Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts. executing program [ 34.948754][ T6489] loop0: detected capacity change from 0 to 8 [ 34.950253][ T6489] ======================================================= [ 34.950253][ T6489] WARNING: The mand mount option has been deprecated and [ 34.950253][ T6489] and is ignored by this kernel. Remove the mand [ 34.950253][ T6489] option from the mount to silence this warning. [ 34.950253][ T6489] ======================================================= [ 35.020680][ T6489] FAULT_INJECTION: forcing a failure. [ 35.020680][ T6489] name failslab, interval 1, probability 0, space 0, times 1 [ ** replaying previous printk message ** [ 35.020773][ T6489] CPU: 0 UID: 0 PID: 6489 Comm: syz-executor371 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.020789][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.020796][ T6489] Call trace: [ 35.020800][ T6489] show_stack+0x2c/0x3c (C) [ 35.020817][ T6489] __dump_stack+0x30/0x40 [ 35.020828][ T6489] dump_stack_lvl+0xd8/0x12c [ 35.020838][ T6489] dump_stack+0x1c/0x28 [ 35.020848][ T6489] should_fail_ex+0x41c/0x594 [ 35.020860][ T6489] should_failslab+0xc0/0x128 [ 35.020873][ T6489] kmem_cache_alloc_noprof+0x80/0x3e8 [ 35.020888][ T6489] mas_alloc_nodes+0x268/0x788 [ 35.020901][ T6489] mas_preallocate+0x4b0/0x778 [ 35.020913][ T6489] commit_merge+0x1a4/0x5b0 [ 35.020926][ T6489] vma_merge_existing_range+0x1388/0x1964 [ 35.020939][ T6489] vma_modify+0x7c/0x424 [ 35.020952][ T6489] vma_modify_flags+0x18c/0x1dc [ 35.020964][ T6489] mlock_fixup+0x18c/0x2c4 [ 35.020976][ T6489] apply_mlockall_flags+0x290/0x344 [ 35.020988][ T6489] __arm64_sys_munlockall+0x11c/0x238 [ 35.020999][ T6489] invoke_syscall+0x98/0x2b8 [ 35.021010][ T6489] el0_svc_common+0x130/0x23c [ 35.021020][ T6489] do_el0_svc+0x48/0x58 [ 35.021030][ T6489] el0_svc+0x58/0x17c [ 35.021043][ T6489] el0t_64_sync_handler+0x78/0x108 [ 35.021066][ T6489] el0t_64_sync+0x198/0x19c [ 35.022714][ T6489] vmg ffff8000a0d67a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 35.022742][ T6489] vmg ffff8000a0d67a60 state: mm ffff0000c8434c80 pgoff 20000 [ 35.022742][ T6489] vmi ffff8000a0d67c40 [20000000,20800000) [ 35.022742][ T6489] prev ffff0000c712ca00 middle ffff0000c712ca00 next 0000000000000000 target 0000000000000000 [ 35.022742][ T6489] start 20000000 end 20800000 flags 100077 [ 35.022742][ T6489] file 0000000000000000 anon_vma ffff0000ca502000 policy 0000000000000000 [ 35.022742][ T6489] uffd_ctx 0000000000000000 [ 35.022742][ T6489] anon_name 0000000000000000 [ 35.022742][ T6489] state 0 [ 35.022742][ T6489] just_expand 0 [ 35.022742][ T6489] __adjust_middle_start 0 __adjust_next_start 0 [ 35.022742][ T6489] __remove_middle 0 __remove_next 0 [ 35.022795][ T6489] vmg ffff8000a0d67a60 mm: [ 35.022813][ T6489] mm ffff0000c8434c80 task_size 281474976710656 [ 35.022813][ T6489] mmap_base 281473148436480 mmap_legacy_base 0 [ 35.022813][ T6489] pgd ffff0000c91db000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 35.022813][ T6489] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 35.022813][ T6489] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 35.022813][ T6489] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 35.022813][ T6489] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 35.022813][ T6489] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 35.022813][ T6489] binfmt ffff80008f670700 flags 8000008d [ 35.022813][ T6489] ioctx_table 0000000000000000 [ 35.022813][ T6489] owner ffff0000ca6a9e80 exe_file ffff0000d4cb41c0 [ 35.022813][ T6489] notifier_subscriptions 0000000000000000 [ 35.022813][ T6489] numa_next_scan 4294940851 numa_scan_offset 0 numa_scan_seq 0 [ 35.022813][ T6489] tlb_flush_pending 0 [ 35.022813][ T6489] def_flags: 0x0() [ 35.022899][ T6489] vmg ffff8000a0d67a60 prev: [ 35.022917][ T6489] vma ffff0000c712ca00 start 0000000020000000 end 0000000020800000 mm ffff0000c8434c80 [ 35.022917][ T6489] prot 20000000000fc3 anon_vma ffff0000ca502000 vm_ops 0000000000000000 [ 35.022917][ T6489] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.022917][ T6489] refcnt 1 [ 35.022917][ T6489] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.022956][ T6489] vmg ffff8000a0d67a60 middle: [ 35.022974][ T6489] vma ffff0000c712ca00 start 0000000020000000 end 0000000020800000 mm ffff0000c8434c80 [ 35.022974][ T6489] prot 20000000000fc3 anon_vma ffff0000ca502000 vm_ops 0000000000000000 [ 35.022974][ T6489] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.022974][ T6489] refcnt 1 [ 35.022974][ T6489] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.023016][ T6489] vmg ffff8000a0d67a60 next: (NULL) [ 35.023034][ T6489] vmg ffff8000a0d67a60 vmi: [ 35.023051][ T6489] MAS: tree=ffff0000c8434cc0 enode=ffff0000c8309c0c [ 35.023064][ T6489] (ma_active) [ 35.023079][ T6489] Store Type: [ 35.023094][ T6489] node_store [ 35.023116][ T6489] [2/10] index=20000000 last=207fffff [ 35.023140][ T6489] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 35.023162][ T6489] maple_tree(ffff0000c8434cc0) flags 30B, height 2 root ffff0000ca18241e [ 35.023184][ T6489] 0-ffffffffffffffff: node ffff0000ca182400 depth 0 type 3 parent ffff0000c8434cc1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c8309c0c FFFF93059FFF ffff0000ca18280c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 35.023450][ T6489] 0-ffff93059fff: node ffff0000c8309c00 depth 1 type 1 parent ffff0000ca182406 contents: 0000000000000000 1FFFEFFF ffff0000c712c8c0 1FFFFFFF ffff0000c712ca00 207FFFFF ffff0000dd177500 20FFFFFF ffff0000c712cb40 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c712cc80 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c712cdc0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000ca00b000 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 35.023676][ T6489] 0-1fffefff: 0000000000000000 [ 35.023704][ T6489] 1ffff000-1fffffff: ffff0000c712c8c0 [ 35.023733][ T6489] 20000000-207fffff: ffff0000c712ca00 [ 35.023762][ T6489] 20800000-20ffffff: ffff0000dd177500 [ 35.023794][ T6489] 21000000-21000fff: ffff0000c712cb40 [ 35.023823][ T6489] 21001000-aaaad5929fff: 0000000000000000 [ 35.023851][ T6489] aaaad592a000-aaaad594bfff: ffff0000c712cc80 [ 35.023881][ T6489] aaaad594c000-ffff92fbffff: 0000000000000000 [ 35.023909][ T6489] ffff92fc0000-ffff9304bfff: ffff0000c712cdc0 [ 35.023938][ T6489] ffff9304c000-ffff93055fff: 0000000000000000 [ 35.023971][ T6489] ffff93056000-ffff93059fff: ffff0000ca00b000 [ 35.024000][ T6489] ffff9305a000-ffffffffffffffff: node ffff0000ca182800 depth 1 type 1 parent ffff0000ca18240e contents: ffff0000ca00b140 FFFF9305BFFF ffff0000ca00b280 FFFF9305FFFF ffff0000ca00b3c0 FFFF93062FFF ffff0000ca00b500 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000ca00b640 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 35.024219][ T6489] ffff9305a000-ffff9305bfff: ffff0000ca00b140 [ 35.024248][ T6489] ffff9305c000-ffff9305ffff: ffff0000ca00b280 [ 35.024285][ T6489] ffff93060000-ffff93062fff: ffff0000ca00b3c0 [ 35.024314][ T6489] ffff93063000-ffff93068fff: ffff0000ca00b500 [ 35.024343][ T6489] ffff93069000-ffffd1a12fff: 0000000000000000 [ 35.024380][ T6489] ffffd1a13000-ffffd1a33fff: ffff0000ca00b640 [ 35.024412][ T6489] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 35.024539][ T6489] ------------[ cut here ]------------ [ 35.024551][ T6489] WARNING: CPU: 0 PID: 6489 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 35.210818][ T6489] Modules linked in: [ 35.211911][ T6489] CPU: 0 UID: 0 PID: 6489 Comm: syz-executor371 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.214918][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.217654][ T6489] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.219853][ T6489] pc : vma_merge_existing_range+0x14a8/0x1964 [ 35.221487][ T6489] lr : vma_merge_existing_range+0x14a8/0x1964 [ 35.223179][ T6489] sp : ffff8000a0d67910 [ 35.224320][ T6489] x29: ffff8000a0d67990 x28: dfff800000000000 x27: 0000000000000001 [ 35.226454][ T6489] x26: 0000000020000000 x25: ffff8000a0d67a80 x24: 0000000020000000 [ 35.228598][ T6489] x23: 1ffff000141acf50 x22: ffff0000c712ca00 x21: 0000000020800000 [ 35.230863][ T6489] x20: ffff0000c712ca00 x19: ffff8000a0d67a60 x18: 00000000ffffffff [ 35.233090][ T6489] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 35.235225][ T6489] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 35.237354][ T6489] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 35.239524][ T6489] x8 : ffff0000ca6a9e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 35.241668][ T6489] x5 : ffff8000a0d66ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 35.243867][ T6489] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 35.246016][ T6489] Call trace: [ 35.247021][ T6489] vma_merge_existing_range+0x14a8/0x1964 (P) [ 35.248680][ T6489] vma_modify+0x7c/0x424 [ 35.249843][ T6489] vma_modify_flags+0x18c/0x1dc [ 35.251138][ T6489] mlock_fixup+0x18c/0x2c4 [ 35.252326][ T6489] apply_mlockall_flags+0x290/0x344 [ 35.253731][ T6489] __arm64_sys_munlockall+0x11c/0x238 [ 35.255239][ T6489] invoke_syscall+0x98/0x2b8 [ 35.256573][ T6489] el0_svc_common+0x130/0x23c [ 35.257918][ T6489] do_el0_svc+0x48/0x58 [ 35.259127][ T6489] el0_svc+0x58/0x17c [ 35.260259][ T6489] el0t_64_sync_handler+0x78/0x108 [ 35.261669][ T6489] el0t_64_sync+0x198/0x19c [ 35.262922][ T6489] irq event stamp: 15466 [ 35.264098][ T6489] hardirqs last enabled at (15465): [] __console_unlock+0x70/0xc4 [ 35.266854][ T6489] hardirqs last disabled at (15466): [] el1_dbg+0x24/0x80 [ 35.269304][ T6489] softirqs last enabled at (14694): [] handle_softirqs+0xaf8/0xc88 [ 35.271967][ T6489] softirqs last disabled at (14683): [] __do_softirq+0x14/0x20 [ 35.274663][ T6489] ---[ end trace 0000000000000000 ]--- executing program [ 35.344614][ T6491] FAULT_INJECTION: forcing a failure. [ 35.344614][ T6491] name failslab, interval 1, probability 0, space 0, times 0 [ 35.344682][ T6491] CPU: 0 UID: 0 PID: 6491 Comm: ** replaying previous printk message ** [ 35.344682][ T6491] CPU: 0 UID: 0 PID: 6491 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.344700][ T6491] Tainted: [W]=WARN [ 35.344705][ T6491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.344712][ T6491] Call trace: [ 35.344715][ T6491] show_stack+0x2c/0x3c (C) [ 35.344733][ T6491] __dump_stack+0x30/0x40 [ 35.344744][ T6491] dump_stack_lvl+0xd8/0x12c [ 35.344754][ T6491] dump_stack+0x1c/0x28 [ 35.344764][ T6491] should_fail_ex+0x41c/0x594 [ 35.344776][ T6491] should_failslab+0xc0/0x128 [ 35.344789][ T6491] kmem_cache_alloc_noprof+0x80/0x3e8 [ 35.344804][ T6491] mas_alloc_nodes+0x268/0x788 [ 35.344817][ T6491] mas_preallocate+0x4b0/0x778 [ 35.344829][ T6491] commit_merge+0x1a4/0x5b0 [ 35.344842][ T6491] vma_merge_existing_range+0x1388/0x1964 [ 35.344856][ T6491] vma_modify+0x7c/0x424 [ 35.344868][ T6491] vma_modify_flags+0x18c/0x1dc [ 35.344881][ T6491] mlock_fixup+0x18c/0x2c4 [ 35.344893][ T6491] apply_mlockall_flags+0x290/0x344 [ 35.344904][ T6491] __arm64_sys_munlockall+0x11c/0x238 [ 35.344915][ T6491] invoke_syscall+0x98/0x2b8 [ 35.344926][ T6491] el0_svc_common+0x130/0x23c [ 35.344936][ T6491] do_el0_svc+0x48/0x58 [ 35.344946][ T6491] el0_svc+0x58/0x17c [ 35.344959][ T6491] el0t_64_sync_handler+0x78/0x108 [ 35.344972][ T6491] el0t_64_sync+0x198/0x19c [ 35.347817][ T6491] vmg ffff8000a0d57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 35.347847][ T6491] vmg ffff8000a0d57a60 state: mm ffff0000c8435500 pgoff 20000 [ 35.347847][ T6491] vmi ffff8000a0d57c40 [20000000,20800000) [ 35.347847][ T6491] prev ffff0000d9bc5a00 middle ffff0000d9bc5a00 next 0000000000000000 target 0000000000000000 [ 35.347847][ T6491] start 20000000 end 20800000 flags 100077 [ 35.347847][ T6491] file 0000000000000000 anon_vma ffff0000dd175990 policy 0000000000000000 [ 35.347847][ T6491] uffd_ctx 0000000000000000 [ 35.347847][ T6491] anon_name 0000000000000000 [ 35.347847][ T6491] state 0 [ 35.347847][ T6491] just_expand 0 [ 35.347847][ T6491] __adjust_middle_start 0 __adjust_next_start 0 [ 35.347847][ T6491] __remove_middle 0 __remove_next 0 [ 35.347901][ T6491] vmg ffff8000a0d57a60 mm: [ 35.347919][ T6491] mm ffff0000c8435500 task_size 281474976710656 [ 35.347919][ T6491] mmap_base 281473148436480 mmap_legacy_base 0 [ 35.347919][ T6491] pgd ffff0000c6b63000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 35.347919][ T6491] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 35.347919][ T6491] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 35.347919][ T6491] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 35.347919][ T6491] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 35.347919][ T6491] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 35.347919][ T6491] binfmt ffff80008f670700 flags 8000008d [ 35.347919][ T6491] ioctx_table 0000000000000000 [ 35.347919][ T6491] owner ffff0000ca6abd00 exe_file ffff0000d4cb41c0 [ 35.347919][ T6491] notifier_subscriptions 0000000000000000 [ 35.347919][ T6491] numa_next_scan 4294940886 numa_scan_offset 0 numa_scan_seq 0 [ 35.347919][ T6491] tlb_flush_pending 0 [ 35.347919][ T6491] def_flags: 0x0() [ 35.347998][ T6491] vmg ffff8000a0d57a60 prev: [ 35.348016][ T6491] vma ffff0000d9bc5a00 start 0000000020000000 end 0000000020800000 mm ffff0000c8435500 [ 35.348016][ T6491] prot 20000000000fc3 anon_vma ffff0000dd175990 vm_ops 0000000000000000 [ 35.348016][ T6491] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.348016][ T6491] refcnt 1 [ 35.348016][ T6491] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.348056][ T6491] vmg ffff8000a0d57a60 middle: [ 35.348073][ T6491] vma ffff0000d9bc5a00 start 0000000020000000 end 0000000020800000 mm ffff0000c8435500 [ 35.348073][ T6491] prot 20000000000fc3 anon_vma ffff0000dd175990 vm_ops 0000000000000000 [ 35.348073][ T6491] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.348073][ T6491] refcnt 1 [ 35.348073][ T6491] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.348111][ T6491] vmg ffff8000a0d57a60 next: (NULL) [ 35.348129][ T6491] vmg ffff8000a0d57a60 vmi: [ 35.348146][ T6491] MAS: tree=ffff0000c8435540 enode=ffff0000c830960c [ 35.348159][ T6491] (ma_active) [ 35.348175][ T6491] Store Type: [ 35.348190][ T6491] node_store [ 35.348212][ T6491] [2/10] index=20000000 last=207fffff [ 35.348232][ T6491] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 35.348254][ T6491] maple_tree(ffff0000c8435540) flags 30B, height 2 root ffff0000c869c21e [ 35.348285][ T6491] 0-ffffffffffffffff: node ffff0000c869c200 depth 0 type 3 parent ffff0000c8435541 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c830960c FFFF93059FFF ffff0000c7bab00c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 35.348542][ T6491] 0-ffff93059fff: node ffff0000c8309600 depth 1 type 1 parent ffff0000c869c206 contents: 0000000000000000 1FFFEFFF ffff0000d9bc58c0 1FFFFFFF ffff0000d9bc5a00 207FFFFF ffff0000dd177780 20FFFFFF ffff0000d9bc5b40 21000FFF 0000000000000000 AAAAD5929FFF ffff0000d9bc5c80 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000d9bc5dc0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c7d01000 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 35.348760][ T6491] 0-1fffefff: 0000000000000000 [ 35.348788][ T6491] 1ffff000-1fffffff: ffff0000d9bc58c0 [ 35.348817][ T6491] 20000000-207fffff: ffff0000d9bc5a00 [ 35.348846][ T6491] 20800000-20ffffff: ffff0000dd177780 [ 35.348874][ T6491] 21000000-21000fff: ffff0000d9bc5b40 [ 35.348903][ T6491] 21001000-aaaad5929fff: 0000000000000000 [ 35.348932][ T6491] aaaad592a000-aaaad594bfff: ffff0000d9bc5c80 [ 35.348961][ T6491] aaaad594c000-ffff92fbffff: 0000000000000000 [ 35.348990][ T6491] ffff92fc0000-ffff9304bfff: ffff0000d9bc5dc0 [ 35.349019][ T6491] ffff9304c000-ffff93055fff: 0000000000000000 [ 35.349047][ T6491] ffff93056000-ffff93059fff: ffff0000c7d01000 [ 35.349077][ T6491] ffff9305a000-ffffffffffffffff: node ffff0000c7bab000 depth 1 type 1 parent ffff0000c869c20e contents: ffff0000c7d01140 FFFF9305BFFF ffff0000c7d01280 FFFF9305FFFF ffff0000c7d013c0 FFFF93062FFF ffff0000c7d01500 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c7d01640 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 35.349298][ T6491] ffff9305a000-ffff9305bfff: ffff0000c7d01140 [ 35.349327][ T6491] ffff9305c000-ffff9305ffff: ffff0000c7d01280 [ 35.349356][ T6491] ffff93060000-ffff93062fff: ffff0000c7d013c0 [ 35.349385][ T6491] ffff93063000-ffff93068fff: ffff0000c7d01500 [ 35.349415][ T6491] ffff93069000-ffffd1a12fff: 0000000000000000 [ 35.349443][ T6491] ffffd1a13000-ffffd1a33fff: ffff0000c7d01640 [ 35.349472][ T6491] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 35.349604][ T6491] ------------[ cut here ]------------ [ 35.349617][ T6491] WARNING: CPU: 0 PID: 6491 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 35.537157][ T6491] Modules linked in: [ 35.538236][ T6491] CPU: 0 UID: 0 PID: 6491 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.541791][ T6491] Tainted: [W]=WARN [ 35.542803][ T6491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.545496][ T6491] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.547589][ T6491] pc : vma_merge_existing_range+0x14a8/0x1964 [ 35.549237][ T6491] lr : vma_merge_existing_range+0x14a8/0x1964 [ 35.550912][ T6491] sp : ffff8000a0d57910 [ 35.552032][ T6491] x29: ffff8000a0d57990 x28: dfff800000000000 x27: 0000000000000001 [ 35.554109][ T6491] x26: 0000000020000000 x25: ffff8000a0d57a80 x24: 0000000020000000 [ 35.556377][ T6491] x23: 1ffff000141aaf50 x22: ffff0000d9bc5a00 x21: 0000000020800000 [ 35.558459][ T6491] x20: ffff0000d9bc5a00 x19: ffff8000a0d57a60 x18: 0000000000000000 [ 35.560604][ T6491] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 35.562798][ T6491] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 35.564981][ T6491] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 35.567180][ T6491] x8 : ffff0000ca6abd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 35.569339][ T6491] x5 : ffff8000a0d56ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 35.571523][ T6491] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 35.573723][ T6491] Call trace: [ 35.574593][ T6491] vma_merge_existing_range+0x14a8/0x1964 (P) [ 35.576253][ T6491] vma_modify+0x7c/0x424 [ 35.577434][ T6491] vma_modify_flags+0x18c/0x1dc [ 35.578837][ T6491] mlock_fixup+0x18c/0x2c4 [ 35.580026][ T6491] apply_mlockall_flags+0x290/0x344 [ 35.581475][ T6491] __arm64_sys_munlockall+0x11c/0x238 [ 35.582936][ T6491] invoke_syscall+0x98/0x2b8 [ 35.584209][ T6491] el0_svc_common+0x130/0x23c [ 35.585514][ T6491] do_el0_svc+0x48/0x58 [ 35.586620][ T6491] el0_svc+0x58/0x17c [ 35.587732][ T6491] el0t_64_sync_handler+0x78/0x108 [ 35.589146][ T6491] el0t_64_sync+0x198/0x19c [ 35.590371][ T6491] irq event stamp: 14508 [ 35.591535][ T6491] hardirqs last enabled at (14507): [] __console_unlock+0x70/0xc4 [ 35.594044][ T6491] hardirqs last disabled at (14508): [] el1_dbg+0x24/0x80 [ 35.596414][ T6491] softirqs last enabled at (10026): [] handle_softirqs+0xaf8/0xc88 [ 35.599011][ T6491] softirqs last disabled at (9505): [] __do_softirq+0x14/0x20 [ 35.601520][ T6491] ---[ end trace 0000000000000000 ]--- executing program [ 35.671677][ T6492] FAULT_INJECTION: forcing a failure. [ 35.671677][ T6492] name fail ** replaying previous printk message ** [ 35.671677][ T6492] FAULT_INJECTION: forcing a failure. [ 35.671677][ T6492] name failslab, interval 1, probability 0, space 0, times 0 [ 35.671747][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.671764][ T6492] Tainted: [W]=WARN [ 35.671768][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.671775][ T6492] Call trace: [ 35.671779][ T6492] show_stack+0x2c/0x3c (C) [ 35.671795][ T6492] __dump_stack+0x30/0x40 [ 35.671806][ T6492] dump_stack_lvl+0xd8/0x12c [ 35.671817][ T6492] dump_stack+0x1c/0x28 [ 35.671826][ T6492] should_fail_ex+0x41c/0x594 [ 35.671839][ T6492] should_failslab+0xc0/0x128 [ 35.671852][ T6492] kmem_cache_alloc_noprof+0x80/0x3e8 [ 35.671867][ T6492] mas_alloc_nodes+0x268/0x788 [ 35.671880][ T6492] mas_preallocate+0x4b0/0x778 [ 35.671892][ T6492] commit_merge+0x1a4/0x5b0 [ 35.671914][ T6492] vma_merge_existing_range+0x1388/0x1964 [ 35.671928][ T6492] vma_modify+0x7c/0x424 [ 35.671940][ T6492] vma_modify_flags+0x18c/0x1dc [ 35.671953][ T6492] mlock_fixup+0x18c/0x2c4 [ 35.671965][ T6492] apply_mlockall_flags+0x290/0x344 [ 35.671976][ T6492] __arm64_sys_munlockall+0x11c/0x238 [ 35.671988][ T6492] invoke_syscall+0x98/0x2b8 [ 35.671999][ T6492] el0_svc_common+0x130/0x23c [ 35.672009][ T6492] do_el0_svc+0x48/0x58 [ 35.672019][ T6492] el0_svc+0x58/0x17c [ 35.672033][ T6492] el0t_64_sync_handler+0x78/0x108 [ 35.672046][ T6492] el0t_64_sync+0x198/0x19c [ 35.672062][ T6492] vmg ffff8000a0d57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 35.672245][ T6492] vmg ffff8000a0d57a60 state: mm ffff0000c8435d80 pgoff 20000 [ 35.672245][ T6492] vmi ffff8000a0d57c40 [20000000,20800000) [ 35.672245][ T6492] prev ffff0000c7d018c0 middle ffff0000c7d018c0 next 0000000000000000 target 0000000000000000 [ 35.672245][ T6492] start 20000000 end 20800000 flags 100077 [ 35.672245][ T6492] file 0000000000000000 anon_vma ffff0000dd175bb0 policy 0000000000000000 [ 35.672245][ T6492] uffd_ctx 0000000000000000 [ 35.672245][ T6492] anon_name 0000000000000000 [ 35.672245][ T6492] state 0 [ 35.672245][ T6492] just_expand 0 [ 35.672245][ T6492] __adjust_middle_start 0 __adjust_next_start 0 [ 35.672245][ T6492] __remove_middle 0 __remove_next 0 [ 35.672305][ T6492] vmg ffff8000a0d57a60 mm: [ 35.672323][ T6492] mm ffff0000c8435d80 task_size 281474976710656 [ 35.672323][ T6492] mmap_base 281473148436480 mmap_legacy_base 0 [ 35.672323][ T6492] pgd ffff0000c6b63000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 35.672323][ T6492] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 35.672323][ T6492] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 35.672323][ T6492] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 35.672323][ T6492] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 35.672323][ T6492] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 35.672323][ T6492] binfmt ffff80008f670700 flags 8000008d [ 35.672323][ T6492] ioctx_table 0000000000000000 [ 35.672323][ T6492] owner ffff0000ca6adb80 exe_file ffff0000d4cb41c0 [ 35.672323][ T6492] notifier_subscriptions 0000000000000000 [ 35.672323][ T6492] numa_next_scan 4294940919 numa_scan_offset 0 numa_scan_seq 0 [ 35.672323][ T6492] tlb_flush_pending 0 [ 35.672323][ T6492] def_flags: 0x0() [ 35.672402][ T6492] vmg ffff8000a0d57a60 prev: [ 35.672419][ T6492] vma ffff0000c7d018c0 start 0000000020000000 end 0000000020800000 mm ffff0000c8435d80 [ 35.672419][ T6492] prot 20000000000fc3 anon_vma ffff0000dd175bb0 vm_ops 0000000000000000 [ 35.672419][ T6492] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.672419][ T6492] refcnt 1 [ 35.672419][ T6492] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.672459][ T6492] vmg ffff8000a0d57a60 middle: [ 35.672476][ T6492] vma ffff0000c7d018c0 start 0000000020000000 end 0000000020800000 mm ffff0000c8435d80 [ 35.672476][ T6492] prot 20000000000fc3 anon_vma ffff0000dd175bb0 vm_ops 0000000000000000 [ 35.672476][ T6492] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 35.672476][ T6492] refcnt 1 [ 35.672476][ T6492] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 35.672514][ T6492] vmg ffff8000a0d57a60 next: (NULL) [ 35.672531][ T6492] vmg ffff8000a0d57a60 vmi: [ 35.672548][ T6492] MAS: tree=ffff0000c8435dc0 enode=ffff0000c830820c [ 35.672561][ T6492] (ma_active) [ 35.672577][ T6492] Store Type: [ 35.672592][ T6492] node_store [ 35.672614][ T6492] [2/10] index=20000000 last=207fffff [ 35.672634][ T6492] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 35.672656][ T6492] maple_tree(ffff0000c8435dc0) flags 30B, height 2 root ffff0000c7baa01e [ 35.672677][ T6492] 0-ffffffffffffffff: node ffff0000c7baa000 depth 0 type 3 parent ffff0000c8435dc1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c830820c FFFF93059FFF ffff0000c7baa40c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 35.672933][ T6492] 0-ffff93059fff: node ffff0000c8308200 depth 1 type 1 parent ffff0000c7baa006 contents: 0000000000000000 1FFFEFFF ffff0000c7d01780 1FFFFFFF ffff0000c7d018c0 207FFFFF ffff0000dd177a00 20FFFFFF ffff0000c7d01a00 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c7d01b40 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c7d01c80 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c7d01dc0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 35.673150][ T6492] 0-1fffefff: 0000000000000000 [ 35.673178][ T6492] 1ffff000-1fffffff: ffff0000c7d01780 [ 35.673206][ T6492] 20000000-207fffff: ffff0000c7d018c0 [ 35.673235][ T6492] 20800000-20ffffff: ffff0000dd177a00 [ 35.673263][ T6492] 21000000-21000fff: ffff0000c7d01a00 [ 35.673297][ T6492] 21001000-aaaad5929fff: 0000000000000000 [ 35.673326][ T6492] aaaad592a000-aaaad594bfff: ffff0000c7d01b40 [ 35.673355][ T6492] aaaad594c000-ffff92fbffff: 0000000000000000 [ 35.673383][ T6492] ffff92fc0000-ffff9304bfff: ffff0000c7d01c80 [ 35.673412][ T6492] ffff9304c000-ffff93055fff: 0000000000000000 [ 35.673441][ T6492] ffff93056000-ffff93059fff: ffff0000c7d01dc0 [ 35.673470][ T6492] ffff9305a000-ffffffffffffffff: node ffff0000c7baa400 depth 1 type 1 parent ffff0000c7baa00e contents: ffff0000d1a38000 FFFF9305BFFF ffff0000d1a38140 FFFF9305FFFF ffff0000d1a38280 FFFF93062FFF ffff0000d1a383c0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000d1a38500 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 35.673684][ T6492] ffff9305a000-ffff9305bfff: ffff0000d1a38000 [ 35.673713][ T6492] ffff9305c000-ffff9305ffff: ffff0000d1a38140 [ 35.673742][ T6492] ffff93060000-ffff93062fff: ffff0000d1a38280 [ 35.673771][ T6492] ffff93063000-ffff93068fff: ffff0000d1a383c0 [ 35.673800][ T6492] ffff93069000-ffffd1a12fff: 0000000000000000 [ 35.673828][ T6492] ffffd1a13000-ffffd1a33fff: ffff0000d1a38500 [ 35.673858][ T6492] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 35.673993][ T6492] ------------[ cut here ]------------ [ 35.674006][ T6492] WARNING: CPU: 0 PID: 6492 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 35.863705][ T6492] Modules linked in: [ 35.864807][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.868346][ T6492] Tainted: [W]=WARN [ 35.869403][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.872096][ T6492] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.874312][ T6492] pc : vma_merge_existing_range+0x14a8/0x1964 [ 35.875940][ T6492] lr : vma_merge_existing_range+0x14a8/0x1964 [ 35.877509][ T6492] sp : ffff8000a0d57910 [ 35.878620][ T6492] x29: ffff8000a0d57990 x28: dfff800000000000 x27: 0000000000000001 [ 35.880809][ T6492] x26: 0000000020000000 x25: ffff8000a0d57a80 x24: 0000000020000000 [ 35.882986][ T6492] x23: 1ffff000141aaf50 x22: ffff0000c7d018c0 x21: 0000000020800000 [ 35.885164][ T6492] x20: ffff0000c7d018c0 x19: ffff8000a0d57a60 x18: 0000000000000000 [ 35.887252][ T6492] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 35.889482][ T6492] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 35.891772][ T6492] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 35.894059][ T6492] x8 : ffff0000ca6adb80 x7 : 0000000000000001 x6 : 0000000000000001 [ 35.896268][ T6492] x5 : ffff8000a0d56ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 35.898468][ T6492] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 35.900648][ T6492] Call trace: [ 35.901527][ T6492] vma_merge_existing_range+0x14a8/0x1964 (P) [ 35.903215][ T6492] vma_modify+0x7c/0x424 [ 35.904386][ T6492] vma_modify_flags+0x18c/0x1dc [ 35.905733][ T6492] mlock_fixup+0x18c/0x2c4 [ 35.906957][ T6492] apply_mlockall_flags+0x290/0x344 [ 35.908368][ T6492] __arm64_sys_munlockall+0x11c/0x238 [ 35.909817][ T6492] invoke_syscall+0x98/0x2b8 [ 35.911112][ T6492] el0_svc_common+0x130/0x23c [ 35.912387][ T6492] do_el0_svc+0x48/0x58 [ 35.913501][ T6492] el0_svc+0x58/0x17c [ 35.914573][ T6492] el0t_64_sync_handler+0x78/0x108 [ 35.915962][ T6492] el0t_64_sync+0x198/0x19c [ 35.917231][ T6492] irq event stamp: 14002 [ 35.918414][ T6492] hardirqs last enabled at (14001): [] __console_unlock+0x70/0xc4 [ 35.920953][ T6492] hardirqs last disabled at (14002): [] el1_dbg+0x24/0x80 [ 35.923438][ T6492] softirqs last enabled at (10230): [] handle_softirqs+0xaf8/0xc88 [ 35.926076][ T6492] softirqs last disabled at (10215): [] __do_softirq+0x14/0x20 [ 35.928522][ T6492] ---[ end trace 0000000000000000 ]--- executing program [ 35.999293][ T6493] FAULT_INJECTION: forcing a failure. [ 35.999293][ T6493] name failslab, interval 1, probability 0, ** replaying previous printk message ** [ 35.999293][ T6493] FAULT_INJECTION: forcing a failure. [ 35.999293][ T6493] name failslab, interval 1, probability 0, space 0, times 0 [ 35.999363][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 35.999385][ T6493] Tainted: [W]=WARN [ 35.999389][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.999396][ T6493] Call trace: [ 35.999400][ T6493] show_stack+0x2c/0x3c (C) [ 35.999416][ T6493] __dump_stack+0x30/0x40 [ 35.999428][ T6493] dump_stack_lvl+0xd8/0x12c [ 35.999438][ T6493] dump_stack+0x1c/0x28 [ 35.999447][ T6493] should_fail_ex+0x41c/0x594 [ 35.999460][ T6493] should_failslab+0xc0/0x128 [ 35.999473][ T6493] kmem_cache_alloc_noprof+0x80/0x3e8 [ 35.999488][ T6493] mas_alloc_nodes+0x268/0x788 [ 35.999501][ T6493] mas_preallocate+0x4b0/0x778 [ 35.999513][ T6493] commit_merge+0x1a4/0x5b0 [ 35.999526][ T6493] vma_merge_existing_range+0x1388/0x1964 [ 35.999540][ T6493] vma_modify+0x7c/0x424 [ 35.999552][ T6493] vma_modify_flags+0x18c/0x1dc [ 35.999564][ T6493] mlock_fixup+0x18c/0x2c4 [ 35.999577][ T6493] apply_mlockall_flags+0x290/0x344 [ 35.999588][ T6493] __arm64_sys_munlockall+0x11c/0x238 [ 35.999600][ T6493] invoke_syscall+0x98/0x2b8 [ 35.999610][ T6493] el0_svc_common+0x130/0x23c [ 35.999621][ T6493] do_el0_svc+0x48/0x58 [ 35.999631][ T6493] el0_svc+0x58/0x17c [ 35.999644][ T6493] el0t_64_sync_handler+0x78/0x108 [ 35.999657][ T6493] el0t_64_sync+0x198/0x19c [ 35.999674][ T6493] vmg ffff8000a0d47a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 35.999856][ T6493] vmg ffff8000a0d47a60 state: mm ffff0000c8436600 pgoff 20000 [ 35.999856][ T6493] vmi ffff8000a0d47c40 [20000000,20800000) [ 35.999856][ T6493] prev ffff0000d1a38780 middle ffff0000d1a38780 next 0000000000000000 target 0000000000000000 [ 35.999856][ T6493] start 20000000 end 20800000 flags 100077 [ 35.999856][ T6493] file 0000000000000000 anon_vma ffff0000dd175dd0 policy 0000000000000000 [ 35.999856][ T6493] uffd_ctx 0000000000000000 [ 35.999856][ T6493] anon_name 0000000000000000 [ 35.999856][ T6493] state 0 [ 35.999856][ T6493] just_expand 0 [ 35.999856][ T6493] __adjust_middle_start 0 __adjust_next_start 0 [ 35.999856][ T6493] __remove_middle 0 __remove_next 0 [ 35.999909][ T6493] vmg ffff8000a0d47a60 mm: [ 35.999927][ T6493] mm ffff0000c8436600 task_size 281474976710656 [ 35.999927][ T6493] mmap_base 281473148436480 mmap_legacy_base 0 [ 35.999927][ T6493] pgd ffff0000d6f0e000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 35.999927][ T6493] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 35.999927][ T6493] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 35.999927][ T6493] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 35.999927][ T6493] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 35.999927][ T6493] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 35.999927][ T6493] binfmt ffff80008f670700 flags 8000008d [ 35.999927][ T6493] ioctx_table 0000000000000000 [ 35.999927][ T6493] owner ffff0000c2f08000 exe_file ffff0000d4cb41c0 [ 35.999927][ T6493] notifier_subscriptions 0000000000000000 [ 35.999927][ T6493] numa_next_scan 4294940951 numa_scan_offset 0 numa_scan_seq 0 [ 35.999927][ T6493] tlb_flush_pending 0 [ 35.999927][ T6493] def_flags: 0x0() [ 36.000006][ T6493] vmg ffff8000a0d47a60 prev: [ 36.000023][ T6493] vma ffff0000d1a38780 start 0000000020000000 end 0000000020800000 mm ffff0000c8436600 [ 36.000023][ T6493] prot 20000000000fc3 anon_vma ffff0000dd175dd0 vm_ops 0000000000000000 [ 36.000023][ T6493] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.000023][ T6493] refcnt 1 [ 36.000023][ T6493] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.000062][ T6493] vmg ffff8000a0d47a60 middle: [ 36.000079][ T6493] vma ffff0000d1a38780 start 0000000020000000 end 0000000020800000 mm ffff0000c8436600 [ 36.000079][ T6493] prot 20000000000fc3 anon_vma ffff0000dd175dd0 vm_ops 0000000000000000 [ 36.000079][ T6493] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.000079][ T6493] refcnt 1 [ 36.000079][ T6493] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.000118][ T6493] vmg ffff8000a0d47a60 next: (NULL) [ 36.000135][ T6493] vmg ffff8000a0d47a60 vmi: [ 36.000152][ T6493] MAS: tree=ffff0000c8436640 enode=ffff0000c830920c [ 36.000164][ T6493] (ma_active) [ 36.000180][ T6493] Store Type: [ 36.000195][ T6493] node_store [ 36.000217][ T6493] [2/10] index=20000000 last=207fffff [ 36.000237][ T6493] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 36.000258][ T6493] maple_tree(ffff0000c8436640) flags 30B, height 2 root ffff0000c7baa61e [ 36.000287][ T6493] 0-ffffffffffffffff: node ffff0000c7baa600 depth 0 type 3 parent ffff0000c8436641 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c830920c FFFF93059FFF ffff0000c7baaa0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 36.000542][ T6493] 0-ffff93059fff: node ffff0000c8309200 depth 1 type 1 parent ffff0000c7baa606 contents: 0000000000000000 1FFFEFFF ffff0000d1a38640 1FFFFFFF ffff0000d1a38780 207FFFFF ffff0000dd177c80 20FFFFFF ffff0000d1a388c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000d1a38a00 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000d1a38b40 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000d1a38c80 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 36.000760][ T6493] 0-1fffefff: 0000000000000000 [ 36.000787][ T6493] 1ffff000-1fffffff: ffff0000d1a38640 [ 36.000816][ T6493] 20000000-207fffff: ffff0000d1a38780 [ 36.000844][ T6493] 20800000-20ffffff: ffff0000dd177c80 [ 36.000873][ T6493] 21000000-21000fff: ffff0000d1a388c0 [ 36.000902][ T6493] 21001000-aaaad5929fff: 0000000000000000 [ 36.000930][ T6493] aaaad592a000-aaaad594bfff: ffff0000d1a38a00 [ 36.000961][ T6493] aaaad594c000-ffff92fbffff: 0000000000000000 [ 36.000992][ T6493] ffff92fc0000-ffff9304bfff: ffff0000d1a38b40 [ 36.001023][ T6493] ffff9304c000-ffff93055fff: 0000000000000000 [ 36.001053][ T6493] ffff93056000-ffff93059fff: ffff0000d1a38c80 [ 36.001084][ T6493] ffff9305a000-ffffffffffffffff: node ffff0000c7baaa00 depth 1 type 1 parent ffff0000c7baa60e contents: ffff0000d1a38dc0 FFFF9305BFFF ffff0000c8b34000 FFFF9305FFFF ffff0000c8b34140 FFFF93062FFF ffff0000c8b34280 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8b343c0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 36.002149][ T6493] ffff9305a000-ffff9305bfff: ffff0000d1a38dc0 [ 36.002181][ T6493] ffff9305c000-ffff9305ffff: ffff0000c8b34000 [ 36.002212][ T6493] ffff93060000-ffff93062fff: ffff0000c8b34140 [ 36.002243][ T6493] ffff93063000-ffff93068fff: ffff0000c8b34280 [ 36.002281][ T6493] ffff93069000-ffffd1a12fff: 0000000000000000 [ 36.002312][ T6493] ffffd1a13000-ffffd1a33fff: ffff0000c8b343c0 [ 36.002343][ T6493] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 36.002484][ T6493] ------------[ cut here ]------------ [ 36.002498][ T6493] WARNING: CPU: 0 PID: 6493 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 36.196379][ T6493] Modules linked in: [ 36.197445][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.201059][ T6493] Tainted: [W]=WARN [ 36.202138][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.204958][ T6493] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 36.207129][ T6493] pc : vma_merge_existing_range+0x14a8/0x1964 [ 36.208817][ T6493] lr : vma_merge_existing_range+0x14a8/0x1964 [ 36.210517][ T6493] sp : ffff8000a0d47910 [ 36.211668][ T6493] x29: ffff8000a0d47990 x28: dfff800000000000 x27: 0000000000000001 [ 36.213988][ T6493] x26: 0000000020000000 x25: ffff8000a0d47a80 x24: 0000000020000000 [ 36.216208][ T6493] x23: 1ffff000141a8f50 x22: ffff0000d1a38780 x21: 0000000020800000 [ 36.218543][ T6493] x20: ffff0000d1a38780 x19: ffff8000a0d47a60 x18: 0000000000000000 [ 36.220742][ T6493] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 36.222963][ T6493] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 36.225221][ T6493] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 36.227485][ T6493] x8 : ffff0000c2f08000 x7 : 0000000000000001 x6 : 0000000000000001 [ 36.229773][ T6493] x5 : ffff8000a0d46ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 36.232082][ T6493] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 36.234305][ T6493] Call trace: [ 36.235215][ T6493] vma_merge_existing_range+0x14a8/0x1964 (P) [ 36.236912][ T6493] vma_modify+0x7c/0x424 [ 36.238096][ T6493] vma_modify_flags+0x18c/0x1dc [ 36.239445][ T6493] mlock_fixup+0x18c/0x2c4 [ 36.240696][ T6493] apply_mlockall_flags+0x290/0x344 [ 36.242126][ T6493] __arm64_sys_munlockall+0x11c/0x238 [ 36.243610][ T6493] invoke_syscall+0x98/0x2b8 [ 36.244914][ T6493] el0_svc_common+0x130/0x23c [ 36.246225][ T6493] do_el0_svc+0x48/0x58 [ 36.247351][ T6493] el0_svc+0x58/0x17c [ 36.248505][ T6493] el0t_64_sync_handler+0x78/0x108 [ 36.249951][ T6493] el0t_64_sync+0x198/0x19c [ 36.251193][ T6493] irq event stamp: 14386 [ 36.252377][ T6493] hardirqs last enabled at (14385): [] __console_unlock+0x70/0xc4 [ 36.255012][ T6493] hardirqs last disabled at (14386): [] el1_dbg+0x24/0x80 [ 36.257457][ T6493] softirqs last enabled at (14174): [] handle_softirqs+0xaf8/0xc88 [ 36.260095][ T6493] softirqs last disabled at (14031): [] __do_softirq+0x14/0x20 [ 36.262653][ T6493] ---[ end trace 0000000000000000 ]--- executing program [ 36.333169][ T6494] FAULT_INJECTION: forcing a failure. [ 36.333169][ T6494] name fai ** replaying previous printk message ** [ 36.333169][ T6494] FAULT_INJECTION: forcing a failure. [ 36.333169][ T6494] name failslab, interval 1, probability 0, space 0, times 0 [ 36.333238][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.333254][ T6494] Tainted: [W]=WARN [ 36.333258][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.333265][ T6494] Call trace: [ 36.333269][ T6494] show_stack+0x2c/0x3c (C) [ 36.333295][ T6494] __dump_stack+0x30/0x40 [ 36.333307][ T6494] dump_stack_lvl+0xd8/0x12c [ 36.333317][ T6494] dump_stack+0x1c/0x28 [ 36.333336][ T6494] should_fail_ex+0x41c/0x594 [ 36.333348][ T6494] should_failslab+0xc0/0x128 [ 36.333362][ T6494] kmem_cache_alloc_noprof+0x80/0x3e8 [ 36.333377][ T6494] mas_alloc_nodes+0x268/0x788 [ 36.333390][ T6494] mas_preallocate+0x4b0/0x778 [ 36.333402][ T6494] commit_merge+0x1a4/0x5b0 [ 36.333420][ T6494] vma_merge_existing_range+0x1388/0x1964 [ 36.333434][ T6494] vma_modify+0x7c/0x424 [ 36.333446][ T6494] vma_modify_flags+0x18c/0x1dc [ 36.333459][ T6494] mlock_fixup+0x18c/0x2c4 [ 36.333471][ T6494] apply_mlockall_flags+0x290/0x344 [ 36.333482][ T6494] __arm64_sys_munlockall+0x11c/0x238 [ 36.333494][ T6494] invoke_syscall+0x98/0x2b8 [ 36.333505][ T6494] el0_svc_common+0x130/0x23c [ 36.333515][ T6494] do_el0_svc+0x48/0x58 [ 36.333525][ T6494] el0_svc+0x58/0x17c [ 36.333538][ T6494] el0t_64_sync_handler+0x78/0x108 [ 36.333551][ T6494] el0t_64_sync+0x198/0x19c [ 36.333568][ T6494] vmg ffff8000a0d37a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 36.333752][ T6494] vmg ffff8000a0d37a60 state: mm ffff0000c8436e80 pgoff 20000 [ 36.333752][ T6494] vmi ffff8000a0d37c40 [20000000,20800000) [ 36.333752][ T6494] prev ffff0000c8b34640 middle ffff0000c8b34640 next 0000000000000000 target 0000000000000000 [ 36.333752][ T6494] start 20000000 end 20800000 flags 100077 [ 36.333752][ T6494] file 0000000000000000 anon_vma ffff0000dd3aa000 policy 0000000000000000 [ 36.333752][ T6494] uffd_ctx 0000000000000000 [ 36.333752][ T6494] anon_name 0000000000000000 [ 36.333752][ T6494] state 0 [ 36.333752][ T6494] just_expand 0 [ 36.333752][ T6494] __adjust_middle_start 0 __adjust_next_start 0 [ 36.333752][ T6494] __remove_middle 0 __remove_next 0 [ 36.333805][ T6494] vmg ffff8000a0d37a60 mm: [ 36.333823][ T6494] mm ffff0000c8436e80 task_size 281474976710656 [ 36.333823][ T6494] mmap_base 281473148436480 mmap_legacy_base 0 [ 36.333823][ T6494] pgd ffff0000c9b03000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 36.333823][ T6494] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 36.333823][ T6494] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 36.333823][ T6494] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 36.333823][ T6494] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 36.333823][ T6494] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 36.333823][ T6494] binfmt ffff80008f670700 flags 8000008d [ 36.333823][ T6494] ioctx_table 0000000000000000 [ 36.333823][ T6494] owner ffff0000c2f09e80 exe_file ffff0000d4cb41c0 [ 36.333823][ T6494] notifier_subscriptions 0000000000000000 [ 36.333823][ T6494] numa_next_scan 4294940985 numa_scan_offset 0 numa_scan_seq 0 [ 36.333823][ T6494] tlb_flush_pending 0 [ 36.333823][ T6494] def_flags: 0x0() [ 36.333901][ T6494] vmg ffff8000a0d37a60 prev: [ 36.333918][ T6494] vma ffff0000c8b34640 start 0000000020000000 end 0000000020800000 mm ffff0000c8436e80 [ 36.333918][ T6494] prot 20000000000fc3 anon_vma ffff0000dd3aa000 vm_ops 0000000000000000 [ 36.333918][ T6494] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.333918][ T6494] refcnt 1 [ 36.333918][ T6494] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.333958][ T6494] vmg ffff8000a0d37a60 middle: [ 36.333975][ T6494] vma ffff0000c8b34640 start 0000000020000000 end 0000000020800000 mm ffff0000c8436e80 [ 36.333975][ T6494] prot 20000000000fc3 anon_vma ffff0000dd3aa000 vm_ops 0000000000000000 [ 36.333975][ T6494] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.333975][ T6494] refcnt 1 [ 36.333975][ T6494] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.334013][ T6494] vmg ffff8000a0d37a60 next: (NULL) [ 36.334030][ T6494] vmg ffff8000a0d37a60 vmi: [ 36.334048][ T6494] MAS: tree=ffff0000c8436ec0 enode=ffff0000d3ec7c0c [ 36.334060][ T6494] (ma_active) [ 36.334076][ T6494] Store Type: [ 36.334091][ T6494] node_store [ 36.334113][ T6494] [2/10] index=20000000 last=207fffff [ 36.334133][ T6494] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 36.334155][ T6494] maple_tree(ffff0000c8436ec0) flags 30B, height 2 root ffff0000c7bab41e [ 36.334177][ T6494] 0-ffffffffffffffff: node ffff0000c7bab400 depth 0 type 3 parent ffff0000c8436ec1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3ec7c0c FFFF93059FFF ffff0000d6ecfc0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 36.334442][ T6494] 0-ffff93059fff: node ffff0000d3ec7c00 depth 1 type 1 parent ffff0000c7bab406 contents: 0000000000000000 1FFFEFFF ffff0000c8b34500 1FFFFFFF ffff0000c8b34640 207FFFFF ffff0000c9b04000 20FFFFFF ffff0000c8b34780 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c8b348c0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c8b34a00 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c8b34b40 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 36.334662][ T6494] 0-1fffefff: 0000000000000000 [ 36.334690][ T6494] 1ffff000-1fffffff: ffff0000c8b34500 [ 36.334719][ T6494] 20000000-207fffff: ffff0000c8b34640 [ 36.334747][ T6494] 20800000-20ffffff: ffff0000c9b04000 [ 36.334776][ T6494] 21000000-21000fff: ffff0000c8b34780 [ 36.334804][ T6494] 21001000-aaaad5929fff: 0000000000000000 [ 36.334833][ T6494] aaaad592a000-aaaad594bfff: ffff0000c8b348c0 [ 36.334862][ T6494] aaaad594c000-ffff92fbffff: 0000000000000000 [ 36.334890][ T6494] ffff92fc0000-ffff9304bfff: ffff0000c8b34a00 [ 36.334919][ T6494] ffff9304c000-ffff93055fff: 0000000000000000 [ 36.334948][ T6494] ffff93056000-ffff93059fff: ffff0000c8b34b40 [ 36.334977][ T6494] ffff9305a000-ffffffffffffffff: node ffff0000d6ecfc00 depth 1 type 1 parent ffff0000c7bab40e contents: ffff0000c8b34c80 FFFF9305BFFF ffff0000c8b34dc0 FFFF9305FFFF ffff0000c8a5f000 FFFF93062FFF ffff0000c8a5f140 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8a5f280 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 36.335192][ T6494] ffff9305a000-ffff9305bfff: ffff0000c8b34c80 [ 36.335221][ T6494] ffff9305c000-ffff9305ffff: ffff0000c8b34dc0 [ 36.335250][ T6494] ffff93060000-ffff93062fff: ffff0000c8a5f000 [ 36.335283][ T6494] ffff93063000-ffff93068fff: ffff0000c8a5f140 [ 36.335313][ T6494] ffff93069000-ffffd1a12fff: 0000000000000000 [ 36.335345][ T6494] ffffd1a13000-ffffd1a33fff: ffff0000c8a5f280 [ 36.335374][ T6494] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 36.335501][ T6494] ------------[ cut here ]------------ [ 36.335513][ T6494] WARNING: CPU: 0 PID: 6494 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 36.526932][ T6494] Modules linked in: [ 36.528032][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.531643][ T6494] Tainted: [W]=WARN [ 36.532706][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.535485][ T6494] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 36.537675][ T6494] pc : vma_merge_existing_range+0x14a8/0x1964 [ 36.539354][ T6494] lr : vma_merge_existing_range+0x14a8/0x1964 [ 36.541067][ T6494] sp : ffff8000a0d37910 [ 36.542193][ T6494] x29: ffff8000a0d37990 x28: dfff800000000000 x27: 0000000000000001 [ 36.544339][ T6494] x26: 0000000020000000 x25: ffff8000a0d37a80 x24: 0000000020000000 [ 36.546538][ T6494] x23: 1ffff000141a6f50 x22: ffff0000c8b34640 x21: 0000000020800000 [ 36.548695][ T6494] x20: ffff0000c8b34640 x19: ffff8000a0d37a60 x18: 0000000000000000 [ 36.550860][ T6494] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 36.553048][ T6494] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 36.555237][ T6494] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 36.557478][ T6494] x8 : ffff0000c2f09e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 36.559740][ T6494] x5 : ffff8000a0d36ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 36.561930][ T6494] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 36.564133][ T6494] Call trace: [ 36.565045][ T6494] vma_merge_existing_range+0x14a8/0x1964 (P) [ 36.566726][ T6494] vma_modify+0x7c/0x424 [ 36.567878][ T6494] vma_modify_flags+0x18c/0x1dc [ 36.569208][ T6494] mlock_fixup+0x18c/0x2c4 [ 36.570491][ T6494] apply_mlockall_flags+0x290/0x344 [ 36.571928][ T6494] __arm64_sys_munlockall+0x11c/0x238 [ 36.573412][ T6494] invoke_syscall+0x98/0x2b8 [ 36.574693][ T6494] el0_svc_common+0x130/0x23c [ 36.576028][ T6494] do_el0_svc+0x48/0x58 [ 36.577161][ T6494] el0_svc+0x58/0x17c [ 36.578226][ T6494] el0t_64_sync_handler+0x78/0x108 [ 36.579667][ T6494] el0t_64_sync+0x198/0x19c [ 36.580903][ T6494] irq event stamp: 14448 [ 36.582048][ T6494] hardirqs last enabled at (14447): [] __console_unlock+0x70/0xc4 [ 36.584700][ T6494] hardirqs last disabled at (14448): [] el1_dbg+0x24/0x80 [ 36.586999][ T6494] softirqs last enabled at (13236): [] handle_softirqs+0xaf8/0xc88 [ 36.589625][ T6494] softirqs last disabled at (12875): [] __do_softirq+0x14/0x20 [ 36.592096][ T6494] ---[ end trace 0000000000000000 ]--- executing program [ 36.663434][ T6495] FAULT_INJECTION: forcing a failure. [ 36.663434][ T6495] name failslab, interval 1, probability 0, space 0, times 0 [ ** replaying previous printk message ** [ 36.663504][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.663521][ T6495] Tainted: [W]=WARN [ 36.663525][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.663532][ T6495] Call trace: [ 36.663536][ T6495] show_stack+0x2c/0x3c (C) [ 36.663553][ T6495] __dump_stack+0x30/0x40 [ 36.663565][ T6495] dump_stack_lvl+0xd8/0x12c [ 36.663575][ T6495] dump_stack+0x1c/0x28 [ 36.663584][ T6495] should_fail_ex+0x41c/0x594 [ 36.663596][ T6495] should_failslab+0xc0/0x128 [ 36.663610][ T6495] kmem_cache_alloc_noprof+0x80/0x3e8 [ 36.663624][ T6495] mas_alloc_nodes+0x268/0x788 [ 36.663637][ T6495] mas_preallocate+0x4b0/0x778 [ 36.663649][ T6495] commit_merge+0x1a4/0x5b0 [ 36.663662][ T6495] vma_merge_existing_range+0x1388/0x1964 [ 36.663675][ T6495] vma_modify+0x7c/0x424 [ 36.663688][ T6495] vma_modify_flags+0x18c/0x1dc [ 36.663700][ T6495] mlock_fixup+0x18c/0x2c4 [ 36.663712][ T6495] apply_mlockall_flags+0x290/0x344 [ 36.663723][ T6495] __arm64_sys_munlockall+0x11c/0x238 [ 36.663734][ T6495] invoke_syscall+0x98/0x2b8 [ 36.663745][ T6495] el0_svc_common+0x130/0x23c [ 36.663755][ T6495] do_el0_svc+0x48/0x58 [ 36.663765][ T6495] el0_svc+0x58/0x17c [ 36.663777][ T6495] el0t_64_sync_handler+0x78/0x108 [ 36.663790][ T6495] el0t_64_sync+0x198/0x19c [ 36.665429][ T6495] vmg ffff8000a0d27a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 36.665457][ T6495] vmg ffff8000a0d27a60 state: mm ffff0000c8437700 pgoff 20000 [ 36.665457][ T6495] vmi ffff8000a0d27c40 [20000000,20800000) [ 36.665457][ T6495] prev ffff0000c8a5f500 middle ffff0000c8a5f500 next 0000000000000000 target 0000000000000000 [ 36.665457][ T6495] start 20000000 end 20800000 flags 100077 [ 36.665457][ T6495] file 0000000000000000 anon_vma ffff0000dd3aa220 policy 0000000000000000 [ 36.665457][ T6495] uffd_ctx 0000000000000000 [ 36.665457][ T6495] anon_name 0000000000000000 [ 36.665457][ T6495] state 0 [ 36.665457][ T6495] just_expand 0 [ 36.665457][ T6495] __adjust_middle_start 0 __adjust_next_start 0 [ 36.665457][ T6495] __remove_middle 0 __remove_next 0 [ 36.665511][ T6495] vmg ffff8000a0d27a60 mm: [ 36.665529][ T6495] mm ffff0000c8437700 task_size 281474976710656 [ 36.665529][ T6495] mmap_base 281473148436480 mmap_legacy_base 0 [ 36.665529][ T6495] pgd ffff0000caa87000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 36.665529][ T6495] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 36.665529][ T6495] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 36.665529][ T6495] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 36.665529][ T6495] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 36.665529][ T6495] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 36.665529][ T6495] binfmt ffff80008f670700 flags 8000008d [ 36.665529][ T6495] ioctx_table 0000000000000000 [ 36.665529][ T6495] owner ffff0000c2f0bd00 exe_file ffff0000d4cb41c0 [ 36.665529][ T6495] notifier_subscriptions 0000000000000000 [ 36.665529][ T6495] numa_next_scan 4294941018 numa_scan_offset 0 numa_scan_seq 0 [ 36.665529][ T6495] tlb_flush_pending 0 [ 36.665529][ T6495] def_flags: 0x0() [ 36.665608][ T6495] vmg ffff8000a0d27a60 prev: [ 36.665625][ T6495] vma ffff0000c8a5f500 start 0000000020000000 end 0000000020800000 mm ffff0000c8437700 [ 36.665625][ T6495] prot 20000000000fc3 anon_vma ffff0000dd3aa220 vm_ops 0000000000000000 [ 36.665625][ T6495] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.665625][ T6495] refcnt 1 [ 36.665625][ T6495] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.665665][ T6495] vmg ffff8000a0d27a60 middle: [ 36.665682][ T6495] vma ffff0000c8a5f500 start 0000000020000000 end 0000000020800000 mm ffff0000c8437700 [ 36.665682][ T6495] prot 20000000000fc3 anon_vma ffff0000dd3aa220 vm_ops 0000000000000000 [ 36.665682][ T6495] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.665682][ T6495] refcnt 1 [ 36.665682][ T6495] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.665720][ T6495] vmg ffff8000a0d27a60 next: (NULL) [ 36.665738][ T6495] vmg ffff8000a0d27a60 vmi: [ 36.665764][ T6495] MAS: tree=ffff0000c8437740 enode=ffff0000d15a0e0c [ 36.665779][ T6495] (ma_active) [ 36.665795][ T6495] Store Type: [ 36.665810][ T6495] node_store [ 36.665840][ T6495] [2/10] index=20000000 last=207fffff [ 36.665860][ T6495] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 36.665882][ T6495] maple_tree(ffff0000c8437740) flags 30B, height 2 root ffff0000c869da1e [ 36.665904][ T6495] 0-ffffffffffffffff: node ffff0000c869da00 depth 0 type 3 parent ffff0000c8437741 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d15a0e0c FFFF93059FFF ffff0000c869dc0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 36.666162][ T6495] 0-ffff93059fff: node ffff0000d15a0e00 depth 1 type 1 parent ffff0000c869da06 contents: 0000000000000000 1FFFEFFF ffff0000c8a5f3c0 1FFFFFFF ffff0000c8a5f500 207FFFFF ffff0000c9b04280 20FFFFFF ffff0000c8a5f640 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c8a5f780 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c8a5f8c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c8a5fa00 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 36.666393][ T6495] 0-1fffefff: 0000000000000000 [ 36.666421][ T6495] 1ffff000-1fffffff: ffff0000c8a5f3c0 [ 36.666450][ T6495] 20000000-207fffff: ffff0000c8a5f500 [ 36.666479][ T6495] 20800000-20ffffff: ffff0000c9b04280 [ 36.666507][ T6495] 21000000-21000fff: ffff0000c8a5f640 [ 36.666536][ T6495] 21001000-aaaad5929fff: 0000000000000000 [ 36.666564][ T6495] aaaad592a000-aaaad594bfff: ffff0000c8a5f780 [ 36.666594][ T6495] aaaad594c000-ffff92fbffff: 0000000000000000 [ 36.666622][ T6495] ffff92fc0000-ffff9304bfff: ffff0000c8a5f8c0 [ 36.666651][ T6495] ffff9304c000-ffff93055fff: 0000000000000000 [ 36.666680][ T6495] ffff93056000-ffff93059fff: ffff0000c8a5fa00 [ 36.666709][ T6495] ffff9305a000-ffffffffffffffff: node ffff0000c869dc00 depth 1 type 1 parent ffff0000c869da0e contents: ffff0000c8a5fb40 FFFF9305BFFF ffff0000c8a5fc80 FFFF9305FFFF ffff0000c8a5fdc0 FFFF93062FFF ffff0000dd267000 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000dd267140 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 36.666924][ T6495] ffff9305a000-ffff9305bfff: ffff0000c8a5fb40 [ 36.666953][ T6495] ffff9305c000-ffff9305ffff: ffff0000c8a5fc80 [ 36.666983][ T6495] ffff93060000-ffff93062fff: ffff0000c8a5fdc0 [ 36.667012][ T6495] ffff93063000-ffff93068fff: ffff0000dd267000 [ 36.667041][ T6495] ffff93069000-ffffd1a12fff: 0000000000000000 [ 36.667069][ T6495] ffffd1a13000-ffffd1a33fff: ffff0000dd267140 [ 36.667099][ T6495] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 36.667225][ T6495] ------------[ cut here ]------------ [ 36.667238][ T6495] WARNING: CPU: 0 PID: 6495 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 36.856643][ T6495] Modules linked in: [ 36.857728][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.861270][ T6495] Tainted: [W]=WARN [ 36.862337][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.865098][ T6495] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 36.867261][ T6495] pc : vma_merge_existing_range+0x14a8/0x1964 [ 36.868935][ T6495] lr : vma_merge_existing_range+0x14a8/0x1964 [ 36.870605][ T6495] sp : ffff8000a0d27910 [ 36.871712][ T6495] x29: ffff8000a0d27990 x28: dfff800000000000 x27: 0000000000000001 [ 36.873942][ T6495] x26: 0000000020000000 x25: ffff8000a0d27a80 x24: 0000000020000000 [ 36.876211][ T6495] x23: 1ffff000141a4f50 x22: ffff0000c8a5f500 x21: 0000000020800000 [ 36.878484][ T6495] x20: ffff0000c8a5f500 x19: ffff8000a0d27a60 x18: 0000000000000000 [ 36.880682][ T6495] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 36.882873][ T6495] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 36.885046][ T6495] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 36.887247][ T6495] x8 : ffff0000c2f0bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 36.889430][ T6495] x5 : ffff8000a0d26ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 36.891680][ T6495] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 36.893878][ T6495] Call trace: [ 36.894809][ T6495] vma_merge_existing_range+0x14a8/0x1964 (P) [ 36.896528][ T6495] vma_modify+0x7c/0x424 [ 36.897713][ T6495] vma_modify_flags+0x18c/0x1dc [ 36.899043][ T6495] mlock_fixup+0x18c/0x2c4 [ 36.900259][ T6495] apply_mlockall_flags+0x290/0x344 [ 36.901691][ T6495] __arm64_sys_munlockall+0x11c/0x238 [ 36.903192][ T6495] invoke_syscall+0x98/0x2b8 [ 36.904533][ T6495] el0_svc_common+0x130/0x23c [ 36.905786][ T6495] do_el0_svc+0x48/0x58 [ 36.906916][ T6495] el0_svc+0x58/0x17c [ 36.908067][ T6495] el0t_64_sync_handler+0x78/0x108 [ 36.909512][ T6495] el0t_64_sync+0x198/0x19c [ 36.910693][ T6495] irq event stamp: 14430 [ 36.911864][ T6495] hardirqs last enabled at (14429): [] __console_unlock+0x70/0xc4 [ 36.914500][ T6495] hardirqs last disabled at (14430): [] el1_dbg+0x24/0x80 [ 36.916950][ T6495] softirqs last enabled at (13186): [] handle_softirqs+0xaf8/0xc88 [ 36.919635][ T6495] softirqs last disabled at (12933): [] __do_softirq+0x14/0x20 [ 36.922073][ T6495] ---[ end trace 0000000000000000 ]--- executing program [ 36.998148][ T6496] FAULT_INJECTION: forcing a failure. [ 36.998148][ T6496] name failslab, interval ** replaying previous printk message ** [ 36.998148][ T6496] FAULT_INJECTION: forcing a failure. [ 36.998148][ T6496] name failslab, interval 1, probability 0, space 0, times 0 [ 36.998223][ T6496] CPU: 0 UID: 0 PID: 6496 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 36.998240][ T6496] Tainted: [W]=WARN [ 36.998245][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.998252][ T6496] Call trace: [ 36.998256][ T6496] show_stack+0x2c/0x3c (C) [ 36.998285][ T6496] __dump_stack+0x30/0x40 [ 36.998297][ T6496] dump_stack_lvl+0xd8/0x12c [ 36.998307][ T6496] dump_stack+0x1c/0x28 [ 36.998317][ T6496] should_fail_ex+0x41c/0x594 [ 36.998329][ T6496] should_failslab+0xc0/0x128 [ 36.998342][ T6496] kmem_cache_alloc_noprof+0x80/0x3e8 [ 36.998357][ T6496] mas_alloc_nodes+0x268/0x788 [ 36.998381][ T6496] mas_preallocate+0x4b0/0x778 [ 36.998393][ T6496] commit_merge+0x1a4/0x5b0 [ 36.998406][ T6496] vma_merge_existing_range+0x1388/0x1964 [ 36.998420][ T6496] vma_modify+0x7c/0x424 [ 36.998432][ T6496] vma_modify_flags+0x18c/0x1dc [ 36.998449][ T6496] mlock_fixup+0x18c/0x2c4 [ 36.998461][ T6496] apply_mlockall_flags+0x290/0x344 [ 36.998472][ T6496] __arm64_sys_munlockall+0x11c/0x238 [ 36.998484][ T6496] invoke_syscall+0x98/0x2b8 [ 36.998495][ T6496] el0_svc_common+0x130/0x23c [ 36.998505][ T6496] do_el0_svc+0x48/0x58 [ 36.998515][ T6496] el0_svc+0x58/0x17c [ 36.998527][ T6496] el0t_64_sync_handler+0x78/0x108 [ 36.998540][ T6496] el0t_64_sync+0x198/0x19c [ 36.999114][ T6496] vmg ffff8000a0d17a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 36.999139][ T6496] vmg ffff8000a0d17a60 state: mm ffff0000ca5e0000 pgoff 20000 [ 36.999139][ T6496] vmi ffff8000a0d17c40 [20000000,20800000) [ 36.999139][ T6496] prev ffff0000dd2673c0 middle ffff0000dd2673c0 next 0000000000000000 target 0000000000000000 [ 36.999139][ T6496] start 20000000 end 20800000 flags 100077 [ 36.999139][ T6496] file 0000000000000000 anon_vma ffff0000dd3aa440 policy 0000000000000000 [ 36.999139][ T6496] uffd_ctx 0000000000000000 [ 36.999139][ T6496] anon_name 0000000000000000 [ 36.999139][ T6496] state 0 [ 36.999139][ T6496] just_expand 0 [ 36.999139][ T6496] __adjust_middle_start 0 __adjust_next_start 0 [ 36.999139][ T6496] __remove_middle 0 __remove_next 0 [ 36.999193][ T6496] vmg ffff8000a0d17a60 mm: [ 36.999211][ T6496] mm ffff0000ca5e0000 task_size 281474976710656 [ 36.999211][ T6496] mmap_base 281473148436480 mmap_legacy_base 0 [ 36.999211][ T6496] pgd ffff0000dd243000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 36.999211][ T6496] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 36.999211][ T6496] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 36.999211][ T6496] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 36.999211][ T6496] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 36.999211][ T6496] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 36.999211][ T6496] binfmt ffff80008f670700 flags 8000008d [ 36.999211][ T6496] ioctx_table 0000000000000000 [ 36.999211][ T6496] owner ffff0000c2f0db80 exe_file ffff0000d4cb41c0 [ 36.999211][ T6496] notifier_subscriptions 0000000000000000 [ 36.999211][ T6496] numa_next_scan 4294941051 numa_scan_offset 0 numa_scan_seq 0 [ 36.999211][ T6496] tlb_flush_pending 0 [ 36.999211][ T6496] def_flags: 0x0() [ 36.999304][ T6496] vmg ffff8000a0d17a60 prev: [ 36.999322][ T6496] vma ffff0000dd2673c0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e0000 [ 36.999322][ T6496] prot 20000000000fc3 anon_vma ffff0000dd3aa440 vm_ops 0000000000000000 [ 36.999322][ T6496] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.999322][ T6496] refcnt 1 [ 36.999322][ T6496] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.999361][ T6496] vmg ffff8000a0d17a60 middle: [ 36.999384][ T6496] vma ffff0000dd2673c0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e0000 [ 36.999384][ T6496] prot 20000000000fc3 anon_vma ffff0000dd3aa440 vm_ops 0000000000000000 [ 36.999384][ T6496] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 36.999384][ T6496] refcnt 1 [ 36.999384][ T6496] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 36.999427][ T6496] vmg ffff8000a0d17a60 next: (NULL) [ 36.999444][ T6496] vmg ffff8000a0d17a60 vmi: [ 36.999461][ T6496] MAS: tree=ffff0000ca5e0040 enode=ffff0000d2004c0c [ 36.999474][ T6496] (ma_active) [ 36.999489][ T6496] Store Type: [ 36.999505][ T6496] node_store [ 36.999527][ T6496] [2/10] index=20000000 last=207fffff [ 36.999547][ T6496] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 36.999573][ T6496] maple_tree(ffff0000ca5e0040) flags 30B, height 2 root ffff0000c869de1e [ 36.999595][ T6496] 0-ffffffffffffffff: node ffff0000c869de00 depth 0 type 3 parent ffff0000ca5e0041 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d2004c0c FFFF93059FFF ffff0000c869d20c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 36.999849][ T6496] 0-ffff93059fff: node ffff0000d2004c00 depth 1 type 1 parent ffff0000c869de06 contents: 0000000000000000 1FFFEFFF ffff0000dd267280 1FFFFFFF ffff0000dd2673c0 207FFFFF ffff0000c9b04500 20FFFFFF ffff0000dd267500 21000FFF 0000000000000000 AAAAD5929FFF ffff0000dd267640 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000dd267780 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000dd2678c0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 37.000073][ T6496] 0-1fffefff: 0000000000000000 [ 37.000100][ T6496] 1ffff000-1fffffff: ffff0000dd267280 [ 37.000129][ T6496] 20000000-207fffff: ffff0000dd2673c0 [ 37.000157][ T6496] 20800000-20ffffff: ffff0000c9b04500 [ 37.000186][ T6496] 21000000-21000fff: ffff0000dd267500 [ 37.000220][ T6496] 21001000-aaaad5929fff: 0000000000000000 [ 37.000248][ T6496] aaaad592a000-aaaad594bfff: ffff0000dd267640 [ 37.000282][ T6496] aaaad594c000-ffff92fbffff: 0000000000000000 [ 37.000311][ T6496] ffff92fc0000-ffff9304bfff: ffff0000dd267780 [ 37.000339][ T6496] ffff9304c000-ffff93055fff: 0000000000000000 [ 37.000375][ T6496] ffff93056000-ffff93059fff: ffff0000dd2678c0 [ 37.000404][ T6496] ffff9305a000-ffffffffffffffff: node ffff0000c869d200 depth 1 type 1 parent ffff0000c869de0e contents: ffff0000dd267a00 FFFF9305BFFF ffff0000dd267b40 FFFF9305FFFF ffff0000dd267c80 FFFF93062FFF ffff0000dd267dc0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000ca3c2000 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 37.000617][ T6496] ffff9305a000-ffff9305bfff: ffff0000dd267a00 [ 37.000646][ T6496] ffff9305c000-ffff9305ffff: ffff0000dd267b40 [ 37.000674][ T6496] ffff93060000-ffff93062fff: ffff0000dd267c80 [ 37.000703][ T6496] ffff93063000-ffff93068fff: ffff0000dd267dc0 [ 37.000732][ T6496] ffff93069000-ffffd1a12fff: 0000000000000000 [ 37.000760][ T6496] ffffd1a13000-ffffd1a33fff: ffff0000ca3c2000 [ 37.000789][ T6496] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 37.000915][ T6496] ------------[ cut here ]------------ [ 37.000927][ T6496] WARNING: CPU: 0 PID: 6496 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 37.193012][ T6496] Modules linked in: [ 37.194053][ T6496] CPU: 0 UID: 0 PID: 6496 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 37.197690][ T6496] Tainted: [W]=WARN [ 37.198785][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.201643][ T6496] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.203828][ T6496] pc : vma_merge_existing_range+0x14a8/0x1964 [ 37.205578][ T6496] lr : vma_merge_existing_range+0x14a8/0x1964 [ 37.207209][ T6496] sp : ffff8000a0d17910 [ 37.208305][ T6496] x29: ffff8000a0d17990 x28: dfff800000000000 x27: 0000000000000001 [ 37.210506][ T6496] x26: 0000000020000000 x25: ffff8000a0d17a80 x24: 0000000020000000 [ 37.212663][ T6496] x23: 1ffff000141a2f50 x22: ffff0000dd2673c0 x21: 0000000020800000 [ 37.214790][ T6496] x20: ffff0000dd2673c0 x19: ffff8000a0d17a60 x18: 0000000000000000 [ 37.217067][ T6496] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 37.219283][ T6496] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 37.221504][ T6496] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 37.223643][ T6496] x8 : ffff0000c2f0db80 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.225821][ T6496] x5 : ffff8000a0d16ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 37.227967][ T6496] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 37.230241][ T6496] Call trace: [ 37.231169][ T6496] vma_merge_existing_range+0x14a8/0x1964 (P) [ 37.232850][ T6496] vma_modify+0x7c/0x424 [ 37.234025][ T6496] vma_modify_flags+0x18c/0x1dc [ 37.235383][ T6496] mlock_fixup+0x18c/0x2c4 [ 37.236612][ T6496] apply_mlockall_flags+0x290/0x344 [ 37.238040][ T6496] __arm64_sys_munlockall+0x11c/0x238 [ 37.239535][ T6496] invoke_syscall+0x98/0x2b8 [ 37.240835][ T6496] el0_svc_common+0x130/0x23c [ 37.242144][ T6496] do_el0_svc+0x48/0x58 [ 37.243300][ T6496] el0_svc+0x58/0x17c [ 37.244395][ T6496] el0t_64_sync_handler+0x78/0x108 [ 37.245879][ T6496] el0t_64_sync+0x198/0x19c [ 37.247141][ T6496] irq event stamp: 14374 [ 37.248285][ T6496] hardirqs last enabled at (14373): [] __console_unlock+0x70/0xc4 [ 37.251122][ T6496] hardirqs last disabled at (14374): [] el1_dbg+0x24/0x80 [ 37.253608][ T6496] softirqs last enabled at (11766): [] handle_softirqs+0xaf8/0xc88 [ 37.256329][ T6496] softirqs last disabled at (11409): [] __do_softirq+0x14/0x20 [ 37.258846][ T6496] ---[ end trace 0000000000000000 ]--- executing program [ 37.329301][ T6497] FAULT_INJECTION: forcing a failure. [ 37.329301][ T6497] name failslab, interval 1, probability 0, space 0, times 0 [ 37.329384][ T6497] CPU: 0 UID: 0 PID: 6497 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 P ** replaying previous printk message ** [ 37.329384][ T6497] CPU: 0 UID: 0 PID: 6497 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 37.329400][ T6497] Tainted: [W]=WARN [ 37.329404][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.329411][ T6497] Call trace: [ 37.329415][ T6497] show_stack+0x2c/0x3c (C) [ 37.329432][ T6497] __dump_stack+0x30/0x40 [ 37.329444][ T6497] dump_stack_lvl+0xd8/0x12c [ 37.329454][ T6497] dump_stack+0x1c/0x28 [ 37.329463][ T6497] should_fail_ex+0x41c/0x594 [ 37.329476][ T6497] should_failslab+0xc0/0x128 [ 37.329489][ T6497] kmem_cache_alloc_noprof+0x80/0x3e8 [ 37.329504][ T6497] mas_alloc_nodes+0x268/0x788 [ 37.329517][ T6497] mas_preallocate+0x4b0/0x778 [ 37.329529][ T6497] commit_merge+0x1a4/0x5b0 [ 37.329542][ T6497] vma_merge_existing_range+0x1388/0x1964 [ 37.329556][ T6497] vma_modify+0x7c/0x424 [ 37.329568][ T6497] vma_modify_flags+0x18c/0x1dc [ 37.329581][ T6497] mlock_fixup+0x18c/0x2c4 [ 37.329593][ T6497] apply_mlockall_flags+0x290/0x344 [ 37.329604][ T6497] __arm64_sys_munlockall+0x11c/0x238 [ 37.329615][ T6497] invoke_syscall+0x98/0x2b8 [ 37.329626][ T6497] el0_svc_common+0x130/0x23c [ 37.329636][ T6497] do_el0_svc+0x48/0x58 [ 37.329646][ T6497] el0_svc+0x58/0x17c [ 37.329660][ T6497] el0t_64_sync_handler+0x78/0x108 [ 37.329680][ T6497] el0t_64_sync+0x198/0x19c [ 37.329696][ T6497] vmg ffff8000a0d07a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 37.329888][ T6497] vmg ffff8000a0d07a60 state: mm