513] binfmt ffff80008f670700 flags 8000008d [ 48.276097][ T6513] ioctx_table 0000000000000000 [ 48.276097][ T6513] owner ffff0000c7ec0000 exe_file ffff0000c7dbce00 [ 48.276097][ T6513] notifier_subscriptions 0000000000000000 [ 48.276097][ T6513] numa_next_scan 4294942179 numa_scan_offset 0 numa_scan_seq 0 [ 48.276097][ T6513] tlb_flush_pending 0 [ 48.276097][ T6513] def_flags: 0x0() [ 48.276178][ T6513] vmg ffff8000a3b57a60 prev: [ 48.276196][ T6513] vma ffff0000cfef2280 start 0000000020000000 end 0000000020800000 mm ffff0000c959f700 [ 48.276196][ T6513] prot 20000000000fc3 anon_vma ffff0000cf0f6110 vm_ops 0000000000000000 [ 48.276196][ T6513] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.276196][ T6513] refcnt 1 [ 48.276196][ T6513] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.276236][ T6513] vmg ffff8000a3b57a60 middle: [ 48.276254][ T6513] vma ffff0000cfef2280 start 0000000020000000 end 0000000020800000 mm ffff0000c959f700 [ 48.276254][ T6513] prot 20000000000fc3 anon_vma ffff0000cf0f6110 vm_ops 0000000000000000 [ 48.276254][ T6513] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.276254][ T6513] refcnt 1 [ 48.276254][ T6513] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.276292][ T6513] vmg ffff8000a3b57a60 next: (NULL) [ 48.276310][ T6513] vmg ffff8000a3b57a60 vmi: [ 48.276327][ T6513] MAS: tree=ffff0000c959f740 enode=ffff0000c77ffe0c [ 48.276340][ T6513] (ma_active) [ 48.276355][ T6513] Store Type: [ 48.276371][ T6513] node_store [ 48.276393][ T6513] [2/10] index=20000000 last=207fffff [ 48.276413][ T6513] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 48.276435][ T6513] maple_tree(ffff0000c959f740) flags 30B, height 2 root ffff0000d85e8c1e [ 48.276457][ T6513] 0-ffffffffffffffff: node ffff0000d85e8c00 depth 0 type 3 parent ffff0000c959f741 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c77ffe0c FFFFAE30FFFF ffff0000d85e900c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 48.276739][ T6513] 0-ffffae30ffff: node ffff0000c77ffe00 depth 1 type 1 parent ffff0000d85e8c06 contents: 0000000000000000 1FFFEFFF ffff0000cfef2140 1FFFFFFF ffff0000cfef2280 207FFFFF ffff0000cb5063c0 20FFFFFF ffff0000cfef23c0 21000FFF 0000000000000000 AAAACA222FFF ffff0000cfef2500 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000cfef2640 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000cfef2780 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 48.276963][ T6513] 0-1fffefff: 0000000000000000 [ 48.276992][ T6513] 1ffff000-1fffffff: ffff0000cfef2140 [ 48.277020][ T6513] 20000000-207fffff: ffff0000cfef2280 [ 48.277049][ T6513] 20800000-20ffffff: ffff0000cb5063c0 [ 48.277078][ T6513] 21000000-21000fff: ffff0000cfef23c0 [ 48.277112][ T6513] 21001000-aaaaca222fff: 0000000000000000 [ 48.277141][ T6513] aaaaca223000-aaaaca244fff: ffff0000cfef2500 [ 48.277170][ T6513] aaaaca245000-ffffae26ffff: 0000000000000000 [ 48.277199][ T6513] ffffae270000-ffffae2fbfff: ffff0000cfef2640 [ 48.277229][ T6513] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 48.277258][ T6513] ffffae30c000-ffffae30ffff: ffff0000cfef2780 [ 48.277287][ T6513] ffffae310000-ffffffffffffffff: node ffff0000d85e9000 depth 1 type 1 parent ffff0000d85e8c0e contents: ffff0000cfef28c0 FFFFAE312FFF ffff0000cfef2a00 FFFFAE318FFF ffff0000cfef2b40 FFFFAE31CFFF ffff0000cfef2c80 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000cfef2dc0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 48.277503][ T6513] ffffae310000-ffffae312fff: ffff0000cfef28c0 [ 48.277532][ T6513] ffffae313000-ffffae318fff: ffff0000cfef2a00 [ 48.277566][ T6513] ffffae319000-ffffae31cfff: ffff0000cfef2b40 [ 48.277596][ T6513] ffffae31d000-ffffae31efff: ffff0000cfef2c80 [ 48.277625][ T6513] ffffae31f000-fffff3038fff: 0000000000000000 [ 48.277654][ T6513] fffff3039000-fffff3059fff: ffff0000cfef2dc0 [ 48.277684][ T6513] fffff305a000-ffffffffffffffff: 0000000000000000 [ 48.277817][ T6513] ------------[ cut here ]------------ [ 48.277830][ T6513] WARNING: CPU: 0 PID: 6513 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 48.472081][ T6513] Modules linked in: [ 48.473132][ T6513] CPU: 0 UID: 0 PID: 6513 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.476624][ T6513] Tainted: [W]=WARN [ 48.477670][ T6513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.480403][ T6513] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.482587][ T6513] pc : vma_merge_existing_range+0x14a8/0x1964 [ 48.484255][ T6513] lr : vma_merge_existing_range+0x14a8/0x1964 [ 48.485902][ T6513] sp : ffff8000a3b57910 [ 48.487039][ T6513] x29: ffff8000a3b57990 x28: dfff800000000000 x27: 0000000000000001 [ 48.489221][ T6513] x26: 0000000020000000 x25: ffff8000a3b57a80 x24: 0000000020000000 [ 48.491418][ T6513] x23: 1ffff0001476af50 x22: ffff0000cfef2280 x21: 0000000020800000 [ 48.493615][ T6513] x20: ffff0000cfef2280 x19: ffff8000a3b57a60 x18: 0000000000000000 [ 48.495835][ T6513] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 48.498030][ T6513] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 48.500273][ T6513] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 48.502498][ T6513] x8 : ffff0000c7ec0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 48.504688][ T6513] x5 : ffff8000a3b56ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 48.506941][ T6513] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 48.509177][ T6513] Call trace: [ 48.510072][ T6513] vma_merge_existing_range+0x14a8/0x1964 (P) [ 48.511725][ T6513] vma_modify+0x7c/0x424 [ 48.512882][ T6513] vma_modify_flags+0x18c/0x1dc [ 48.514222][ T6513] mlock_fixup+0x18c/0x2c4 [ 48.515410][ T6513] apply_mlockall_flags+0x290/0x344 [ 48.516856][ T6513] __arm64_sys_munlockall+0x11c/0x238 [ 48.518314][ T6513] invoke_syscall+0x98/0x2b8 [ 48.519598][ T6513] el0_svc_common+0x130/0x23c [ 48.520871][ T6513] do_el0_svc+0x48/0x58 [ 48.522015][ T6513] el0_svc+0x58/0x17c [ 48.523098][ T6513] el0t_64_sync_handler+0x78/0x108 [ 48.524482][ T6513] el0t_64_sync+0x198/0x19c [ 48.525775][ T6513] irq event stamp: 13950 [ 48.526921][ T6513] hardirqs last enabled at (13949): [] __console_unlock+0x70/0xc4 [ 48.529494][ T6513] hardirqs last disabled at (13950): [] el1_dbg+0x24/0x80 [ 48.531861][ T6513] softirqs last enabled at (13096): [] local_bh_enable+0x10/0x34 [ 48.534433][ T6513] softirqs last disabled at (13094): [] local_bh_disable+0x10/0x34 [ 48.536995][ T6513] ---[ end trace 0000000000000000 ]--- executing program [ 48.611626][ T6515] FAULT_INJECTION: forcing a failure. [ 48.611626][ T6515] name fails ** replaying previous printk message ** [ 48.611626][ T6515] FAULT_INJECTION: forcing a failure. [ 48.611626][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 48.611698][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.611716][ T6515] Tainted: [W]=WARN [ 48.611721][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.611729][ T6515] Call trace: [ 48.611733][ T6515] show_stack+0x2c/0x3c (C) [ 48.611750][ T6515] __dump_stack+0x30/0x40 [ 48.611770][ T6515] dump_stack_lvl+0xd8/0x12c [ 48.611780][ T6515] dump_stack+0x1c/0x28 [ 48.611790][ T6515] should_fail_ex+0x41c/0x594 [ 48.611802][ T6515] should_failslab+0xc0/0x128 [ 48.611816][ T6515] kmem_cache_alloc_noprof+0x80/0x3e8 [ 48.611831][ T6515] mas_alloc_nodes+0x268/0x788 [ 48.611844][ T6515] mas_preallocate+0x4b0/0x778 [ 48.611856][ T6515] commit_merge+0x1a4/0x5b0 [ 48.611869][ T6515] vma_merge_existing_range+0x1388/0x1964 [ 48.611883][ T6515] vma_modify+0x7c/0x424 [ 48.611895][ T6515] vma_modify_flags+0x18c/0x1dc [ 48.611908][ T6515] mlock_fixup+0x18c/0x2c4 [ 48.611920][ T6515] apply_mlockall_flags+0x290/0x344 [ 48.611932][ T6515] __arm64_sys_munlockall+0x11c/0x238 [ 48.611943][ T6515] invoke_syscall+0x98/0x2b8 [ 48.611954][ T6515] el0_svc_common+0x130/0x23c [ 48.611964][ T6515] do_el0_svc+0x48/0x58 [ 48.611974][ T6515] el0_svc+0x58/0x17c [ 48.611987][ T6515] el0t_64_sync_handler+0x78/0x108 [ 48.612000][ T6515] el0t_64_sync+0x198/0x19c [ 48.612169][ T6515] vmg ffff8000a4537a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 48.612192][ T6515] vmg ffff8000a4537a60 state: mm ffff0000c98bb300 pgoff 20000 [ 48.612192][ T6515] vmi ffff8000a4537c40 [20000000,20800000) [ 48.612192][ T6515] prev ffff0000cb506640 middle ffff0000cb506640 next 0000000000000000 target 0000000000000000 [ 48.612192][ T6515] start 20000000 end 20800000 flags 100077 [ 48.612192][ T6515] file 0000000000000000 anon_vma ffff0000c64db220 policy 0000000000000000 [ 48.612192][ T6515] uffd_ctx 0000000000000000 [ 48.612192][ T6515] anon_name 0000000000000000 [ 48.612192][ T6515] state 0 [ 48.612192][ T6515] just_expand 0 [ 48.612192][ T6515] __adjust_middle_start 0 __adjust_next_start 0 [ 48.612192][ T6515] __remove_middle 0 __remove_next 0 [ 48.612247][ T6515] vmg ffff8000a4537a60 mm: [ 48.612265][ T6515] mm ffff0000c98bb300 task_size 281474976710656 [ 48.612265][ T6515] mmap_base 281473604251648 mmap_legacy_base 0 [ 48.612265][ T6515] pgd ffff0000c5e48000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 48.612265][ T6515] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 48.612265][ T6515] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 48.612265][ T6515] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 48.612265][ T6515] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 48.612265][ T6515] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 48.612265][ T6515] binfmt ffff80008f670700 flags 8000008d [ 48.612265][ T6515] ioctx_table 0000000000000000 [ 48.612265][ T6515] owner ffff0000c7210000 exe_file ffff0000c7dbce00 [ 48.612265][ T6515] notifier_subscriptions 0000000000000000 [ 48.612265][ T6515] numa_next_scan 4294942213 numa_scan_offset 0 numa_scan_seq 0 [ 48.612265][ T6515] tlb_flush_pending 0 [ 48.612265][ T6515] def_flags: 0x0() [ 48.612345][ T6515] vmg ffff8000a4537a60 prev: [ 48.612363][ T6515] vma ffff0000cb506640 start 0000000020000000 end 0000000020800000 mm ffff0000c98bb300 [ 48.612363][ T6515] prot 20000000000fc3 anon_vma ffff0000c64db220 vm_ops 0000000000000000 [ 48.612363][ T6515] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.612363][ T6515] refcnt 1 [ 48.612363][ T6515] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.612403][ T6515] vmg ffff8000a4537a60 middle: [ 48.612420][ T6515] vma ffff0000cb506640 start 0000000020000000 end 0000000020800000 mm ffff0000c98bb300 [ 48.612420][ T6515] prot 20000000000fc3 anon_vma ffff0000c64db220 vm_ops 0000000000000000 [ 48.612420][ T6515] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.612420][ T6515] refcnt 1 [ 48.612420][ T6515] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.612459][ T6515] vmg ffff8000a4537a60 next: (NULL) [ 48.612477][ T6515] vmg ffff8000a4537a60 vmi: [ 48.612494][ T6515] MAS: tree=ffff0000c98bb340 enode=ffff0000d5ea800c [ 48.612507][ T6515] (ma_active) [ 48.612523][ T6515] Store Type: [ 48.612546][ T6515] node_store [ 48.612569][ T6515] [2/10] index=20000000 last=207fffff [ 48.612589][ T6515] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 48.612611][ T6515] maple_tree(ffff0000c98bb340) flags 30B, height 2 root ffff0000c7b58a1e [ 48.612633][ T6515] 0-ffffffffffffffff: node ffff0000c7b58a00 depth 0 type 3 parent ffff0000c98bb341 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5ea800c FFFFAE30FFFF ffff0000c7b58e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 48.612888][ T6515] 0-ffffae30ffff: node ffff0000d5ea8000 depth 1 type 1 parent ffff0000c7b58a06 contents: 0000000000000000 1FFFEFFF ffff0000cb506500 1FFFFFFF ffff0000cb506640 207FFFFF ffff0000c5f868c0 20FFFFFF ffff0000cb506780 21000FFF 0000000000000000 AAAACA222FFF ffff0000cb5068c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000cb506a00 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000cb506b40 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 48.613107][ T6515] 0-1fffefff: 0000000000000000 [ 48.613135][ T6515] 1ffff000-1fffffff: ffff0000cb506500 [ 48.613164][ T6515] 20000000-207fffff: ffff0000cb506640 [ 48.613193][ T6515] 20800000-20ffffff: ffff0000c5f868c0 [ 48.613221][ T6515] 21000000-21000fff: ffff0000cb506780 [ 48.613250][ T6515] 21001000-aaaaca222fff: 0000000000000000 [ 48.613279][ T6515] aaaaca223000-aaaaca244fff: ffff0000cb5068c0 [ 48.613308][ T6515] aaaaca245000-ffffae26ffff: 0000000000000000 [ 48.613337][ T6515] ffffae270000-ffffae2fbfff: ffff0000cb506a00 [ 48.613366][ T6515] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 48.613395][ T6515] ffffae30c000-ffffae30ffff: ffff0000cb506b40 [ 48.613425][ T6515] ffffae310000-ffffffffffffffff: node ffff0000c7b58e00 depth 1 type 1 parent ffff0000c7b58a0e contents: ffff0000cb506c80 FFFFAE312FFF ffff0000cb506dc0 FFFFAE318FFF ffff0000c7fac000 FFFFAE31CFFF ffff0000c7fac140 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c7fac280 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 48.613645][ T6515] ffffae310000-ffffae312fff: ffff0000cb506c80 [ 48.613675][ T6515] ffffae313000-ffffae318fff: ffff0000cb506dc0 [ 48.613704][ T6515] ffffae319000-ffffae31cfff: ffff0000c7fac000 [ 48.613733][ T6515] ffffae31d000-ffffae31efff: ffff0000c7fac140 [ 48.613765][ T6515] ffffae31f000-fffff3038fff: 0000000000000000 [ 48.613794][ T6515] fffff3039000-fffff3059fff: ffff0000c7fac280 [ 48.613823][ T6515] fffff305a000-ffffffffffffffff: 0000000000000000 [ 48.613950][ T6515] ------------[ cut here ]------------ [ 48.613962][ T6515] WARNING: CPU: 0 PID: 6515 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 48.809523][ T6515] Modules linked in: [ 48.810639][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.814189][ T6515] Tainted: [W]=WARN [ 48.815203][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.818030][ T6515] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.820194][ T6515] pc : vma_merge_existing_range+0x14a8/0x1964 [ 48.821870][ T6515] lr : vma_merge_existing_range+0x14a8/0x1964 [ 48.823582][ T6515] sp : ffff8000a4537910 [ 48.824718][ T6515] x29: ffff8000a4537990 x28: dfff800000000000 x27: 0000000000000001 [ 48.826920][ T6515] x26: 0000000020000000 x25: ffff8000a4537a80 x24: 0000000020000000 [ 48.829120][ T6515] x23: 1ffff000148a6f50 x22: ffff0000cb506640 x21: 0000000020800000 [ 48.831339][ T6515] x20: ffff0000cb506640 x19: ffff8000a4537a60 x18: 0000000000000000 [ 48.833554][ T6515] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 48.835775][ T6515] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 48.838051][ T6515] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 48.840267][ T6515] x8 : ffff0000c7210000 x7 : 0000000000000001 x6 : 0000000000000001 [ 48.842466][ T6515] x5 : ffff8000a4536ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 48.844725][ T6515] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 48.846970][ T6515] Call trace: [ 48.847848][ T6515] vma_merge_existing_range+0x14a8/0x1964 (P) [ 48.849544][ T6515] vma_modify+0x7c/0x424 [ 48.850695][ T6515] vma_modify_flags+0x18c/0x1dc [ 48.851992][ T6515] mlock_fixup+0x18c/0x2c4 [ 48.853242][ T6515] apply_mlockall_flags+0x290/0x344 [ 48.854791][ T6515] __arm64_sys_munlockall+0x11c/0x238 [ 48.856445][ T6515] invoke_syscall+0x98/0x2b8 [ 48.857674][ T6515] el0_svc_common+0x130/0x23c [ 48.858956][ T6515] do_el0_svc+0x48/0x58 [ 48.860151][ T6515] el0_svc+0x58/0x17c [ 48.861271][ T6515] el0t_64_sync_handler+0x78/0x108 [ 48.862707][ T6515] el0t_64_sync+0x198/0x19c [ 48.863945][ T6515] irq event stamp: 14416 [ 48.865100][ T6515] hardirqs last enabled at (14415): [] __console_unlock+0x70/0xc4 [ 48.867847][ T6515] hardirqs last disabled at (14416): [] el1_dbg+0x24/0x80 [ 48.870294][ T6515] softirqs last enabled at (10546): [] handle_softirqs+0xaf8/0xc88 [ 48.872945][ T6515] softirqs last disabled at (10079): [] __do_softirq+0x14/0x20 [ 48.875463][ T6515] ---[ end trace 0000000000000000 ]--- executing program [ 48.944082][ T6516] FAULT_INJECTION: forcing a failure. [ 48.944082][ T6516] name fai ** replaying previous printk message ** [ 48.944082][ T6516] FAULT_INJECTION: forcing a failure. [ 48.944082][ T6516] name failslab, interval 1, probability 0, space 0, times 0 [ 48.944152][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 48.944171][ T6516] Tainted: [W]=WARN [ 48.944175][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.944183][ T6516] Call trace: [ 48.944188][ T6516] show_stack+0x2c/0x3c (C) [ 48.944205][ T6516] __dump_stack+0x30/0x40 [ 48.944217][ T6516] dump_stack_lvl+0xd8/0x12c [ 48.944227][ T6516] dump_stack+0x1c/0x28 [ 48.944237][ T6516] should_fail_ex+0x41c/0x594 [ 48.944250][ T6516] should_failslab+0xc0/0x128 [ 48.944263][ T6516] kmem_cache_alloc_noprof+0x80/0x3e8 [ 48.944278][ T6516] mas_alloc_nodes+0x268/0x788 [ 48.944291][ T6516] mas_preallocate+0x4b0/0x778 [ 48.944304][ T6516] commit_merge+0x1a4/0x5b0 [ 48.944317][ T6516] vma_merge_existing_range+0x1388/0x1964 [ 48.944331][ T6516] vma_modify+0x7c/0x424 [ 48.944343][ T6516] vma_modify_flags+0x18c/0x1dc [ 48.944356][ T6516] mlock_fixup+0x18c/0x2c4 [ 48.944368][ T6516] apply_mlockall_flags+0x290/0x344 [ 48.944380][ T6516] __arm64_sys_munlockall+0x11c/0x238 [ 48.944392][ T6516] invoke_syscall+0x98/0x2b8 [ 48.944403][ T6516] el0_svc_common+0x130/0x23c [ 48.944413][ T6516] do_el0_svc+0x48/0x58 [ 48.944423][ T6516] el0_svc+0x58/0x17c [ 48.944436][ T6516] el0t_64_sync_handler+0x78/0x108 [ 48.944450][ T6516] el0t_64_sync+0x198/0x19c [ 48.944633][ T6516] vmg ffff8000a3b47a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 48.944656][ T6516] vmg ffff8000a3b47a60 state: mm ffff0000c98bbb80 pgoff 20000 [ 48.944656][ T6516] vmi ffff8000a3b47c40 [20000000,20800000) [ 48.944656][ T6516] prev ffff0000c7fac500 middle ffff0000c7fac500 next 0000000000000000 target 0000000000000000 [ 48.944656][ T6516] start 20000000 end 20800000 flags 100077 [ 48.944656][ T6516] file 0000000000000000 anon_vma ffff0000c64db440 policy 0000000000000000 [ 48.944656][ T6516] uffd_ctx 0000000000000000 [ 48.944656][ T6516] anon_name 0000000000000000 [ 48.944656][ T6516] state 0 [ 48.944656][ T6516] just_expand 0 [ 48.944656][ T6516] __adjust_middle_start 0 __adjust_next_start 0 [ 48.944656][ T6516] __remove_middle 0 __remove_next 0 [ 48.944711][ T6516] vmg ffff8000a3b47a60 mm: [ 48.944729][ T6516] mm ffff0000c98bbb80 task_size 281474976710656 [ 48.944729][ T6516] mmap_base 281473604251648 mmap_legacy_base 0 [ 48.944729][ T6516] pgd ffff0000c86b7000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 48.944729][ T6516] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 48.944729][ T6516] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 48.944729][ T6516] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 48.944729][ T6516] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 48.944729][ T6516] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 48.944729][ T6516] binfmt ffff80008f670700 flags 8000008d [ 48.944729][ T6516] ioctx_table 0000000000000000 [ 48.944729][ T6516] owner ffff0000c7211e80 exe_file ffff0000c7dbce00 [ 48.944729][ T6516] notifier_subscriptions 0000000000000000 [ 48.944729][ T6516] numa_next_scan 4294942246 numa_scan_offset 0 numa_scan_seq 0 [ 48.944729][ T6516] tlb_flush_pending 0 [ 48.944729][ T6516] def_flags: 0x0() [ 48.944809][ T6516] vmg ffff8000a3b47a60 prev: [ 48.944827][ T6516] vma ffff0000c7fac500 start 0000000020000000 end 0000000020800000 mm ffff0000c98bbb80 [ 48.944827][ T6516] prot 20000000000fc3 anon_vma ffff0000c64db440 vm_ops 0000000000000000 [ 48.944827][ T6516] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.944827][ T6516] refcnt 1 [ 48.944827][ T6516] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.944867][ T6516] vmg ffff8000a3b47a60 middle: [ 48.944885][ T6516] vma ffff0000c7fac500 start 0000000020000000 end 0000000020800000 mm ffff0000c98bbb80 [ 48.944885][ T6516] prot 20000000000fc3 anon_vma ffff0000c64db440 vm_ops 0000000000000000 [ 48.944885][ T6516] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 48.944885][ T6516] refcnt 1 [ 48.944885][ T6516] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 48.944923][ T6516] vmg ffff8000a3b47a60 next: (NULL) [ 48.944941][ T6516] vmg ffff8000a3b47a60 vmi: [ 48.944958][ T6516] MAS: tree=ffff0000c98bbbc0 enode=ffff0000d5ea860c [ 48.944971][ T6516] (ma_active) [ 48.944986][ T6516] Store Type: [ 48.945002][ T6516] node_store [ 48.945024][ T6516] [2/10] index=20000000 last=207fffff [ 48.945043][ T6516] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 48.945065][ T6516] maple_tree(ffff0000c98bbbc0) flags 30B, height 2 root ffff0000c7b5901e [ 48.945087][ T6516] 0-ffffffffffffffff: node ffff0000c7b59000 depth 0 type 3 parent ffff0000c98bbbc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5ea860c FFFFAE30FFFF ffff0000c7b5940c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 48.945343][ T6516] 0-ffffae30ffff: node ffff0000d5ea8600 depth 1 type 1 parent ffff0000c7b59006 contents: 0000000000000000 1FFFEFFF ffff0000c7fac3c0 1FFFFFFF ffff0000c7fac500 207FFFFF ffff0000c5f86b40 20FFFFFF ffff0000c7fac640 21000FFF 0000000000000000 AAAACA222FFF ffff0000c7fac780 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c7fac8c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c7faca00 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 48.945568][ T6516] 0-1fffefff: 0000000000000000 [ 48.945601][ T6516] 1ffff000-1fffffff: ffff0000c7fac3c0 [ 48.945630][ T6516] 20000000-207fffff: ffff0000c7fac500 [ 48.945659][ T6516] 20800000-20ffffff: ffff0000c5f86b40 [ 48.945687][ T6516] 21000000-21000fff: ffff0000c7fac640 [ 48.945716][ T6516] 21001000-aaaaca222fff: 0000000000000000 [ 48.945744][ T6516] aaaaca223000-aaaaca244fff: ffff0000c7fac780 [ 48.945774][ T6516] aaaaca245000-ffffae26ffff: 0000000000000000 [ 48.945802][ T6516] ffffae270000-ffffae2fbfff: ffff0000c7fac8c0 [ 48.945831][ T6516] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 48.945860][ T6516] ffffae30c000-ffffae30ffff: ffff0000c7faca00 [ 48.945889][ T6516] ffffae310000-ffffffffffffffff: node ffff0000c7b59400 depth 1 type 1 parent ffff0000c7b5900e contents: ffff0000c7facb40 FFFFAE312FFF ffff0000c7facc80 FFFFAE318FFF ffff0000c7facdc0 FFFFAE31CFFF ffff0000ca14b000 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000ca14b140 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 48.946104][ T6516] ffffae310000-ffffae312fff: ffff0000c7facb40 [ 48.946133][ T6516] ffffae313000-ffffae318fff: ffff0000c7facc80 [ 48.946162][ T6516] ffffae319000-ffffae31cfff: ffff0000c7facdc0 [ 48.946192][ T6516] ffffae31d000-ffffae31efff: ffff0000ca14b000 [ 48.946221][ T6516] ffffae31f000-fffff3038fff: 0000000000000000 [ 48.946250][ T6516] fffff3039000-fffff3059fff: ffff0000ca14b140 [ 48.946279][ T6516] fffff305a000-ffffffffffffffff: 0000000000000000 [ 48.946405][ T6516] ------------[ cut here ]------------ [ 48.946418][ T6516] WARNING: CPU: 0 PID: 6516 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 49.139086][ T6516] Modules linked in: [ 49.140131][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.143725][ T6516] Tainted: [W]=WARN [ 49.144775][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.147532][ T6516] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 49.149751][ T6516] pc : vma_merge_existing_range+0x14a8/0x1964 [ 49.151427][ T6516] lr : vma_merge_existing_range+0x14a8/0x1964 [ 49.153129][ T6516] sp : ffff8000a3b47910 [ 49.154264][ T6516] x29: ffff8000a3b47990 x28: dfff800000000000 x27: 0000000000000001 [ 49.156467][ T6516] x26: 0000000020000000 x25: ffff8000a3b47a80 x24: 0000000020000000 [ 49.158769][ T6516] x23: 1ffff00014768f50 x22: ffff0000c7fac500 x21: 0000000020800000 [ 49.161004][ T6516] x20: ffff0000c7fac500 x19: ffff8000a3b47a60 x18: 0000000000000000 [ 49.163206][ T6516] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 49.165454][ T6516] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 49.167721][ T6516] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 49.169983][ T6516] x8 : ffff0000c7211e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 49.172320][ T6516] x5 : ffff8000a3b46ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 49.174512][ T6516] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 49.176910][ T6516] Call trace: [ 49.177850][ T6516] vma_merge_existing_range+0x14a8/0x1964 (P) [ 49.179531][ T6516] vma_modify+0x7c/0x424 [ 49.180765][ T6516] vma_modify_flags+0x18c/0x1dc [ 49.182095][ T6516] mlock_fixup+0x18c/0x2c4 [ 49.183317][ T6516] apply_mlockall_flags+0x290/0x344 [ 49.184827][ T6516] __arm64_sys_munlockall+0x11c/0x238 [ 49.186348][ T6516] invoke_syscall+0x98/0x2b8 [ 49.187628][ T6516] el0_svc_common+0x130/0x23c [ 49.188975][ T6516] do_el0_svc+0x48/0x58 [ 49.190069][ T6516] el0_svc+0x58/0x17c [ 49.191133][ T6516] el0t_64_sync_handler+0x78/0x108 [ 49.192541][ T6516] el0t_64_sync+0x198/0x19c [ 49.193868][ T6516] irq event stamp: 13992 [ 49.195058][ T6516] hardirqs last enabled at (13991): [] __console_unlock+0x70/0xc4 [ 49.197830][ T6516] hardirqs last disabled at (13992): [] el1_dbg+0x24/0x80 [ 49.200263][ T6516] softirqs last enabled at (12140): [] handle_softirqs+0xaf8/0xc88 [ 49.202781][ T6516] softirqs last disabled at (12129): [] __do_softirq+0x14/0x20 [ 49.205323][ T6516] ---[ end trace 0000000000000000 ]--- executing program [ 49.278244][ T6517] FAULT_INJECTION: forcing a failure. [ 49.278244][ T6517] name failslab ** replaying previous printk message ** [ 49.278244][ T6517] FAULT_INJECTION: forcing a failure. [ 49.278244][ T6517] name failslab, interval 1, probability 0, space 0, times 0 [ 49.278316][ T6517] CPU: 0 UID: 0 PID: 6517 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.278335][ T6517] Tainted: [W]=WARN [ 49.278339][ T6517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.278347][ T6517] Call trace: [ 49.278351][ T6517] show_stack+0x2c/0x3c (C) [ 49.278368][ T6517] __dump_stack+0x30/0x40 [ 49.278380][ T6517] dump_stack_lvl+0xd8/0x12c [ 49.278390][ T6517] dump_stack+0x1c/0x28 [ 49.278399][ T6517] should_fail_ex+0x41c/0x594 [ 49.278412][ T6517] should_failslab+0xc0/0x128 [ 49.278426][ T6517] kmem_cache_alloc_noprof+0x80/0x3e8 [ 49.278441][ T6517] mas_alloc_nodes+0x268/0x788 [ 49.278454][ T6517] mas_preallocate+0x4b0/0x778 [ 49.278466][ T6517] commit_merge+0x1a4/0x5b0 [ 49.278479][ T6517] vma_merge_existing_range+0x1388/0x1964 [ 49.278493][ T6517] vma_modify+0x7c/0x424 [ 49.278506][ T6517] vma_modify_flags+0x18c/0x1dc [ 49.278518][ T6517] mlock_fixup+0x18c/0x2c4 [ 49.278530][ T6517] apply_mlockall_flags+0x290/0x344 [ 49.278549][ T6517] __arm64_sys_munlockall+0x11c/0x238 [ 49.278561][ T6517] invoke_syscall+0x98/0x2b8 [ 49.278572][ T6517] el0_svc_common+0x130/0x23c [ 49.278583][ T6517] do_el0_svc+0x48/0x58 [ 49.278592][ T6517] el0_svc+0x58/0x17c [ 49.278606][ T6517] el0t_64_sync_handler+0x78/0x108 [ 49.278619][ T6517] el0t_64_sync+0x198/0x19c [ 49.278792][ T6517] vmg ffff8000a4547a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 49.278815][ T6517] vmg ffff8000a4547a60 state: mm ffff0000c98bc400 pgoff 20000 [ 49.278815][ T6517] vmi ffff8000a4547c40 [20000000,20800000) [ 49.278815][ T6517] prev ffff0000ca14b3c0 middle ffff0000ca14b3c0 next 0000000000000000 target 0000000000000000 [ 49.278815][ T6517] start 20000000 end 20800000 flags 100077 [ 49.278815][ T6517] file 0000000000000000 anon_vma ffff0000c64db660 policy 0000000000000000 [ 49.278815][ T6517] uffd_ctx 0000000000000000 [ 49.278815][ T6517] anon_name 0000000000000000 [ 49.278815][ T6517] state 0 [ 49.278815][ T6517] just_expand 0 [ 49.278815][ T6517] __adjust_middle_start 0 __adjust_next_start 0 [ 49.278815][ T6517] __remove_middle 0 __remove_next 0 [ 49.278870][ T6517] vmg ffff8000a4547a60 mm: [ 49.278888][ T6517] mm ffff0000c98bc400 task_size 281474976710656 [ 49.278888][ T6517] mmap_base 281473604251648 mmap_legacy_base 0 [ 49.278888][ T6517] pgd ffff0000c927f000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 49.278888][ T6517] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 49.278888][ T6517] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 49.278888][ T6517] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 49.278888][ T6517] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 49.278888][ T6517] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 49.278888][ T6517] binfmt ffff80008f670700 flags 8000008d [ 49.278888][ T6517] ioctx_table 0000000000000000 [ 49.278888][ T6517] owner ffff0000c7213d00 exe_file ffff0000c7dbce00 [ 49.278888][ T6517] notifier_subscriptions 0000000000000000 [ 49.278888][ T6517] numa_next_scan 4294942280 numa_scan_offset 0 numa_scan_seq 0 [ 49.278888][ T6517] tlb_flush_pending 0 [ 49.278888][ T6517] def_flags: 0x0() [ 49.278968][ T6517] vmg ffff8000a4547a60 prev: [ 49.278986][ T6517] vma ffff0000ca14b3c0 start 0000000020000000 end 0000000020800000 mm ffff0000c98bc400 [ 49.278986][ T6517] prot 20000000000fc3 anon_vma ffff0000c64db660 vm_ops 0000000000000000 [ 49.278986][ T6517] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.278986][ T6517] refcnt 1 [ 49.278986][ T6517] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.279035][ T6517] vmg ffff8000a4547a60 middle: [ 49.279053][ T6517] vma ffff0000ca14b3c0 start 0000000020000000 end 0000000020800000 mm ffff0000c98bc400 [ 49.279053][ T6517] prot 20000000000fc3 anon_vma ffff0000c64db660 vm_ops 0000000000000000 [ 49.279053][ T6517] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.279053][ T6517] refcnt 1 [ 49.279053][ T6517] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.279092][ T6517] vmg ffff8000a4547a60 next: (NULL) [ 49.279109][ T6517] vmg ffff8000a4547a60 vmi: [ 49.279126][ T6517] MAS: tree=ffff0000c98bc440 enode=ffff0000d5ea8e0c [ 49.279139][ T6517] (ma_active) [ 49.279155][ T6517] Store Type: [ 49.279170][ T6517] node_store [ 49.279192][ T6517] [2/10] index=20000000 last=207fffff [ 49.279212][ T6517] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 49.279234][ T6517] maple_tree(ffff0000c98bc440) flags 30B, height 2 root ffff0000c7b5961e [ 49.279256][ T6517] 0-ffffffffffffffff: node ffff0000c7b59600 depth 0 type 3 parent ffff0000c98bc441 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5ea8e0c FFFFAE30FFFF ffff0000c7b59a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 49.279507][ T6517] 0-ffffae30ffff: node ffff0000d5ea8e00 depth 1 type 1 parent ffff0000c7b59606 contents: 0000000000000000 1FFFEFFF ffff0000ca14b280 1FFFFFFF ffff0000ca14b3c0 207FFFFF ffff0000c5f86dc0 20FFFFFF ffff0000ca14b500 21000FFF 0000000000000000 AAAACA222FFF ffff0000ca14b640 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000ca14b780 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000ca14b8c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 49.279736][ T6517] 0-1fffefff: 0000000000000000 [ 49.279764][ T6517] 1ffff000-1fffffff: ffff0000ca14b280 [ 49.279793][ T6517] 20000000-207fffff: ffff0000ca14b3c0 [ 49.279822][ T6517] 20800000-20ffffff: ffff0000c5f86dc0 [ 49.279851][ T6517] 21000000-21000fff: ffff0000ca14b500 [ 49.279879][ T6517] 21001000-aaaaca222fff: 0000000000000000 [ 49.279908][ T6517] aaaaca223000-aaaaca244fff: ffff0000ca14b640 [ 49.279937][ T6517] aaaaca245000-ffffae26ffff: 0000000000000000 [ 49.279966][ T6517] ffffae270000-ffffae2fbfff: ffff0000ca14b780 [ 49.279995][ T6517] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 49.280024][ T6517] ffffae30c000-ffffae30ffff: ffff0000ca14b8c0 [ 49.280053][ T6517] ffffae310000-ffffffffffffffff: node ffff0000c7b59a00 depth 1 type 1 parent ffff0000c7b5960e contents: ffff0000ca14ba00 FFFFAE312FFF ffff0000ca14bb40 FFFFAE318FFF ffff0000ca14bc80 FFFFAE31CFFF ffff0000ca14bdc0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8cdf000 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 49.280414][ T6517] ffffae310000-ffffae312fff: ffff0000ca14ba00 [ 49.280444][ T6517] ffffae313000-ffffae318fff: ffff0000ca14bb40 [ 49.280473][ T6517] ffffae319000-ffffae31cfff: ffff0000ca14bc80 [ 49.280502][ T6517] ffffae31d000-ffffae31efff: ffff0000ca14bdc0 [ 49.280531][ T6517] ffffae31f000-fffff3038fff: 0000000000000000 [ 49.280568][ T6517] fffff3039000-fffff3059fff: ffff0000c8cdf000 [ 49.280598][ T6517] fffff305a000-ffffffffffffffff: 0000000000000000 [ 49.280729][ T6517] ------------[ cut here ]------------ [ 49.280743][ T6517] WARNING: CPU: 0 PID: 6517 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 49.475465][ T6517] Modules linked in: [ 49.476557][ T6517] CPU: 0 UID: 0 PID: 6517 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.480073][ T6517] Tainted: [W]=WARN [ 49.481122][ T6517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.483855][ T6517] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 49.485978][ T6517] pc : vma_merge_existing_range+0x14a8/0x1964 [ 49.487712][ T6517] lr : vma_merge_existing_range+0x14a8/0x1964 [ 49.489400][ T6517] sp : ffff8000a4547910 [ 49.490582][ T6517] x29: ffff8000a4547990 x28: dfff800000000000 x27: 0000000000000001 [ 49.492726][ T6517] x26: 0000000020000000 x25: ffff8000a4547a80 x24: 0000000020000000 [ 49.494914][ T6517] x23: 1ffff000148a8f50 x22: ffff0000ca14b3c0 x21: 0000000020800000 [ 49.497129][ T6517] x20: ffff0000ca14b3c0 x19: ffff8000a4547a60 x18: 0000000000000000 [ 49.499338][ T6517] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 49.501515][ T6517] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 49.503717][ T6517] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 49.505960][ T6517] x8 : ffff0000c7213d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 49.508259][ T6517] x5 : ffff8000a4546ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 49.510456][ T6517] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 49.512731][ T6517] Call trace: [ 49.513634][ T6517] vma_merge_existing_range+0x14a8/0x1964 (P) [ 49.515290][ T6517] vma_modify+0x7c/0x424 [ 49.516518][ T6517] vma_modify_flags+0x18c/0x1dc [ 49.517895][ T6517] mlock_fixup+0x18c/0x2c4 [ 49.519075][ T6517] apply_mlockall_flags+0x290/0x344 [ 49.520549][ T6517] __arm64_sys_munlockall+0x11c/0x238 [ 49.522025][ T6517] invoke_syscall+0x98/0x2b8 [ 49.523288][ T6517] el0_svc_common+0x130/0x23c [ 49.524586][ T6517] do_el0_svc+0x48/0x58 [ 49.525721][ T6517] el0_svc+0x58/0x17c [ 49.526895][ T6517] el0t_64_sync_handler+0x78/0x108 [ 49.528261][ T6517] el0t_64_sync+0x198/0x19c [ 49.529506][ T6517] irq event stamp: 13994 [ 49.530679][ T6517] hardirqs last enabled at (13993): [] __console_unlock+0x70/0xc4 [ 49.533261][ T6517] hardirqs last disabled at (13994): [] el1_dbg+0x24/0x80 [ 49.535689][ T6517] softirqs last enabled at (13854): [] handle_softirqs+0xaf8/0xc88 [ 49.538294][ T6517] softirqs last disabled at (13833): [] __do_softirq+0x14/0x20 [ 49.540758][ T6517] ---[ end trace 0000000000000000 ]--- executing program [ 49.615075][ T6518] FAULT_INJECTION: forcing a failure. [ 49.615075][ T6518] name f ** replaying previous printk message ** [ 49.615075][ T6518] FAULT_INJECTION: forcing a failure. [ 49.615075][ T6518] name failslab, interval 1, probability 0, space 0, times 0 [ 49.615145][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.615163][ T6518] Tainted: [W]=WARN [ 49.615167][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.615175][ T6518] Call trace: [ 49.615179][ T6518] show_stack+0x2c/0x3c (C) [ 49.615196][ T6518] __dump_stack+0x30/0x40 [ 49.615207][ T6518] dump_stack_lvl+0xd8/0x12c [ 49.615218][ T6518] dump_stack+0x1c/0x28 [ 49.615227][ T6518] should_fail_ex+0x41c/0x594 [ 49.615240][ T6518] should_failslab+0xc0/0x128 [ 49.615253][ T6518] kmem_cache_alloc_noprof+0x80/0x3e8 [ 49.615268][ T6518] mas_alloc_nodes+0x268/0x788 [ 49.615281][ T6518] mas_preallocate+0x4b0/0x778 [ 49.615293][ T6518] commit_merge+0x1a4/0x5b0 [ 49.615306][ T6518] vma_merge_existing_range+0x1388/0x1964 [ 49.615320][ T6518] vma_modify+0x7c/0x424 [ 49.615332][ T6518] vma_modify_flags+0x18c/0x1dc [ 49.615345][ T6518] mlock_fixup+0x18c/0x2c4 [ 49.615357][ T6518] apply_mlockall_flags+0x290/0x344 [ 49.615368][ T6518] __arm64_sys_munlockall+0x11c/0x238 [ 49.615380][ T6518] invoke_syscall+0x98/0x2b8 [ 49.615391][ T6518] el0_svc_common+0x130/0x23c [ 49.615401][ T6518] do_el0_svc+0x48/0x58 [ 49.615411][ T6518] el0_svc+0x58/0x17c [ 49.615424][ T6518] el0t_64_sync_handler+0x78/0x108 [ 49.615437][ T6518] el0t_64_sync+0x198/0x19c [ 49.615617][ T6518] vmg ffff8000a4517a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 49.615640][ T6518] vmg ffff8000a4517a60 state: mm ffff0000c98bcc80 pgoff 20000 [ 49.615640][ T6518] vmi ffff8000a4517c40 [20000000,20800000) [ 49.615640][ T6518] prev ffff0000c8cdf280 middle ffff0000c8cdf280 next 0000000000000000 target 0000000000000000 [ 49.615640][ T6518] start 20000000 end 20800000 flags 100077 [ 49.615640][ T6518] file 0000000000000000 anon_vma ffff0000c64db880 policy 0000000000000000 [ 49.615640][ T6518] uffd_ctx 0000000000000000 [ 49.615640][ T6518] anon_name 0000000000000000 [ 49.615640][ T6518] state 0 [ 49.615640][ T6518] just_expand 0 [ 49.615640][ T6518] __adjust_middle_start 0 __adjust_next_start 0 [ 49.615640][ T6518] __remove_middle 0 __remove_next 0 [ 49.615700][ T6518] vmg ffff8000a4517a60 mm: [ 49.615719][ T6518] mm ffff0000c98bcc80 task_size 281474976710656 [ 49.615719][ T6518] mmap_base 281473604251648 mmap_legacy_base 0 [ 49.615719][ T6518] pgd ffff0000d072f000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 49.615719][ T6518] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 49.615719][ T6518] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 49.615719][ T6518] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 49.615719][ T6518] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 49.615719][ T6518] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 49.615719][ T6518] binfmt ffff80008f670700 flags 8000008d [ 49.615719][ T6518] ioctx_table 0000000000000000 [ 49.615719][ T6518] owner ffff0000c7215b80 exe_file ffff0000c7dbce00 [ 49.615719][ T6518] notifier_subscriptions 0000000000000000 [ 49.615719][ T6518] numa_next_scan 4294942313 numa_scan_offset 0 numa_scan_seq 0 [ 49.615719][ T6518] tlb_flush_pending 0 [ 49.615719][ T6518] def_flags: 0x0() [ 49.615798][ T6518] vmg ffff8000a4517a60 prev: [ 49.615815][ T6518] vma ffff0000c8cdf280 start 0000000020000000 end 0000000020800000 mm ffff0000c98bcc80 [ 49.615815][ T6518] prot 20000000000fc3 anon_vma ffff0000c64db880 vm_ops 0000000000000000 [ 49.615815][ T6518] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.615815][ T6518] refcnt 1 [ 49.615815][ T6518] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.615855][ T6518] vmg ffff8000a4517a60 middle: [ 49.615872][ T6518] vma ffff0000c8cdf280 start 0000000020000000 end 0000000020800000 mm ffff0000c98bcc80 [ 49.615872][ T6518] prot 20000000000fc3 anon_vma ffff0000c64db880 vm_ops 0000000000000000 [ 49.615872][ T6518] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.615872][ T6518] refcnt 1 [ 49.615872][ T6518] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.615911][ T6518] vmg ffff8000a4517a60 next: (NULL) [ 49.615928][ T6518] vmg ffff8000a4517a60 vmi: [ 49.615946][ T6518] MAS: tree=ffff0000c98bccc0 enode=ffff0000d5ea960c [ 49.615958][ T6518] (ma_active) [ 49.615974][ T6518] Store Type: [ 49.615989][ T6518] node_store [ 49.616011][ T6518] [2/10] index=20000000 last=207fffff [ 49.616032][ T6518] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 49.616053][ T6518] maple_tree(ffff0000c98bccc0) flags 30B, height 2 root ffff0000c7b59c1e [ 49.616075][ T6518] 0-ffffffffffffffff: node ffff0000c7b59c00 depth 0 type 3 parent ffff0000c98bccc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5ea960c FFFFAE30FFFF ffff0000d99b540c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 49.616325][ T6518] 0-ffffae30ffff: node ffff0000d5ea9600 depth 1 type 1 parent ffff0000c7b59c06 contents: 0000000000000000 1FFFEFFF ffff0000c8cdf140 1FFFFFFF ffff0000c8cdf280 207FFFFF ffff0000c6567140 20FFFFFF ffff0000c8cdf3c0 21000FFF 0000000000000000 AAAACA222FFF ffff0000c8cdf500 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c8cdf640 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c8cdf780 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 49.616548][ T6518] 0-1fffefff: 0000000000000000 [ 49.616576][ T6518] 1ffff000-1fffffff: ffff0000c8cdf140 [ 49.616605][ T6518] 20000000-207fffff: ffff0000c8cdf280 [ 49.616633][ T6518] 20800000-20ffffff: ffff0000c6567140 [ 49.616665][ T6518] 21000000-21000fff: ffff0000c8cdf3c0 [ 49.616693][ T6518] 21001000-aaaaca222fff: 0000000000000000 [ 49.616722][ T6518] aaaaca223000-aaaaca244fff: ffff0000c8cdf500 [ 49.616751][ T6518] aaaaca245000-ffffae26ffff: 0000000000000000 [ 49.616779][ T6518] ffffae270000-ffffae2fbfff: ffff0000c8cdf640 [ 49.616808][ T6518] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 49.616837][ T6518] ffffae30c000-ffffae30ffff: ffff0000c8cdf780 [ 49.616866][ T6518] ffffae310000-ffffffffffffffff: node ffff0000d99b5400 depth 1 type 1 parent ffff0000c7b59c0e contents: ffff0000c8cdf8c0 FFFFAE312FFF ffff0000c8cdfa00 FFFFAE318FFF ffff0000c8cdfb40 FFFFAE31CFFF ffff0000c8cdfc80 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c8cdfdc0 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 49.617080][ T6518] ffffae310000-ffffae312fff: ffff0000c8cdf8c0 [ 49.617110][ T6518] ffffae313000-ffffae318fff: ffff0000c8cdfa00 [ 49.617139][ T6518] ffffae319000-ffffae31cfff: ffff0000c8cdfb40 [ 49.617168][ T6518] ffffae31d000-ffffae31efff: ffff0000c8cdfc80 [ 49.617197][ T6518] ffffae31f000-fffff3038fff: 0000000000000000 [ 49.617225][ T6518] fffff3039000-fffff3059fff: ffff0000c8cdfdc0 [ 49.617254][ T6518] fffff305a000-ffffffffffffffff: 0000000000000000 [ 49.617380][ T6518] ------------[ cut here ]------------ [ 49.617393][ T6518] WARNING: CPU: 0 PID: 6518 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 49.811202][ T6518] Modules linked in: [ 49.812323][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.816006][ T6518] Tainted: [W]=WARN [ 49.817016][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.819712][ T6518] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 49.821880][ T6518] pc : vma_merge_existing_range+0x14a8/0x1964 [ 49.823612][ T6518] lr : vma_merge_existing_range+0x14a8/0x1964 [ 49.825270][ T6518] sp : ffff8000a4517910 [ 49.826373][ T6518] x29: ffff8000a4517990 x28: dfff800000000000 x27: 0000000000000001 [ 49.828644][ T6518] x26: 0000000020000000 x25: ffff8000a4517a80 x24: 0000000020000000 [ 49.830905][ T6518] x23: 1ffff000148a2f50 x22: ffff0000c8cdf280 x21: 0000000020800000 [ 49.833107][ T6518] x20: ffff0000c8cdf280 x19: ffff8000a4517a60 x18: 0000000000000000 [ 49.835281][ T6518] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 49.837454][ T6518] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 49.839735][ T6518] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 49.842026][ T6518] x8 : ffff0000c7215b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 49.844212][ T6518] x5 : ffff8000a4516ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 49.846425][ T6518] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 49.848610][ T6518] Call trace: [ 49.849522][ T6518] vma_merge_existing_range+0x14a8/0x1964 (P) [ 49.851242][ T6518] vma_modify+0x7c/0x424 [ 49.852441][ T6518] vma_modify_flags+0x18c/0x1dc [ 49.853816][ T6518] mlock_fixup+0x18c/0x2c4 [ 49.854993][ T6518] apply_mlockall_flags+0x290/0x344 [ 49.856362][ T6518] __arm64_sys_munlockall+0x11c/0x238 [ 49.857857][ T6518] invoke_syscall+0x98/0x2b8 [ 49.859069][ T6518] el0_svc_common+0x130/0x23c [ 49.860402][ T6518] do_el0_svc+0x48/0x58 [ 49.861524][ T6518] el0_svc+0x58/0x17c [ 49.862610][ T6518] el0t_64_sync_handler+0x78/0x108 [ 49.864005][ T6518] el0t_64_sync+0x198/0x19c [ 49.865237][ T6518] irq event stamp: 14412 [ 49.866378][ T6518] hardirqs last enabled at (14411): [] __console_unlock+0x70/0xc4 [ 49.868945][ T6518] hardirqs last disabled at (14412): [] el1_dbg+0x24/0x80 [ 49.871346][ T6518] softirqs last enabled at (12354): [] handle_softirqs+0xaf8/0xc88 [ 49.873939][ T6518] softirqs last disabled at (12119): [] __do_softirq+0x14/0x20 [ 49.876340][ T6518] ---[ end trace 0000000000000000 ]--- executing program [ 49.941248][ T6519] FAULT_INJECTION: forcing a failure. [ 49.941248][ T6519] name failsl ** replaying previous printk message ** [ 49.941248][ T6519] FAULT_INJECTION: forcing a failure. [ 49.941248][ T6519] name failslab, interval 1, probability 0, space 0, times 0 [ 49.941317][ T6519] CPU: 0 UID: 0 PID: 6519 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 49.941333][ T6519] Tainted: [W]=WARN [ 49.941337][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.941345][ T6519] Call trace: [ 49.941349][ T6519] show_stack+0x2c/0x3c (C) [ 49.941366][ T6519] __dump_stack+0x30/0x40 [ 49.941377][ T6519] dump_stack_lvl+0xd8/0x12c [ 49.941387][ T6519] dump_stack+0x1c/0x28 [ 49.941397][ T6519] should_fail_ex+0x41c/0x594 [ 49.941410][ T6519] should_failslab+0xc0/0x128 [ 49.941423][ T6519] kmem_cache_alloc_noprof+0x80/0x3e8 [ 49.941438][ T6519] mas_alloc_nodes+0x268/0x788 [ 49.941451][ T6519] mas_preallocate+0x4b0/0x778 [ 49.941463][ T6519] commit_merge+0x1a4/0x5b0 [ 49.941477][ T6519] vma_merge_existing_range+0x1388/0x1964 [ 49.941491][ T6519] vma_modify+0x7c/0x424 [ 49.941503][ T6519] vma_modify_flags+0x18c/0x1dc [ 49.941516][ T6519] mlock_fixup+0x18c/0x2c4 [ 49.941528][ T6519] apply_mlockall_flags+0x290/0x344 [ 49.941547][ T6519] __arm64_sys_munlockall+0x11c/0x238 [ 49.941559][ T6519] invoke_syscall+0x98/0x2b8 [ 49.941570][ T6519] el0_svc_common+0x130/0x23c [ 49.941580][ T6519] do_el0_svc+0x48/0x58 [ 49.941590][ T6519] el0_svc+0x58/0x17c [ 49.941603][ T6519] el0t_64_sync_handler+0x78/0x108 [ 49.941616][ T6519] el0t_64_sync+0x198/0x19c [ 49.941634][ T6519] vmg ffff8000a4507a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 49.941824][ T6519] vmg ffff8000a4507a60 state: mm ffff0000c98bd500 pgoff 20000 [ 49.941824][ T6519] vmi ffff8000a4507c40 [20000000,20800000) [ 49.941824][ T6519] prev ffff0000cd94a140 middle ffff0000cd94a140 next 0000000000000000 target 0000000000000000 [ 49.941824][ T6519] start 20000000 end 20800000 flags 100077 [ 49.941824][ T6519] file 0000000000000000 anon_vma ffff0000c64dbaa0 policy 0000000000000000 [ 49.941824][ T6519] uffd_ctx 0000000000000000 [ 49.941824][ T6519] anon_name 0000000000000000 [ 49.941824][ T6519] state 0 [ 49.941824][ T6519] just_expand 0 [ 49.941824][ T6519] __adjust_middle_start 0 __adjust_next_start 0 [ 49.941824][ T6519] __remove_middle 0 __remove_next 0 [ 49.941878][ T6519] vmg ffff8000a4507a60 mm: [ 49.941896][ T6519] mm ffff0000c98bd500 task_size 281474976710656 [ 49.941896][ T6519] mmap_base 281473604251648 mmap_legacy_base 0 [ 49.941896][ T6519] pgd ffff0000cc2b5000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 49.941896][ T6519] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 49.941896][ T6519] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 49.941896][ T6519] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 49.941896][ T6519] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 49.941896][ T6519] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 49.941896][ T6519] binfmt ffff80008f670700 flags 8000008d [ 49.941896][ T6519] ioctx_table 0000000000000000 [ 49.941896][ T6519] owner ffff0000cb168000 exe_file ffff0000c7dbce00 [ 49.941896][ T6519] notifier_subscriptions 0000000000000000 [ 49.941896][ T6519] numa_next_scan 4294942346 numa_scan_offset 0 numa_scan_seq 0 [ 49.941896][ T6519] tlb_flush_pending 0 [ 49.941896][ T6519] def_flags: 0x0() [ 49.941977][ T6519] vmg ffff8000a4507a60 prev: [ 49.941994][ T6519] vma ffff0000cd94a140 start 0000000020000000 end 0000000020800000 mm ffff0000c98bd500 [ 49.941994][ T6519] prot 20000000000fc3 anon_vma ffff0000c64dbaa0 vm_ops 0000000000000000 [ 49.941994][ T6519] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.941994][ T6519] refcnt 1 [ 49.941994][ T6519] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.942034][ T6519] vmg ffff8000a4507a60 middle: [ 49.942052][ T6519] vma ffff0000cd94a140 start 0000000020000000 end 0000000020800000 mm ffff0000c98bd500 [ 49.942052][ T6519] prot 20000000000fc3 anon_vma ffff0000c64dbaa0 vm_ops 0000000000000000 [ 49.942052][ T6519] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 49.942052][ T6519] refcnt 1 [ 49.942052][ T6519] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 49.942090][ T6519] vmg ffff8000a4507a60 next: (NULL) [ 49.942108][ T6519] vmg ffff8000a4507a60 vmi: [ 49.942125][ T6519] MAS: tree=ffff0000c98bd540 enode=ffff0000d5ea9e0c [ 49.942138][ T6519] (ma_active) [ 49.942153][ T6519] Store Type: [ 49.942169][ T6519] node_store [ 49.942190][ T6519] [2/10] index=20000000 last=207fffff [ 49.942211][ T6519] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 49.942233][ T6519] maple_tree(ffff0000c98bd540) flags 30B, height 2 root ffff0000cd7e7e1e [ 49.942254][ T6519] 0-ffffffffffffffff: node ffff0000cd7e7e00 depth 0 type 3 parent ffff0000c98bd541 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d5ea9e0c FFFFAE30FFFF ffff0000cd7e660c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 49.942506][ T6519] 0-ffffae30ffff: node ffff0000d5ea9e00 depth 1 type 1 parent ffff0000cd7e7e06 contents: 0000000000000000 1FFFEFFF ffff0000cd94a000 1FFFFFFF ffff0000cd94a140 207FFFFF ffff0000c65673c0 20FFFFFF ffff0000cd94a280 21000FFF 0000000000000000 AAAACA222FFF ffff0000cd94a3c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000cd94a500 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000cd94a640 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 49.942732][ T6519] 0-1fffefff: 0000000000000000 [ 49.942759][ T6519] 1ffff000-1fffffff: ffff0000cd94a000 [ 49.942788][ T6519] 20000000-207fffff: ffff0000cd94a140 [ 49.942817][ T6519] 20800000-20ffffff: ffff0000c65673c0 [ 49.942846][ T6519] 21000000-21000fff: ffff0000cd94a280 [ 49.942875][ T6519] 21001000-aaaaca222fff: 0000000000000000 [ 49.942903][ T6519] aaaaca223000-aaaaca244fff: ffff0000cd94a3c0 [ 49.942933][ T6519] aaaaca245000-ffffae26ffff: 0000000000000000 [ 49.942961][ T6519] ffffae270000-ffffae2fbfff: ffff0000cd94a500 [ 49.942991][ T6519] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 49.943019][ T6519] ffffae30c000-ffffae30ffff: ffff0000cd94a640 [ 49.943049][ T6519] ffffae310000-ffffffffffffffff: node ffff0000cd7e6600 depth 1 type 1 parent ffff0000cd7e7e0e contents: ffff0000cd94a780 FFFFAE312FFF ffff0000cd94a8c0 FFFFAE318FFF ffff0000cd94aa00 FFFFAE31CFFF ffff0000cd94ab40 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000cd94ac80 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 49.943265][ T6519] ffffae310000-ffffae312fff: ffff0000cd94a780 [ 49.943294][ T6519] ffffae313000-ffffae318fff: ffff0000cd94a8c0 [ 49.943323][ T6519] ffffae319000-ffffae31cfff: ffff0000cd94aa00 [ 49.943353][ T6519] ffffae31d000-ffffae31efff: ffff0000cd94ab40 [ 49.943382][ T6519] ffffae31f000-fffff3038fff: 0000000000000000 [ 49.943411][ T6519] fffff3039000-fffff3059fff: ffff0000cd94ac80 [ 49.943440][ T6519] fffff305a000-ffffffffffffffff: 0000000000000000 [ 49.943572][ T6519] ------------[ cut here ]------------ [ 49.943586][ T6519] WARNING: CPU: 0 PID: 6519 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 50.139527][ T6519] Modules linked in: [ 50.140610][ T6519] CPU: 0 UID: 0 PID: 6519 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.144274][ T6519] Tainted: [W]=WARN [ 50.145365][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.148352][ T6519] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 50.150670][ T6519] pc : vma_merge_existing_range+0x14a8/0x1964 [ 50.152373][ T6519] lr : vma_merge_existing_range+0x14a8/0x1964 [ 50.154110][ T6519] sp : ffff8000a4507910 [ 50.155295][ T6519] x29: ffff8000a4507990 x28: dfff800000000000 x27: 0000000000000001 [ 50.157665][ T6519] x26: 0000000020000000 x25: ffff8000a4507a80 x24: 0000000020000000 [ 50.159988][ T6519] x23: 1ffff000148a0f50 x22: ffff0000cd94a140 x21: 0000000020800000 [ 50.162320][ T6519] x20: ffff0000cd94a140 x19: ffff8000a4507a60 x18: 0000000000000000 [ 50.164727][ T6519] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 50.167020][ T6519] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 50.169329][ T6519] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 50.171706][ T6519] x8 : ffff0000cb168000 x7 : 0000000000000001 x6 : 0000000000000001 [ 50.174121][ T6519] x5 : ffff8000a4506ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 50.176409][ T6519] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 50.178685][ T6519] Call trace: [ 50.179610][ T6519] vma_merge_existing_range+0x14a8/0x1964 (P) [ 50.181332][ T6519] vma_modify+0x7c/0x424 [ 50.182556][ T6519] vma_modify_flags+0x18c/0x1dc [ 50.183938][ T6519] mlock_fixup+0x18c/0x2c4 [ 50.185222][ T6519] apply_mlockall_flags+0x290/0x344 [ 50.186716][ T6519] __arm64_sys_munlockall+0x11c/0x238 [ 50.188230][ T6519] invoke_syscall+0x98/0x2b8 [ 50.189543][ T6519] el0_svc_common+0x130/0x23c [ 50.190850][ T6519] do_el0_svc+0x48/0x58 [ 50.192026][ T6519] el0_svc+0x58/0x17c [ 50.193163][ T6519] el0t_64_sync_handler+0x78/0x108 [ 50.194599][ T6519] el0t_64_sync+0x198/0x19c [ 50.195892][ T6519] irq event stamp: 14400 [ 50.197129][ T6519] hardirqs last enabled at (14399): [] __console_unlock+0x70/0xc4 [ 50.199806][ T6519] hardirqs last disabled at (14400): [] el1_dbg+0x24/0x80 [ 50.202315][ T6519] softirqs last enabled at (10608): [] handle_softirqs+0xaf8/0xc88 [ 50.205051][ T6519] softirqs last disabled at (10241): [] __do_softirq+0x14/0x20 [ 50.207742][ T6519] ---[ end trace 0000000000000000 ]--- executing program [ 50.288920][ T6520] FAULT_INJECTION: forcing a failure. [ 50.288920][ T6520] name failslab, interval 1, probability 0, space 0, times 0 [ 50.288995][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 ** replaying previous printk message ** [ 50.288995][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.289014][ T6520] Tainted: [W]=WARN [ 50.289019][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.289027][ T6520] Call trace: [ 50.289031][ T6520] show_stack+0x2c/0x3c (C) [ 50.289049][ T6520] __dump_stack+0x30/0x40 [ 50.289061][ T6520] dump_stack_lvl+0xd8/0x12c [ 50.289072][ T6520] dump_stack+0x1c/0x28 [ 50.289082][ T6520] should_fail_ex+0x41c/0x594 [ 50.289095][ T6520] should_failslab+0xc0/0x128 [ 50.289109][ T6520] kmem_cache_alloc_noprof+0x80/0x3e8 [ 50.289125][ T6520] mas_alloc_nodes+0x268/0x788 [ 50.289139][ T6520] mas_preallocate+0x4b0/0x778 [ 50.289152][ T6520] commit_merge+0x1a4/0x5b0 [ 50.289166][ T6520] vma_merge_existing_range+0x1388/0x1964 [ 50.289180][ T6520] vma_modify+0x7c/0x424 [ 50.289193][ T6520] vma_modify_flags+0x18c/0x1dc [ 50.289207][ T6520] mlock_fixup+0x18c/0x2c4 [ 50.289220][ T6520] apply_mlockall_flags+0x290/0x344 [ 50.289232][ T6520] __arm64_sys_munlockall+0x11c/0x238 [ 50.289244][ T6520] invoke_syscall+0x98/0x2b8 [ 50.289257][ T6520] el0_svc_common+0x130/0x23c [ 50.289268][ T6520] do_el0_svc+0x48/0x58 [ 50.289278][ T6520] el0_svc+0x58/0x17c [ 50.289292][ T6520] el0t_64_sync_handler+0x78/0x108 [ 50.289306][ T6520] el0t_64_sync+0x198/0x19c [ 50.289481][ T6520] vmg ffff8000a44f7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 50.289505][ T6520] vmg ffff8000a44f7a60 state: mm ffff0000c98bdd80 pgoff 20000 [ 50.289505][ T6520] vmi ffff8000a44f7c40 [20000000,20800000) [ 50.289505][ T6520] prev ffff0000cb37e000 middle ffff0000cb37e000 next 0000000000000000 target 0000000000000000 [ 50.289505][ T6520] start 20000000 end 20800000 flags 100077 [ 50.289505][ T6520] file 0000000000000000 anon_vma ffff0000c64dbcc0 policy 0000000000000000 [ 50.289505][ T6520] uffd_ctx 0000000000000000 [ 50.289505][ T6520] anon_name 0000000000000000 [ 50.289505][ T6520] state 0 [ 50.289505][ T6520] just_expand 0 [ 50.289505][ T6520] __adjust_middle_start 0 __adjust_next_start 0 [ 50.289505][ T6520] __remove_middle 0 __remove_next 0 [ 50.289573][ T6520] vmg ffff8000a44f7a60 mm: [ 50.289592][ T6520] mm ffff0000c98bdd80 task_size 281474976710656 [ 50.289592][ T6520] mmap_base 281473604251648 mmap_legacy_base 0 [ 50.289592][ T6520] pgd ffff0000c7738000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 50.289592][ T6520] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 50.289592][ T6520] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 50.289592][ T6520] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 50.289592][ T6520] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 50.289592][ T6520] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 50.289592][ T6520] binfmt ffff80008f670700 flags 8000008d [ 50.289592][ T6520] ioctx_table 0000000000000000 [ 50.289592][ T6520] owner ffff0000cb169e80 exe_file ffff0000c7dbce00 [ 50.289592][ T6520] notifier_subscriptions 0000000000000000 [ 50.289592][ T6520] numa_next_scan 4294942380 numa_scan_offset 0 numa_scan_seq 0 [ 50.289592][ T6520] tlb_flush_pending 0 [ 50.289592][ T6520] def_flags: 0x0() [ 50.289677][ T6520] vmg ffff8000a44f7a60 prev: [ 50.289700][ T6520] vma ffff0000cb37e000 start 0000000020000000 end 0000000020800000 mm ffff0000c98bdd80 [ 50.289700][ T6520] prot 20000000000fc3 anon_vma ffff0000c64dbcc0 vm_ops 0000000000000000 [ 50.289700][ T6520] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.289700][ T6520] refcnt 1 [ 50.289700][ T6520] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.289744][ T6520] vmg ffff8000a44f7a60 middle: [ 50.289762][ T6520] vma ffff0000cb37e000 start 0000000020000000 end 0000000020800000 mm ffff0000c98bdd80 [ 50.289762][ T6520] prot 20000000000fc3 anon_vma ffff0000c64dbcc0 vm_ops 0000000000000000 [ 50.289762][ T6520] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.289762][ T6520] refcnt 1 [ 50.289762][ T6520] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.289803][ T6520] vmg ffff8000a44f7a60 next: (NULL) [ 50.289822][ T6520] vmg ffff8000a44f7a60 vmi: [ 50.289840][ T6520] MAS: tree=ffff0000c98bddc0 enode=ffff0000c81dc60c [ 50.289853][ T6520] (ma_active) [ 50.289870][ T6520] Store Type: [ 50.289886][ T6520] node_store [ 50.289909][ T6520] [2/10] index=20000000 last=207fffff [ 50.289931][ T6520] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 50.289954][ T6520] maple_tree(ffff0000c98bddc0) flags 30B, height 2 root ffff0000d7be601e [ 50.289977][ T6520] 0-ffffffffffffffff: node ffff0000d7be6000 depth 0 type 3 parent ffff0000c98bddc1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c81dc60c FFFFAE30FFFF ffff0000d7be700c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 50.294943][ T6520] 0-ffffae30ffff: node ffff0000c81dc600 depth 1 type 1 parent ffff0000d7be6006 contents: 0000000000000000 1FFFEFFF ffff0000cd94adc0 1FFFFFFF ffff0000cb37e000 207FFFFF ffff0000c6567640 20FFFFFF ffff0000cb37e140 21000FFF 0000000000000000 AAAACA222FFF ffff0000cb37e280 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000cb37e3c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000cb37e500 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 50.295178][ T6520] 0-1fffefff: 0000000000000000 [ 50.295208][ T6520] 1ffff000-1fffffff: ffff0000cd94adc0 [ 50.295239][ T6520] 20000000-207fffff: ffff0000cb37e000 [ 50.295269][ T6520] 20800000-20ffffff: ffff0000c6567640 [ 50.295300][ T6520] 21000000-21000fff: ffff0000cb37e140 [ 50.295330][ T6520] 21001000-aaaaca222fff: 0000000000000000 [ 50.295360][ T6520] aaaaca223000-aaaaca244fff: ffff0000cb37e280 [ 50.295392][ T6520] aaaaca245000-ffffae26ffff: 0000000000000000 [ 50.295422][ T6520] ffffae270000-ffffae2fbfff: ffff0000cb37e3c0 [ 50.295453][ T6520] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 50.295484][ T6520] ffffae30c000-ffffae30ffff: ffff0000cb37e500 [ 50.295515][ T6520] ffffae310000-ffffffffffffffff: node ffff0000d7be7000 depth 1 type 1 parent ffff0000d7be600e contents: ffff0000cb37e640 FFFFAE312FFF ffff0000cb37e780 FFFFAE318FFF ffff0000cb37e8c0 FFFFAE31CFFF ffff0000cb37ea00 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000cb37eb40 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 50.295757][ T6520] ffffae310000-ffffae312fff: ffff0000cb37e640 [ 50.295788][ T6520] ffffae313000-ffffae318fff: ffff0000cb37e780 [ 50.295819][ T6520] ffffae319000-ffffae31cfff: ffff0000cb37e8c0 [ 50.295851][ T6520] ffffae31d000-ffffae31efff: ffff0000cb37ea00 [ 50.295882][ T6520] ffffae31f000-fffff3038fff: 0000000000000000 [ 50.295912][ T6520] fffff3039000-fffff3059fff: ffff0000cb37eb40 [ 50.295944][ T6520] fffff305a000-ffffffffffffffff: 0000000000000000 [ 50.296079][ T6520] ------------[ cut here ]------------ [ 50.296093][ T6520] WARNING: CPU: 0 PID: 6520 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 50.489958][ T6520] Modules linked in: [ 50.491078][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.494655][ T6520] Tainted: [W]=WARN [ 50.495740][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.498599][ T6520] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 50.500805][ T6520] pc : vma_merge_existing_range+0x14a8/0x1964 [ 50.502475][ T6520] lr : vma_merge_existing_range+0x14a8/0x1964 [ 50.504280][ T6520] sp : ffff8000a44f7910 [ 50.505455][ T6520] x29: ffff8000a44f7990 x28: dfff800000000000 x27: 0000000000000001 [ 50.507764][ T6520] x26: 0000000020000000 x25: ffff8000a44f7a80 x24: 0000000020000000 [ 50.510070][ T6520] x23: 1ffff0001489ef50 x22: ffff0000cb37e000 x21: 0000000020800000 [ 50.512343][ T6520] x20: ffff0000cb37e000 x19: ffff8000a44f7a60 x18: 1fffe0003386aa76 [ 50.514628][ T6520] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 50.516908][ T6520] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 50.519135][ T6520] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 50.521405][ T6520] x8 : ffff0000cb169e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 50.523652][ T6520] x5 : ffff8000a44f6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 50.525988][ T6520] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 50.528329][ T6520] Call trace: [ 50.529257][ T6520] vma_merge_existing_range+0x14a8/0x1964 (P) [ 50.531001][ T6520] vma_modify+0x7c/0x424 [ 50.532210][ T6520] vma_modify_flags+0x18c/0x1dc [ 50.533581][ T6520] mlock_fixup+0x18c/0x2c4 [ 50.534836][ T6520] apply_mlockall_flags+0x290/0x344 [ 50.536282][ T6520] __arm64_sys_munlockall+0x11c/0x238 [ 50.537810][ T6520] invoke_syscall+0x98/0x2b8 [ 50.539116][ T6520] el0_svc_common+0x130/0x23c [ 50.540454][ T6520] do_el0_svc+0x48/0x58 [ 50.541612][ T6520] el0_svc+0x58/0x17c [ 50.542727][ T6520] el0t_64_sync_handler+0x78/0x108 [ 50.544169][ T6520] el0t_64_sync+0x198/0x19c [ 50.545392][ T6520] irq event stamp: 14488 [ 50.546573][ T6520] hardirqs last enabled at (14487): [] __console_unlock+0x70/0xc4 [ 50.549232][ T6520] hardirqs last disabled at (14488): [] el1_dbg+0x24/0x80 [ 50.551723][ T6520] softirqs last enabled at (13980): [] handle_softirqs+0xaf8/0xc88 [ 50.554496][ T6520] softirqs last disabled at (13973): [] __do_softirq+0x14/0x20 [ 50.557138][ T6520] ---[ end trace 0000000000000000 ]--- executing program [ 50.636822][ T6521] FAULT_INJECTION: forcing a failure. [ 50.636822][ T6521] name fails ** replaying previous printk message ** [ 50.636822][ T6521] FAULT_INJECTION: forcing a failure. [ 50.636822][ T6521] name failslab, interval 1, probability 0, space 0, times 0 [ 50.636897][ T6521] CPU: 1 UID: 0 PID: 6521 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.636916][ T6521] Tainted: [W]=WARN [ 50.636920][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.636928][ T6521] Call trace: [ 50.636933][ T6521] show_stack+0x2c/0x3c (C) [ 50.636950][ T6521] __dump_stack+0x30/0x40 [ 50.636962][ T6521] dump_stack_lvl+0xd8/0x12c [ 50.636972][ T6521] dump_stack+0x1c/0x28 [ 50.636981][ T6521] should_fail_ex+0x41c/0x594 [ 50.636993][ T6521] should_failslab+0xc0/0x128 [ 50.637007][ T6521] kmem_cache_alloc_noprof+0x80/0x3e8 [ 50.637022][ T6521] mas_alloc_nodes+0x268/0x788 [ 50.637035][ T6521] mas_preallocate+0x4b0/0x778 [ 50.637047][ T6521] commit_merge+0x1a4/0x5b0 [ 50.637060][ T6521] vma_merge_existing_range+0x1388/0x1964 [ 50.637074][ T6521] vma_modify+0x7c/0x424 [ 50.637087][ T6521] vma_modify_flags+0x18c/0x1dc [ 50.637099][ T6521] mlock_fixup+0x18c/0x2c4 [ 50.637112][ T6521] apply_mlockall_flags+0x290/0x344 [ 50.637124][ T6521] __arm64_sys_munlockall+0x11c/0x238 [ 50.637136][ T6521] invoke_syscall+0x98/0x2b8 [ 50.637148][ T6521] el0_svc_common+0x130/0x23c [ 50.637159][ T6521] do_el0_svc+0x48/0x58 [ 50.637169][ T6521] el0_svc+0x58/0x17c [ 50.637183][ T6521] el0t_64_sync_handler+0x78/0x108 [ 50.637197][ T6521] el0t_64_sync+0x198/0x19c [ 50.637376][ T6521] vmg ffff8000a3b57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 50.637399][ T6521] vmg ffff8000a3b57a60 state: mm ffff0000dc4d8880 pgoff 20000 [ 50.637399][ T6521] vmi ffff8000a3b57c40 [20000000,20800000) [ 50.637399][ T6521] prev ffff0000c65678c0 middle ffff0000c65678c0 next 0000000000000000 target 0000000000000000 [ 50.637399][ T6521] start 20000000 end 20800000 flags 100077 [ 50.637399][ T6521] file 0000000000000000 anon_vma ffff0000c5eef330 policy 0000000000000000 [ 50.637399][ T6521] uffd_ctx 0000000000000000 [ 50.637399][ T6521] anon_name 0000000000000000 [ 50.637399][ T6521] state 0 [ 50.637399][ T6521] just_expand 0 [ 50.637399][ T6521] __adjust_middle_start 0 __adjust_next_start 0 [ 50.637399][ T6521] __remove_middle 0 __remove_next 0 [ 50.637457][ T6521] vmg ffff8000a3b57a60 mm: [ 50.637476][ T6521] mm ffff0000dc4d8880 task_size 281474976710656 [ 50.637476][ T6521] mmap_base 281473604251648 mmap_legacy_base 0 [ 50.637476][ T6521] pgd ffff0000cc785000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 50.637476][ T6521] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 50.637476][ T6521] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 50.637476][ T6521] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 50.637476][ T6521] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 50.637476][ T6521] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 50.637476][ T6521] binfmt ffff80008f670700 flags 8000008d [ 50.637476][ T6521] ioctx_table 0000000000000000 [ 50.637476][ T6521] owner ffff0000c7ec3d00 exe_file ffff0000c7dbce00 [ 50.637476][ T6521] notifier_subscriptions 0000000000000000 [ 50.637476][ T6521] numa_next_scan 4294942415 numa_scan_offset 0 numa_scan_seq 0 [ 50.637476][ T6521] tlb_flush_pending 0 [ 50.637476][ T6521] def_flags: 0x0() [ 50.637571][ T6521] vmg ffff8000a3b57a60 prev: [ 50.637590][ T6521] vma ffff0000c65678c0 start 0000000020000000 end 0000000020800000 mm ffff0000dc4d8880 [ 50.637590][ T6521] prot 20000000000fc3 anon_vma ffff0000c5eef330 vm_ops 0000000000000000 [ 50.637590][ T6521] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.637590][ T6521] refcnt 1 [ 50.637590][ T6521] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.637633][ T6521] vmg ffff8000a3b57a60 middle: [ 50.637652][ T6521] vma ffff0000c65678c0 start 0000000020000000 end 0000000020800000 mm ffff0000dc4d8880 [ 50.637652][ T6521] prot 20000000000fc3 anon_vma ffff0000c5eef330 vm_ops 0000000000000000 [ 50.637652][ T6521] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.637652][ T6521] refcnt 1 [ 50.637652][ T6521] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.637699][ T6521] vmg ffff8000a3b57a60 next: (NULL) [ 50.637717][ T6521] vmg ffff8000a3b57a60 vmi: [ 50.637736][ T6521] MAS: tree=ffff0000dc4d88c0 enode=ffff0000c77fe80c [ 50.637749][ T6521] (ma_active) [ 50.637766][ T6521] Store Type: [ 50.637782][ T6521] node_store [ 50.637805][ T6521] [2/10] index=20000000 last=207fffff [ 50.637827][ T6521] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 50.637850][ T6521] maple_tree(ffff0000dc4d88c0) flags 30B, height 2 root ffff0000c81dc81e [ 50.637873][ T6521] 0-ffffffffffffffff: node ffff0000c81dc800 depth 0 type 3 parent ffff0000dc4d88c1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c77fe80c FFFFAE30FFFF ffff0000c81dcc0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 50.638140][ T6521] 0-ffffae30ffff: node ffff0000c77fe800 depth 1 type 1 parent ffff0000c81dc806 contents: 0000000000000000 1FFFEFFF ffff0000c6567780 1FFFFFFF ffff0000c65678c0 207FFFFF ffff0000cb37edc0 20FFFFFF ffff0000c6567a00 21000FFF 0000000000000000 AAAACA222FFF ffff0000c6567b40 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c6567c80 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c6567dc0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 50.638372][ T6521] 0-1fffefff: 0000000000000000 [ 50.638402][ T6521] 1ffff000-1fffffff: ffff0000c6567780 [ 50.638433][ T6521] 20000000-207fffff: ffff0000c65678c0 [ 50.638463][ T6521] 20800000-20ffffff: ffff0000cb37edc0 [ 50.638494][ T6521] 21000000-21000fff: ffff0000c6567a00 [ 50.638524][ T6521] 21001000-aaaaca222fff: 0000000000000000 [ 50.638559][ T6521] aaaaca223000-aaaaca244fff: ffff0000c6567b40 [ 50.638590][ T6521] aaaaca245000-ffffae26ffff: 0000000000000000 [ 50.638620][ T6521] ffffae270000-ffffae2fbfff: ffff0000c6567c80 [ 50.638651][ T6521] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 50.638690][ T6521] ffffae30c000-ffffae30ffff: ffff0000c6567dc0 [ 50.638721][ T6521] ffffae310000-ffffffffffffffff: node ffff0000c81dcc00 depth 1 type 1 parent ffff0000c81dc80e contents: ffff0000c9773000 FFFFAE312FFF ffff0000c9773140 FFFFAE318FFF ffff0000c9773280 FFFFAE31CFFF ffff0000c97733c0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c9773500 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 50.638945][ T6521] ffffae310000-ffffae312fff: ffff0000c9773000 [ 50.638974][ T6521] ffffae313000-ffffae318fff: ffff0000c9773140 [ 50.639003][ T6521] ffffae319000-ffffae31cfff: ffff0000c9773280 [ 50.639033][ T6521] ffffae31d000-ffffae31efff: ffff0000c97733c0 [ 50.639062][ T6521] ffffae31f000-fffff3038fff: 0000000000000000 [ 50.639091][ T6521] fffff3039000-fffff3059fff: ffff0000c9773500 [ 50.639122][ T6521] fffff305a000-ffffffffffffffff: 0000000000000000 [ 50.639257][ T6521] ------------[ cut here ]------------ [ 50.639270][ T6521] WARNING: CPU: 1 PID: 6521 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 50.835704][ T6521] Modules linked in: [ 50.836772][ T6521] CPU: 1 UID: 0 PID: 6521 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.840318][ T6521] Tainted: [W]=WARN [ 50.841349][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.844155][ T6521] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 50.846343][ T6521] pc : vma_merge_existing_range+0x14a8/0x1964 [ 50.848044][ T6521] lr : vma_merge_existing_range+0x14a8/0x1964 [ 50.849826][ T6521] sp : ffff8000a3b57910 [ 50.851023][ T6521] x29: ffff8000a3b57990 x28: dfff800000000000 x27: 0000000000000001 [ 50.853312][ T6521] x26: 0000000020000000 x25: ffff8000a3b57a80 x24: 0000000020000000 [ 50.855514][ T6521] x23: 1ffff0001476af50 x22: ffff0000c65678c0 x21: 0000000020800000 [ 50.857803][ T6521] x20: ffff0000c65678c0 x19: ffff8000a3b57a60 x18: 0000000000000000 [ 50.860107][ T6521] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 50.862332][ T6521] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 50.864518][ T6521] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 50.866714][ T6521] x8 : ffff0000c7ec3d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 50.868888][ T6521] x5 : ffff8000a3b56ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 50.871062][ T6521] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 50.873294][ T6521] Call trace: [ 50.874191][ T6521] vma_merge_existing_range+0x14a8/0x1964 (P) [ 50.875950][ T6521] vma_modify+0x7c/0x424 [ 50.877233][ T6521] vma_modify_flags+0x18c/0x1dc [ 50.878547][ T6521] mlock_fixup+0x18c/0x2c4 [ 50.879941][ T6521] apply_mlockall_flags+0x290/0x344 [ 50.881387][ T6521] __arm64_sys_munlockall+0x11c/0x238 [ 50.882951][ T6521] invoke_syscall+0x98/0x2b8 [ 50.884300][ T6521] el0_svc_common+0x130/0x23c [ 50.885704][ T6521] do_el0_svc+0x48/0x58 [ 50.886859][ T6521] el0_svc+0x58/0x17c [ 50.887985][ T6521] el0t_64_sync_handler+0x78/0x108 [ 50.889445][ T6521] el0t_64_sync+0x198/0x19c [ 50.890771][ T6521] irq event stamp: 14272 [ 50.891966][ T6521] hardirqs last enabled at (14271): [] __console_unlock+0x70/0xc4 [ 50.894610][ T6521] hardirqs last disabled at (14272): [] el1_dbg+0x24/0x80 [ 50.897238][ T6521] softirqs last enabled at (9452): [] handle_softirqs+0xaf8/0xc88 [ 50.899965][ T6521] softirqs last disabled at (9289): [] __do_softirq+0x14/0x20 [ 50.902544][ T6521] ---[ end trace 0000000000000000 ]--- executing program [ 50.973155][ T6522] FAULT_INJECTION: forcing a failure. [ 50.973155][ T6522] name f ** replaying previous printk message ** [ 50.973155][ T6522] FAULT_INJECTION: forcing a failure. [ 50.973155][ T6522] name failslab, interval 1, probability 0, space 0, times 0 [ 50.973229][ T6522] CPU: 0 UID: 0 PID: 6522 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 50.973248][ T6522] Tainted: [W]=WARN [ 50.973252][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.973260][ T6522] Call trace: [ 50.973264][ T6522] show_stack+0x2c/0x3c (C) [ 50.973281][ T6522] __dump_stack+0x30/0x40 [ 50.973293][ T6522] dump_stack_lvl+0xd8/0x12c [ 50.973303][ T6522] dump_stack+0x1c/0x28 [ 50.973313][ T6522] should_fail_ex+0x41c/0x594 [ 50.973325][ T6522] should_failslab+0xc0/0x128 [ 50.973338][ T6522] kmem_cache_alloc_noprof+0x80/0x3e8 [ 50.973352][ T6522] mas_alloc_nodes+0x268/0x788 [ 50.973367][ T6522] mas_preallocate+0x4b0/0x778 [ 50.973378][ T6522] commit_merge+0x1a4/0x5b0 [ 50.973391][ T6522] vma_merge_existing_range+0x1388/0x1964 [ 50.973405][ T6522] vma_modify+0x7c/0x424 [ 50.973417][ T6522] vma_modify_flags+0x18c/0x1dc [ 50.973430][ T6522] mlock_fixup+0x18c/0x2c4 [ 50.973442][ T6522] apply_mlockall_flags+0x290/0x344 [ 50.973454][ T6522] __arm64_sys_munlockall+0x11c/0x238 [ 50.973465][ T6522] invoke_syscall+0x98/0x2b8 [ 50.973476][ T6522] el0_svc_common+0x130/0x23c [ 50.973486][ T6522] do_el0_svc+0x48/0x58 [ 50.973496][ T6522] el0_svc+0x58/0x17c [ 50.973509][ T6522] el0t_64_sync_handler+0x78/0x108 [ 50.973523][ T6522] el0t_64_sync+0x198/0x19c [ 50.973703][ T6522] vmg ffff8000a44f7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 50.973726][ T6522] vmg ffff8000a44f7a60 state: mm ffff0000c98be600 pgoff 20000 [ 50.973726][ T6522] vmi ffff8000a44f7c40 [20000000,20800000) [ 50.973726][ T6522] prev ffff0000ce842140 middle ffff0000ce842140 next 0000000000000000 target 0000000000000000 [ 50.973726][ T6522] start 20000000 end 20800000 flags 100077 [ 50.973726][ T6522] file 0000000000000000 anon_vma ffff0000cb4b2440 policy 0000000000000000 [ 50.973726][ T6522] uffd_ctx 0000000000000000 [ 50.973726][ T6522] anon_name 0000000000000000 [ 50.973726][ T6522] state 0 [ 50.973726][ T6522] just_expand 0 [ 50.973726][ T6522] __adjust_middle_start 0 __adjust_next_start 0 [ 50.973726][ T6522] __remove_middle 0 __remove_next 0 [ 50.973781][ T6522] vmg ffff8000a44f7a60 mm: [ 50.973799][ T6522] mm ffff0000c98be600 task_size 281474976710656 [ 50.973799][ T6522] mmap_base 281473604251648 mmap_legacy_base 0 [ 50.973799][ T6522] pgd ffff0000ce8ab000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 50.973799][ T6522] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 50.973799][ T6522] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 50.973799][ T6522] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 50.973799][ T6522] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 50.973799][ T6522] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 50.973799][ T6522] binfmt ffff80008f670700 flags 8000008d [ 50.973799][ T6522] ioctx_table 0000000000000000 [ 50.973799][ T6522] owner ffff0000cb16bd00 exe_file ffff0000c7dbce00 [ 50.973799][ T6522] notifier_subscriptions 0000000000000000 [ 50.973799][ T6522] numa_next_scan 4294942449 numa_scan_offset 0 numa_scan_seq 0 [ 50.973799][ T6522] tlb_flush_pending 0 [ 50.973799][ T6522] def_flags: 0x0() [ 50.973879][ T6522] vmg ffff8000a44f7a60 prev: [ 50.973897][ T6522] vma ffff0000ce842140 start 0000000020000000 end 0000000020800000 mm ffff0000c98be600 [ 50.973897][ T6522] prot 20000000000fc3 anon_vma ffff0000cb4b2440 vm_ops 0000000000000000 [ 50.973897][ T6522] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.973897][ T6522] refcnt 1 [ 50.973897][ T6522] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.973937][ T6522] vmg ffff8000a44f7a60 middle: [ 50.973954][ T6522] vma ffff0000ce842140 start 0000000020000000 end 0000000020800000 mm ffff0000c98be600 [ 50.973954][ T6522] prot 20000000000fc3 anon_vma ffff0000cb4b2440 vm_ops 0000000000000000 [ 50.973954][ T6522] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 50.973954][ T6522] refcnt 1 [ 50.973954][ T6522] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 50.973993][ T6522] vmg ffff8000a44f7a60 next: (NULL) [ 50.974010][ T6522] vmg ffff8000a44f7a60 vmi: [ 50.974027][ T6522] MAS: tree=ffff0000c98be640 enode=ffff0000c81dd40c [ 50.974040][ T6522] (ma_active) [ 50.974055][ T6522] Store Type: [ 50.974071][ T6522] node_store [ 50.974093][ T6522] [2/10] index=20000000 last=207fffff [ 50.974113][ T6522] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 50.974135][ T6522] maple_tree(ffff0000c98be640) flags 30B, height 2 root ffff0000c77fe01e [ 50.974157][ T6522] 0-ffffffffffffffff: node ffff0000c77fe000 depth 0 type 3 parent ffff0000c98be641 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c81dd40c FFFFAE30FFFF ffff0000c77fe40c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 50.974408][ T6522] 0-ffffae30ffff: node ffff0000c81dd400 depth 1 type 1 parent ffff0000c77fe006 contents: 0000000000000000 1FFFEFFF ffff0000ce842000 1FFFFFFF ffff0000ce842140 207FFFFF ffff0000c9773780 20FFFFFF ffff0000ce842280 21000FFF 0000000000000000 AAAACA222FFF ffff0000ce8423c0 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000ce842500 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000ce842640 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 50.974633][ T6522] 0-1fffefff: 0000000000000000 [ 50.974661][ T6522] 1ffff000-1fffffff: ffff0000ce842000 [ 50.974690][ T6522] 20000000-207fffff: ffff0000ce842140 [ 50.974722][ T6522] 20800000-20ffffff: ffff0000c9773780 [ 50.974751][ T6522] 21000000-21000fff: ffff0000ce842280 [ 50.974780][ T6522] 21001000-aaaaca222fff: 0000000000000000 [ 50.974808][ T6522] aaaaca223000-aaaaca244fff: ffff0000ce8423c0 [ 50.974838][ T6522] aaaaca245000-ffffae26ffff: 0000000000000000 [ 50.974866][ T6522] ffffae270000-ffffae2fbfff: ffff0000ce842500 [ 50.974896][ T6522] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 50.974924][ T6522] ffffae30c000-ffffae30ffff: ffff0000ce842640 [ 50.974954][ T6522] ffffae310000-ffffffffffffffff: node ffff0000c77fe400 depth 1 type 1 parent ffff0000c77fe00e contents: ffff0000ce842780 FFFFAE312FFF ffff0000ce8428c0 FFFFAE318FFF ffff0000ce842a00 FFFFAE31CFFF ffff0000ce842b40 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000ce842c80 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 50.975169][ T6522] ffffae310000-ffffae312fff: ffff0000ce842780 [ 50.975198][ T6522] ffffae313000-ffffae318fff: ffff0000ce8428c0 [ 50.975227][ T6522] ffffae319000-ffffae31cfff: ffff0000ce842a00 [ 50.975256][ T6522] ffffae31d000-ffffae31efff: ffff0000ce842b40 [ 50.975285][ T6522] ffffae31f000-fffff3038fff: 0000000000000000 [ 50.975314][ T6522] fffff3039000-fffff3059fff: ffff0000ce842c80 [ 50.975343][ T6522] fffff305a000-ffffffffffffffff: 0000000000000000 [ 50.975470][ T6522] ------------[ cut here ]------------ [ 50.975482][ T6522] WARNING: CPU: 0 PID: 6522 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 51.172953][ T6522] Modules linked in: [ 51.174108][ T6522] CPU: 0 UID: 0 PID: 6522 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.177702][ T6522] Tainted: [W]=WARN [ 51.178755][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.181583][ T6522] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 51.183809][ T6522] pc : vma_merge_existing_range+0x14a8/0x1964 [ 51.185593][ T6522] lr : vma_merge_existing_range+0x14a8/0x1964 [ 51.187324][ T6522] sp : ffff8000a44f7910 [ 51.188481][ T6522] x29: ffff8000a44f7990 x28: dfff800000000000 x27: 0000000000000001 [ 51.190779][ T6522] x26: 0000000020000000 x25: ffff8000a44f7a80 x24: 0000000020000000 [ 51.193086][ T6522] x23: 1ffff0001489ef50 x22: ffff0000ce842140 x21: 0000000020800000 [ 51.195374][ T6522] x20: ffff0000ce842140 x19: ffff8000a44f7a60 x18: 0000000000000000 [ 51.197652][ T6522] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 51.199923][ T6522] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 51.202259][ T6522] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 51.204527][ T6522] x8 : ffff0000cb16bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.206809][ T6522] x5 : ffff8000a44f6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 51.209094][ T6522] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 51.211296][ T6522] Call trace: [ 51.212225][ T6522] vma_merge_existing_range+0x14a8/0x1964 (P) [ 51.213948][ T6522] vma_modify+0x7c/0x424 [ 51.215149][ T6522] vma_modify_flags+0x18c/0x1dc [ 51.216559][ T6522] mlock_fixup+0x18c/0x2c4 [ 51.217845][ T6522] apply_mlockall_flags+0x290/0x344 [ 51.219312][ T6522] __arm64_sys_munlockall+0x11c/0x238 [ 51.220899][ T6522] invoke_syscall+0x98/0x2b8 [ 51.222216][ T6522] el0_svc_common+0x130/0x23c [ 51.223657][ T6522] do_el0_svc+0x48/0x58 [ 51.224875][ T6522] el0_svc+0x58/0x17c [ 51.226059][ T6522] el0t_64_sync_handler+0x78/0x108 [ 51.227551][ T6522] el0t_64_sync+0x198/0x19c [ 51.228995][ T6522] irq event stamp: 14504 [ 51.230237][ T6522] hardirqs last enabled at (14503): [] __console_unlock+0x70/0xc4 [ 51.232935][ T6522] hardirqs last disabled at (14504): [] el1_dbg+0x24/0x80 [ 51.235435][ T6522] softirqs last enabled at (13040): [] handle_softirqs+0xaf8/0xc88 [ 51.238141][ T6522] softirqs last disabled at (12567): [] __do_softirq+0x14/0x20 [ 51.240764][ T6522] ---[ end trace 0000000000000000 ]--- executing program [ 51.313476][ T6523] FAULT_INJECTION: forcing a failure. [ 51.313476][ T6523] name failslab, interval 1, probability 0, space 0, times 0 [ 51.313557][ T652 ** replaying previous printk message ** [ 51.313557][ T6523] CPU: 0 UID: 0 PID: 6523 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.313575][ T6523] Tainted: [W]=WARN [ 51.313580][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.313587][ T6523] Call trace: [ 51.313592][ T6523] show_stack+0x2c/0x3c (C) [ 51.313609][ T6523] __dump_stack+0x30/0x40 [ 51.313620][ T6523] dump_stack_lvl+0xd8/0x12c [ 51.313631][ T6523] dump_stack+0x1c/0x28 [ 51.313640][ T6523] should_fail_ex+0x41c/0x594 [ 51.313653][ T6523] should_failslab+0xc0/0x128 [ 51.313666][ T6523] kmem_cache_alloc_noprof+0x80/0x3e8 [ 51.313682][ T6523] mas_alloc_nodes+0x268/0x788 [ 51.313695][ T6523] mas_preallocate+0x4b0/0x778 [ 51.313707][ T6523] commit_merge+0x1a4/0x5b0 [ 51.313720][ T6523] vma_merge_existing_range+0x1388/0x1964 [ 51.313734][ T6523] vma_modify+0x7c/0x424 [ 51.313747][ T6523] vma_modify_flags+0x18c/0x1dc [ 51.313759][ T6523] mlock_fixup+0x18c/0x2c4 [ 51.313772][ T6523] apply_mlockall_flags+0x290/0x344 [ 51.313783][ T6523] __arm64_sys_munlockall+0x11c/0x238 [ 51.313795][ T6523] invoke_syscall+0x98/0x2b8 [ 51.313806][ T6523] el0_svc_common+0x130/0x23c [ 51.313821][ T6523] do_el0_svc+0x48/0x58 [ 51.313832][ T6523] el0_svc+0x58/0x17c [ 51.313855][ T6523] el0t_64_sync_handler+0x78/0x108 [ 51.313868][ T6523] el0t_64_sync+0x198/0x19c [ 51.315742][ T6523] vmg ffff8000a44e7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 51.315778][ T6523] vmg ffff8000a44e7a60 state: mm ffff0000c98bee80 pgoff 20000 [ 51.315778][ T6523] vmi ffff8000a44e7c40 [20000000,20800000) [ 51.315778][ T6523] prev ffff0000d0202000 middle ffff0000d0202000 next 0000000000000000 target 0000000000000000 [ 51.315778][ T6523] start 20000000 end 20800000 flags 100077 [ 51.315778][ T6523] file 0000000000000000 anon_vma ffff0000cb4b2660 policy 0000000000000000 [ 51.315778][ T6523] uffd_ctx 0000000000000000 [ 51.315778][ T6523] anon_name 0000000000000000 [ 51.315778][ T6523] state 0 [ 51.315778][ T6523] just_expand 0 [ 51.315778][ T6523] __adjust_middle_start 0 __adjust_next_start 0 [ 51.315778][ T6523] __remove_middle 0 __remove_next 0 [ 51.315841][ T6523] vmg ffff8000a44e7a60 mm: [ 51.315859][ T6523] mm ffff0000c98bee80 task_size 281474976710656 [ 51.315859][ T6523] mmap_base 281473604251648 mmap_legacy_base 0 [ 51.315859][ T6523] pgd ffff0000d01f0000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 51.315859][ T6523] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 51.315859][ T6523] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 51.315859][ T6523] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 51.315859][ T6523] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 51.315859][ T6523] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 51.315859][ T6523] binfmt ffff80008f670700 flags 8000008d [ 51.315859][ T6523] ioctx_table 0000000000000000 [ 51.315859][ T6523] owner ffff0000cb16db80 exe_file ffff0000c7dbce00 [ 51.315859][ T6523] notifier_subscriptions 0000000000000000 [ 51.315859][ T6523] numa_next_scan 4294942483 numa_scan_offset 0 numa_scan_seq 0 [ 51.315859][ T6523] tlb_flush_pending 0 [ 51.315859][ T6523] def_flags: 0x0() [ 51.315944][ T6523] vmg ffff8000a44e7a60 prev: [ 51.315961][ T6523] vma ffff0000d0202000 start 0000000020000000 end 0000000020800000 mm ffff0000c98bee80 [ 51.315961][ T6523] prot 20000000000fc3 anon_vma ffff0000cb4b2660 vm_ops 0000000000000000 [ 51.315961][ T6523] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.315961][ T6523] refcnt 1 [ 51.315961][ T6523] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.316002][ T6523] vmg ffff8000a44e7a60 middle: [ 51.316020][ T6523] vma ffff0000d0202000 start 0000000020000000 end 0000000020800000 mm ffff0000c98bee80 [ 51.316020][ T6523] prot 20000000000fc3 anon_vma ffff0000cb4b2660 vm_ops 0000000000000000 [ 51.316020][ T6523] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.316020][ T6523] refcnt 1 [ 51.316020][ T6523] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.316058][ T6523] vmg ffff8000a44e7a60 next: (NULL) [ 51.316076][ T6523] vmg ffff8000a44e7a60 vmi: [ 51.316098][ T6523] MAS: tree=ffff0000c98beec0 enode=ffff0000c81dda0c [ 51.316111][ T6523] (ma_active) [ 51.316126][ T6523] Store Type: [ 51.316142][ T6523] node_store [ 51.316164][ T6523] [2/10] index=20000000 last=207fffff [ 51.316184][ T6523] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 51.316206][ T6523] maple_tree(ffff0000c98beec0) flags 30B, height 2 root ffff0000c77ffa1e [ 51.316234][ T6523] 0-ffffffffffffffff: node ffff0000c77ffa00 depth 0 type 3 parent ffff0000c98beec1 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c81dda0c FFFFAE30FFFF ffff0000cd7e780c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 51.316491][ T6523] 0-ffffae30ffff: node ffff0000c81dda00 depth 1 type 1 parent ffff0000c77ffa06 contents: 0000000000000000 1FFFEFFF ffff0000ce842dc0 1FFFFFFF ffff0000d0202000 207FFFFF ffff0000c9773a00 20FFFFFF ffff0000d0202140 21000FFF 0000000000000000 AAAACA222FFF ffff0000d0202280 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000d02023c0 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000d0202500 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 51.316724][ T6523] 0-1fffefff: 0000000000000000 [ 51.316752][ T6523] 1ffff000-1fffffff: ffff0000ce842dc0 [ 51.316781][ T6523] 20000000-207fffff: ffff0000d0202000 [ 51.316810][ T6523] 20800000-20ffffff: ffff0000c9773a00 [ 51.316843][ T6523] 21000000-21000fff: ffff0000d0202140 [ 51.316871][ T6523] 21001000-aaaaca222fff: 0000000000000000 [ 51.316904][ T6523] aaaaca223000-aaaaca244fff: ffff0000d0202280 [ 51.316933][ T6523] aaaaca245000-ffffae26ffff: 0000000000000000 [ 51.316962][ T6523] ffffae270000-ffffae2fbfff: ffff0000d02023c0 [ 51.316991][ T6523] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 51.317020][ T6523] ffffae30c000-ffffae30ffff: ffff0000d0202500 [ 51.317053][ T6523] ffffae310000-ffffffffffffffff: node ffff0000cd7e7800 depth 1 type 1 parent ffff0000c77ffa0e contents: ffff0000d0202640 FFFFAE312FFF ffff0000d0202780 FFFFAE318FFF ffff0000d02028c0 FFFFAE31CFFF ffff0000d0202a00 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000d0202b40 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 51.317273][ T6523] ffffae310000-ffffae312fff: ffff0000d0202640 [ 51.317303][ T6523] ffffae313000-ffffae318fff: ffff0000d0202780 [ 51.317332][ T6523] ffffae319000-ffffae31cfff: ffff0000d02028c0 [ 51.317362][ T6523] ffffae31d000-ffffae31efff: ffff0000d0202a00 [ 51.317394][ T6523] ffffae31f000-fffff3038fff: 0000000000000000 [ 51.317423][ T6523] fffff3039000-fffff3059fff: ffff0000d0202b40 [ 51.317453][ T6523] fffff305a000-ffffffffffffffff: 0000000000000000 [ 51.317588][ T6523] ------------[ cut here ]------------ [ 51.317601][ T6523] WARNING: CPU: 0 PID: 6523 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 51.511010][ T6523] Modules linked in: [ 51.512121][ T6523] CPU: 0 UID: 0 PID: 6523 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.515733][ T6523] Tainted: [W]=WARN [ 51.516803][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.519675][ T6523] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 51.521826][ T6523] pc : vma_merge_existing_range+0x14a8/0x1964 [ 51.523507][ T6523] lr : vma_merge_existing_range+0x14a8/0x1964 [ 51.525227][ T6523] sp : ffff8000a44e7910 [ 51.526452][ T6523] x29: ffff8000a44e7990 x28: dfff800000000000 x27: 0000000000000001 [ 51.528797][ T6523] x26: 0000000020000000 x25: ffff8000a44e7a80 x24: 0000000020000000 [ 51.531027][ T6523] x23: 1ffff0001489cf50 x22: ffff0000d0202000 x21: 0000000020800000 [ 51.533260][ T6523] x20: ffff0000d0202000 x19: ffff8000a44e7a60 x18: 0000000000000000 [ 51.535450][ T6523] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 51.537643][ T6523] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 51.539861][ T6523] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 51.542077][ T6523] x8 : ffff0000cb16db80 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.544291][ T6523] x5 : ffff8000a44e6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 51.546502][ T6523] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 51.548741][ T6523] Call trace: [ 51.549662][ T6523] vma_merge_existing_range+0x14a8/0x1964 (P) [ 51.551414][ T6523] vma_modify+0x7c/0x424 [ 51.552605][ T6523] vma_modify_flags+0x18c/0x1dc [ 51.554055][ T6523] mlock_fixup+0x18c/0x2c4 [ 51.555322][ T6523] apply_mlockall_flags+0x290/0x344 [ 51.556795][ T6523] __arm64_sys_munlockall+0x11c/0x238 [ 51.558293][ T6523] invoke_syscall+0x98/0x2b8 [ 51.559599][ T6523] el0_svc_common+0x130/0x23c [ 51.560946][ T6523] do_el0_svc+0x48/0x58 [ 51.562101][ T6523] el0_svc+0x58/0x17c [ 51.563224][ T6523] el0t_64_sync_handler+0x78/0x108 [ 51.564703][ T6523] el0t_64_sync+0x198/0x19c [ 51.566017][ T6523] irq event stamp: 14188 [ 51.567226][ T6523] hardirqs last enabled at (14187): [] __console_unlock+0x70/0xc4 [ 51.569922][ T6523] hardirqs last disabled at (14188): [] el1_dbg+0x24/0x80 [ 51.572578][ T6523] softirqs last enabled at (12504): [] handle_softirqs+0xaf8/0xc88 [ 51.575233][ T6523] softirqs last disabled at (12495): [] __do_softirq+0x14/0x20 [ 51.577843][ T6523] ---[ end trace 0000000000000000 ]--- executing program [ 51.647411][ T6524] FAULT_INJECTION: forcing a failure. [ 51.647411][ T6524] name failsla ** replaying previous printk message ** [ 51.647411][ T6524] FAULT_INJECTION: forcing a failure. [ 51.647411][ T6524] name failslab, interval 1, probability 0, space 0, times 0 [ 51.647481][ T6524] CPU: 0 UID: 0 PID: 6524 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.647498][ T6524] Tainted: [W]=WARN [ 51.647502][ T6524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.647509][ T6524] Call trace: [ 51.647514][ T6524] show_stack+0x2c/0x3c (C) [ 51.647532][ T6524] __dump_stack+0x30/0x40 [ 51.647552][ T6524] dump_stack_lvl+0xd8/0x12c [ 51.647562][ T6524] dump_stack+0x1c/0x28 [ 51.647572][ T6524] should_fail_ex+0x41c/0x594 [ 51.647584][ T6524] should_failslab+0xc0/0x128 [ 51.647598][ T6524] kmem_cache_alloc_noprof+0x80/0x3e8 [ 51.647613][ T6524] mas_alloc_nodes+0x268/0x788 [ 51.647626][ T6524] mas_preallocate+0x4b0/0x778 [ 51.647638][ T6524] commit_merge+0x1a4/0x5b0 [ 51.647651][ T6524] vma_merge_existing_range+0x1388/0x1964 [ 51.647665][ T6524] vma_modify+0x7c/0x424 [ 51.647678][ T6524] vma_modify_flags+0x18c/0x1dc [ 51.647691][ T6524] mlock_fixup+0x18c/0x2c4 [ 51.647703][ T6524] apply_mlockall_flags+0x290/0x344 [ 51.647714][ T6524] __arm64_sys_munlockall+0x11c/0x238 [ 51.647726][ T6524] invoke_syscall+0x98/0x2b8 [ 51.647745][ T6524] el0_svc_common+0x130/0x23c [ 51.647756][ T6524] do_el0_svc+0x48/0x58 [ 51.647766][ T6524] el0_svc+0x58/0x17c [ 51.647779][ T6524] el0t_64_sync_handler+0x78/0x108 [ 51.647792][ T6524] el0t_64_sync+0x198/0x19c [ 51.647809][ T6524] vmg ffff8000a44e7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 51.648003][ T6524] vmg ffff8000a44e7a60 state: mm ffff0000c98bf700 pgoff 20000 [ 51.648003][ T6524] vmi ffff8000a44e7c40 [20000000,20800000) [ 51.648003][ T6524] prev ffff0000d0202dc0 middle ffff0000d0202dc0 next 0000000000000000 target 0000000000000000 [ 51.648003][ T6524] start 20000000 end 20800000 flags 100077 [ 51.648003][ T6524] file 0000000000000000 anon_vma ffff0000cb4b2880 policy 0000000000000000 [ 51.648003][ T6524] uffd_ctx 0000000000000000 [ 51.648003][ T6524] anon_name 0000000000000000 [ 51.648003][ T6524] state 0 [ 51.648003][ T6524] just_expand 0 [ 51.648003][ T6524] __adjust_middle_start 0 __adjust_next_start 0 [ 51.648003][ T6524] __remove_middle 0 __remove_next 0 [ 51.648064][ T6524] vmg ffff8000a44e7a60 mm: [ 51.648082][ T6524] mm ffff0000c98bf700 task_size 281474976710656 [ 51.648082][ T6524] mmap_base 281473604251648 mmap_legacy_base 0 [ 51.648082][ T6524] pgd ffff0000d01f0000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 51.648082][ T6524] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 51.648082][ T6524] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 51.648082][ T6524] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 51.648082][ T6524] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 51.648082][ T6524] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 51.648082][ T6524] binfmt ffff80008f670700 flags 8000008d [ 51.648082][ T6524] ioctx_table 0000000000000000 [ 51.648082][ T6524] owner ffff0000cb828000 exe_file ffff0000c7dbce00 [ 51.648082][ T6524] notifier_subscriptions 0000000000000000 [ 51.648082][ T6524] numa_next_scan 4294942517 numa_scan_offset 0 numa_scan_seq 0 [ 51.648082][ T6524] tlb_flush_pending 0 [ 51.648082][ T6524] def_flags: 0x0() [ 51.648161][ T6524] vmg ffff8000a44e7a60 prev: [ 51.648179][ T6524] vma ffff0000d0202dc0 start 0000000020000000 end 0000000020800000 mm ffff0000c98bf700 [ 51.648179][ T6524] prot 20000000000fc3 anon_vma ffff0000cb4b2880 vm_ops 0000000000000000 [ 51.648179][ T6524] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.648179][ T6524] refcnt 1 [ 51.648179][ T6524] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.648224][ T6524] vmg ffff8000a44e7a60 middle: [ 51.648242][ T6524] vma ffff0000d0202dc0 start 0000000020000000 end 0000000020800000 mm ffff0000c98bf700 [ 51.648242][ T6524] prot 20000000000fc3 anon_vma ffff0000cb4b2880 vm_ops 0000000000000000 [ 51.648242][ T6524] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.648242][ T6524] refcnt 1 [ 51.648242][ T6524] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.648281][ T6524] vmg ffff8000a44e7a60 next: (NULL) [ 51.648299][ T6524] vmg ffff8000a44e7a60 vmi: [ 51.648316][ T6524] MAS: tree=ffff0000c98bf740 enode=ffff0000d4c1900c [ 51.648329][ T6524] (ma_active) [ 51.648344][ T6524] Store Type: [ 51.648360][ T6524] node_store [ 51.648386][ T6524] [2/10] index=20000000 last=207fffff [ 51.648407][ T6524] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 51.648429][ T6524] maple_tree(ffff0000c98bf740) flags 30B, height 2 root ffff0000cd7e701e [ 51.648451][ T6524] 0-ffffffffffffffff: node ffff0000cd7e7000 depth 0 type 3 parent ffff0000c98bf741 contents: aaaaa9222000 ffff00000cfa6000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d4c1900c FFFFAE30FFFF ffff0000cd7e740c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 51.648715][ T6524] 0-ffffae30ffff: node ffff0000d4c19000 depth 1 type 1 parent ffff0000cd7e7006 contents: 0000000000000000 1FFFEFFF ffff0000d0202c80 1FFFFFFF ffff0000d0202dc0 207FFFFF ffff0000c9773c80 20FFFFFF ffff0000c6465000 21000FFF 0000000000000000 AAAACA222FFF ffff0000c6465140 AAAACA244FFF 0000000000000000 FFFFAE26FFFF ffff0000c6465280 FFFFAE2FBFFF 0000000000000000 FFFFAE30BFFF ffff0000c64653c0 FFFFAE30FFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 51.648949][ T6524] 0-1fffefff: 0000000000000000 [ 51.648978][ T6524] 1ffff000-1fffffff: ffff0000d0202c80 [ 51.649007][ T6524] 20000000-207fffff: ffff0000d0202dc0 [ 51.649036][ T6524] 20800000-20ffffff: ffff0000c9773c80 [ 51.649069][ T6524] 21000000-21000fff: ffff0000c6465000 [ 51.649098][ T6524] 21001000-aaaaca222fff: 0000000000000000 [ 51.649126][ T6524] aaaaca223000-aaaaca244fff: ffff0000c6465140 [ 51.649155][ T6524] aaaaca245000-ffffae26ffff: 0000000000000000 [ 51.649184][ T6524] ffffae270000-ffffae2fbfff: ffff0000c6465280 [ 51.649217][ T6524] ffffae2fc000-ffffae30bfff: 0000000000000000 [ 51.649246][ T6524] ffffae30c000-ffffae30ffff: ffff0000c64653c0 [ 51.649275][ T6524] ffffae310000-ffffffffffffffff: node ffff0000cd7e7400 depth 1 type 1 parent ffff0000cd7e700e contents: ffff0000c6465500 FFFFAE312FFF ffff0000c6465640 FFFFAE318FFF ffff0000c6465780 FFFFAE31CFFF ffff0000c64658c0 FFFFAE31EFFF 0000000000000000 FFFFF3038FFF ffff0000c6465a00 FFFFF3059FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 51.649495][ T6524] ffffae310000-ffffae312fff: ffff0000c6465500 [ 51.649525][ T6524] ffffae313000-ffffae318fff: ffff0000c6465640 [ 51.649558][ T6524] ffffae319000-ffffae31cfff: ffff0000c6465780 [ 51.649587][ T6524] ffffae31d000-ffffae31efff: ffff0000c64658c0 [ 51.649617][ T6524] ffffae31f000-fffff3038fff: 0000000000000000 [ 51.649645][ T6524] fffff3039000-fffff3059fff: ffff0000c6465a00 [ 51.649675][ T6524] fffff305a000-ffffffffffffffff: 0000000000000000 [ 51.649802][ T6524] ------------[ cut here ]------------ [ 51.649815][ T6524] WARNING: CPU: 0 PID: 6524 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 51.845165][ T6524] Modules linked in: [ 51.846246][ T6524] CPU: 0 UID: 0 PID: 6524 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.849906][ T6524] Tainted: [W]=WARN [ 51.850959][ T6524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.853701][ T6524] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 51.855884][ T6524] pc : vma_merge_existing_range+0x14a8/0x1964 [ 51.857599][ T6524] lr : vma_merge_existing_range+0x14a8/0x1964 [ 51.859252][ T6524] sp : ffff8000a44e7910 [ 51.860417][ T6524] x29: ffff8000a44e7990 x28: dfff800000000000 x27: 0000000000000001 [ 51.862602][ T6524] x26: 0000000020000000 x25: ffff8000a44e7a80 x24: 0000000020000000 [ 51.864797][ T6524] x23: 1ffff0001489cf50 x22: ffff0000d0202dc0 x21: 0000000020800000 [ 51.867042][ T6524] x20: ffff0000d0202dc0 x19: ffff8000a44e7a60 x18: 0000000000000000 [ 51.869320][ T6524] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 51.871543][ T6524] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 51.873803][ T6524] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 51.876069][ T6524] x8 : ffff0000cb828000 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.878304][ T6524] x5 : ffff8000a44e6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 51.880573][ T6524] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 51.882886][ T6524] Call trace: [ 51.883754][ T6524] vma_merge_existing_range+0x14a8/0x1964 (P) [ 51.885488][ T6524] vma_modify+0x7c/0x424 [ 51.886678][ T6524] vma_modify_flags+0x18c/0x1dc [ 51.888006][ T6524] mlock_fixup+0x18c/0x2c4 [ 51.889258][ T6524] apply_mlockall_flags+0x290/0x344 [ 51.890760][ T6524] __arm64_sys_munlockall+0x11c/0x238 [ 51.892224][ T6524] invoke_syscall+0x98/0x2b8 [ 51.893513][ T6524] el0_svc_common+0x130/0x23c [ 51.894862][ T6524] do_el0_svc+0x48/0x58 [ 51.896042][ T6524] el0_svc+0x58/0x17c [ 51.897169][ T6524] el0t_64_sync_handler+0x78/0x108 [ 51.898600][ T6524] el0t_64_sync+0x198/0x19c [ 51.899846][ T6524] irq event stamp: 13998 [ 51.901061][ T6524] hardirqs last enabled at (13997): [] __console_unlock+0x70/0xc4 [ 51.903808][ T6524] hardirqs last disabled at (13998): [] el1_dbg+0x24/0x80 [ 51.906290][ T6524] softirqs last enabled at (11140): [] handle_softirqs+0xaf8/0xc88 [ 51.908980][ T6524] softirqs last disabled at (11131): [] __do_softirq+0x14/0x20 [ 51.911503][ T6524] ---[ end trace 0000000000000000 ]--- executing program [ 51.980768][ T6525] FAULT_INJECTION: forcing a failure. [ 51.980768][ T6525] name failslab ** replaying previous printk message ** [ 51.980768][ T6525] FAULT_INJECTION: forcing a failure. [ 51.980768][ T6525] name failslab, interval 1, probability 0, space 0, times 0 [ 51.980839][ T6525] CPU: 0 UID: 0 PID: 6525 Comm: syz-executor403 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 51.980855][ T6525] Tainted: [W]=WARN [ 51.980860][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 51.980868][ T6525] Call trace: [ 51.980872][ T6525] show_stack+0x2c/0x3c (C) [ 51.980889][ T6525] __dump_stack+0x30/0x40 [ 51.980900][ T6525] dump_stack_lvl+0xd8/0x12c [ 51.980910][ T6525] dump_stack+0x1c/0x28 [ 51.980920][ T6525] should_fail_ex+0x41c/0x594 [ 51.980932][ T6525] should_failslab+0xc0/0x128 [ 51.980945][ T6525] kmem_cache_alloc_noprof+0x80/0x3e8 [ 51.980959][ T6525] mas_alloc_nodes+0x268/0x788 [ 51.980973][ T6525] mas_preallocate+0x4b0/0x778 [ 51.980984][ T6525] commit_merge+0x1a4/0x5b0 [ 51.980997][ T6525] vma_merge_existing_range+0x1388/0x1964 [ 51.981011][ T6525] vma_modify+0x7c/0x424 [ 51.981023][ T6525] vma_modify_flags+0x18c/0x1dc [ 51.981036][ T6525] mlock_fixup+0x18c/0x2c4 [ 51.981048][ T6525] apply_mlockall_flags+0x290/0x344 [ 51.981059][ T6525] __arm64_sys_munlockall+0x11c/0x238 [ 51.981070][ T6525] invoke_syscall+0x98/0x2b8 [ 51.981081][ T6525] el0_svc_common+0x130/0x23c [ 51.981091][ T6525] do_el0_svc+0x48/0x58 [ 51.981101][ T6525] el0_svc+0x58/0x17c [ 51.981114][ T6525] el0t_64_sync_handler+0x78/0x108 [ 51.981127][ T6525] el0t_64_sync+0x198/0x19c [ 51.981143][ T6525] vmg ffff8000a44d7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 51.981326][ T6525] vmg ffff8000a44d7a60 state: mm ffff0000da0c0000 pgoff 20000 [ 51.981326][ T6525] vmi ffff8000a44d7c40 [20000000,20800000) [ 51.981326][ T6525] prev ffff0000c6465c80 middle ffff0000c6465c80 next 0000000000000000 target 0000000000000000 [ 51.981326][ T6525] start 20000000 end 20800000 flags 100077 [ 51.981326][ T6525] file 0000000000000000 anon_vma ffff0000cb4b2aa0 policy 0000000000000000 [ 51.981326][ T6525] uffd_ctx 0000000000000000 [ 51.981326][ T6525] anon_name 0000000000000000 [ 51.981326][ T6525] state 0 [ 51.981326][ T6525] just_expand 0 [ 51.981326][ T6525] __adjust_middle_start 0 __adjust_next_start 0 [ 51.981326][ T6525] __remove_middle 0 __remove_next 0 [ 51.981379][ T6525] vmg ffff8000a44d7a60 mm: [ 51.981397][ T6525] mm ffff0000da0c0000 task_size 281474976710656 [ 51.981397][ T6525] mmap_base 281473604251648 mmap_legacy_base 0 [ 51.981397][ T6525] pgd ffff0000cd792000 mm_users 1 mm_count 1 pgtables_bytes 57344 map_count 12 [ 51.981397][ T6525] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 51.981397][ T6525] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 51.981397][ T6525] start_code ffffae270000 end_code ffffae2fba28 start_data ffffae30c5c0 end_data ffffae3120e8 [ 51.981397][ T6525] start_brk aaaaca223000 brk aaaaca245000 start_stack fffff30592b0 [ 51.981397][ T6525] arg_start fffff3059efc arg_end fffff3059f14 env_start fffff3059f14 env_end fffff3059fe0 [ 51.981397][ T6525] binfmt ffff80008f670700 flags 8000008d [ 51.981397][ T6525] ioctx_table 0000000000000000 [ 51.981397][ T6525] owner ffff0000cb829e80 exe_file ffff0000c7dbce00 [ 51.981397][ T6525] notifier_subscriptions 0000000000000000 [ 51.981397][ T6525] numa_next_scan 4294942550 numa_scan_offset 0 numa_scan_seq 0 [ 51.981397][ T6525] tlb_flush_pending 0 [ 51.981397][ T6525] def_flags: 0x0() [ 51.981477][ T6525] vmg ffff8000a44d7a60 prev: [ 51.981495][ T6525] vma ffff0000c6465c80 start 0000000020000000 end 0000000020800000 mm ffff0000da0c0000 [ 51.981495][ T6525] prot 20000000000fc3 anon_vma ffff0000cb4b2aa0 vm_ops 0000000000000000 [ 51.981495][ T6525] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.981495][ T6525] refcnt 1 [ 51.981495][ T6525] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.981542][ T6525] vmg ffff8000a44d7a60 middle: [ 51.981561][ T6525] vma ffff0000c6465c80 start 0000000020000000 end 0000000020800000 mm ffff0000da0c0000 [ 51.981561][ T6525] prot 20000000000fc3 anon_vma ffff0000cb4b2aa0 vm_ops 0000000000000000 [ 51.981561][ T6525] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 51.981561][ T6525] refcnt 1 [ 51.981561][ T6525] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 51.981600][ T6525] vmg ffff8000a44d7a60 next: (NULL) [ 51.981617][ T6525] vmg ffff8000a44d7a60 vmi: [ 51.981634][ T6525] MAS: tree=ffff0000da0c0040 enode=ffff0000d99b560c [ 51.981647][ T6525] (ma_active) [ 51.981662][ T6525] Store Type: [ 51.981682][ T6525] node_store [ 51.981704][ T6525] [2/10] index=20000000 last=207fffff [ 51.981724][ T6525] min=0 max=ffffae30ffff alloc=0000000000000000, depth=1, flags=0 [ 51.981746][ T6525] maple_tree(ffff0000da0c0040) flags 30B, height 2 root ffff0000cd7e761e