ffff0000ca5e0880 pgoff 20000 [ 37.329888][ T6497] vmi ffff8000a0d07c40 [20000000,20800000) [ 37.329888][ T6497] prev ffff0000ca3c2280 middle ffff0000ca3c2280 next 0000000000000000 target 0000000000000000 [ 37.329888][ T6497] start 20000000 end 20800000 flags 100077 [ 37.329888][ T6497] file 0000000000000000 anon_vma ffff0000dd3aa660 policy 0000000000000000 [ 37.329888][ T6497] uffd_ctx 0000000000000000 [ 37.329888][ T6497] anon_name 0000000000000000 [ 37.329888][ T6497] state 0 [ 37.329888][ T6497] just_expand 0 [ 37.329888][ T6497] __adjust_middle_start 0 __adjust_next_start 0 [ 37.329888][ T6497] __remove_middle 0 __remove_next 0 [ 37.329941][ T6497] vmg ffff8000a0d07a60 mm: [ 37.329959][ T6497] mm ffff0000ca5e0880 task_size 281474976710656 [ 37.329959][ T6497] mmap_base 281473148436480 mmap_legacy_base 0 [ 37.329959][ T6497] pgd ffff0000c9df5000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 37.329959][ T6497] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 37.329959][ T6497] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 37.329959][ T6497] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 37.329959][ T6497] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 37.329959][ T6497] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 37.329959][ T6497] binfmt ffff80008f670700 flags 8000008d [ 37.329959][ T6497] ioctx_table 0000000000000000 [ 37.329959][ T6497] owner ffff0000ca5f0000 exe_file ffff0000d4cb41c0 [ 37.329959][ T6497] notifier_subscriptions 0000000000000000 [ 37.329959][ T6497] numa_next_scan 4294941085 numa_scan_offset 0 numa_scan_seq 0 [ 37.329959][ T6497] tlb_flush_pending 0 [ 37.329959][ T6497] def_flags: 0x0() [ 37.330040][ T6497] vmg ffff8000a0d07a60 prev: [ 37.330057][ T6497] vma ffff0000ca3c2280 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e0880 [ 37.330057][ T6497] prot 20000000000fc3 anon_vma ffff0000dd3aa660 vm_ops 0000000000000000 [ 37.330057][ T6497] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 37.330057][ T6497] refcnt 1 [ 37.330057][ T6497] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 37.330097][ T6497] vmg ffff8000a0d07a60 middle: [ 37.330114][ T6497] vma ffff0000ca3c2280 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e0880 [ 37.330114][ T6497] prot 20000000000fc3 anon_vma ffff0000dd3aa660 vm_ops 0000000000000000 [ 37.330114][ T6497] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 37.330114][ T6497] refcnt 1 [ 37.330114][ T6497] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 37.330155][ T6497] vmg ffff8000a0d07a60 next: (NULL) [ 37.330173][ T6497] vmg ffff8000a0d07a60 vmi: [ 37.330190][ T6497] MAS: tree=ffff0000ca5e08c0 enode=ffff0000d200500c [ 37.330203][ T6497] (ma_active) [ 37.330218][ T6497] Store Type: [ 37.330234][ T6497] node_store [ 37.330256][ T6497] [2/10] index=20000000 last=207fffff [ 37.330281][ T6497] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 37.330307][ T6497] maple_tree(ffff0000ca5e08c0) flags 30B, height 2 root ffff0000c869d01e [ 37.330329][ T6497] 0-ffffffffffffffff: node ffff0000c869d000 depth 0 type 3 parent ffff0000ca5e08c1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d200500c FFFF93059FFF ffff0000c869c80c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 37.330589][ T6497] 0-ffff93059fff: node ffff0000d2005000 depth 1 type 1 parent ffff0000c869d006 contents: 0000000000000000 1FFFEFFF ffff0000ca3c2140 1FFFFFFF ffff0000ca3c2280 207FFFFF ffff0000c9b04780 20FFFFFF ffff0000ca3c23c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000ca3c2500 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000ca3c2640 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000ca3c2780 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 37.330812][ T6497] 0-1fffefff: 0000000000000000 [ 37.330840][ T6497] 1ffff000-1fffffff: ffff0000ca3c2140 [ 37.330869][ T6497] 20000000-207fffff: ffff0000ca3c2280 [ 37.330897][ T6497] 20800000-20ffffff: ffff0000c9b04780 [ 37.330926][ T6497] 21000000-21000fff: ffff0000ca3c23c0 [ 37.330957][ T6497] 21001000-aaaad5929fff: 0000000000000000 [ 37.330986][ T6497] aaaad592a000-aaaad594bfff: ffff0000ca3c2500 [ 37.331015][ T6497] aaaad594c000-ffff92fbffff: 0000000000000000 [ 37.331043][ T6497] ffff92fc0000-ffff9304bfff: ffff0000ca3c2640 [ 37.331072][ T6497] ffff9304c000-ffff93055fff: 0000000000000000 [ 37.331101][ T6497] ffff93056000-ffff93059fff: ffff0000ca3c2780 [ 37.336182][ T6497] ffff9305a000-ffffffffffffffff: node ffff0000c869c800 depth 1 type 1 parent ffff0000c869d00e contents: ffff0000ca3c28c0 FFFF9305BFFF ffff0000ca3c2a00 FFFF9305FFFF ffff0000ca3c2b40 FFFF93062FFF ffff0000ca3c2c80 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000ca3c2dc0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 37.336425][ T6497] ffff9305a000-ffff9305bfff: ffff0000ca3c28c0 [ 37.336455][ T6497] ffff9305c000-ffff9305ffff: ffff0000ca3c2a00 [ 37.336484][ T6497] ffff93060000-ffff93062fff: ffff0000ca3c2b40 [ 37.336516][ T6497] ffff93063000-ffff93068fff: ffff0000ca3c2c80 [ 37.336545][ T6497] ffff93069000-ffffd1a12fff: 0000000000000000 [ 37.336574][ T6497] ffffd1a13000-ffffd1a33fff: ffff0000ca3c2dc0 [ 37.336603][ T6497] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 37.336734][ T6497] ------------[ cut here ]------------ [ 37.336747][ T6497] WARNING: CPU: 0 PID: 6497 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 37.532556][ T6497] Modules linked in: [ 37.533698][ T6497] CPU: 0 UID: 0 PID: 6497 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 37.537475][ T6497] Tainted: [W]=WARN [ 37.538596][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.541581][ T6497] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.543836][ T6497] pc : vma_merge_existing_range+0x14a8/0x1964 [ 37.545604][ T6497] lr : vma_merge_existing_range+0x14a8/0x1964 [ 37.547374][ T6497] sp : ffff8000a0d07910 [ 37.548497][ T6497] x29: ffff8000a0d07990 x28: dfff800000000000 x27: 0000000000000001 [ 37.550853][ T6497] x26: 0000000020000000 x25: ffff8000a0d07a80 x24: 0000000020000000 [ 37.553178][ T6497] x23: 1ffff000141a0f50 x22: ffff0000ca3c2280 x21: 0000000020800000 [ 37.555551][ T6497] x20: ffff0000ca3c2280 x19: ffff8000a0d07a60 x18: 0000000000000000 [ 37.557845][ T6497] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 37.560295][ T6497] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 37.562649][ T6497] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 37.564960][ T6497] x8 : ffff0000ca5f0000 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.567283][ T6497] x5 : ffff8000a0d06ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 37.569671][ T6497] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 37.571971][ T6497] Call trace: [ 37.572910][ T6497] vma_merge_existing_range+0x14a8/0x1964 (P) [ 37.574722][ T6497] vma_modify+0x7c/0x424 [ 37.575943][ T6497] vma_modify_flags+0x18c/0x1dc [ 37.577367][ T6497] mlock_fixup+0x18c/0x2c4 [ 37.578670][ T6497] apply_mlockall_flags+0x290/0x344 [ 37.580156][ T6497] __arm64_sys_munlockall+0x11c/0x238 [ 37.581743][ T6497] invoke_syscall+0x98/0x2b8 [ 37.583132][ T6497] el0_svc_common+0x130/0x23c [ 37.584599][ T6497] do_el0_svc+0x48/0x58 [ 37.585802][ T6497] el0_svc+0x58/0x17c [ 37.587006][ T6497] el0t_64_sync_handler+0x78/0x108 [ 37.588581][ T6497] el0t_64_sync+0x198/0x19c [ 37.590002][ T6497] irq event stamp: 14550 [ 37.591280][ T6497] hardirqs last enabled at (14549): [] __console_unlock+0x70/0xc4 [ 37.594097][ T6497] hardirqs last disabled at (14550): [] el1_dbg+0x24/0x80 [ 37.596679][ T6497] softirqs last enabled at (14318): [] handle_softirqs+0xaf8/0xc88 [ 37.599433][ T6497] softirqs last disabled at (14185): [] __do_softirq+0x14/0x20 [ 37.602109][ T6497] ---[ end trace 0000000000000000 ]--- executing program [ 37.671054][ T6498] FAULT_INJECTION: forcing a failure. [ 37.671054][ T6498] name failslab, ** replaying previous printk message ** [ 37.671054][ T6498] FAULT_INJECTION: forcing a failure. [ 37.671054][ T6498] name failslab, interval 1, probability 0, space 0, times 0 [ 37.671167][ T6498] CPU: 0 UID: 0 PID: 6498 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 37.671183][ T6498] Tainted: [W]=WARN [ 37.671187][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.671194][ T6498] Call trace: [ 37.671198][ T6498] show_stack+0x2c/0x3c (C) [ 37.671215][ T6498] __dump_stack+0x30/0x40 [ 37.671226][ T6498] dump_stack_lvl+0xd8/0x12c [ 37.671236][ T6498] dump_stack+0x1c/0x28 [ 37.671246][ T6498] should_fail_ex+0x41c/0x594 [ 37.671258][ T6498] should_failslab+0xc0/0x128 [ 37.671271][ T6498] kmem_cache_alloc_noprof+0x80/0x3e8 [ 37.671295][ T6498] mas_alloc_nodes+0x268/0x788 [ 37.671309][ T6498] mas_preallocate+0x4b0/0x778 [ 37.671321][ T6498] commit_merge+0x1a4/0x5b0 [ 37.671334][ T6498] vma_merge_existing_range+0x1388/0x1964 [ 37.671348][ T6498] vma_modify+0x7c/0x424 [ 37.671360][ T6498] vma_modify_flags+0x18c/0x1dc [ 37.671373][ T6498] mlock_fixup+0x18c/0x2c4 [ 37.671390][ T6498] apply_mlockall_flags+0x290/0x344 [ 37.671401][ T6498] __arm64_sys_munlockall+0x11c/0x238 [ 37.671412][ T6498] invoke_syscall+0x98/0x2b8 [ 37.671423][ T6498] el0_svc_common+0x130/0x23c [ 37.671433][ T6498] do_el0_svc+0x48/0x58 [ 37.671443][ T6498] el0_svc+0x58/0x17c [ 37.671456][ T6498] el0t_64_sync_handler+0x78/0x108 [ 37.671469][ T6498] el0t_64_sync+0x198/0x19c [ 37.671487][ T6498] vmg ffff8000a0cf7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 37.671670][ T6498] vmg ffff8000a0cf7a60 state: mm ffff0000ca5e1100 pgoff 20000 [ 37.671670][ T6498] vmi ffff8000a0cf7c40 [20000000,20800000) [ 37.671670][ T6498] prev ffff0000ca665140 middle ffff0000ca665140 next 0000000000000000 target 0000000000000000 [ 37.671670][ T6498] start 20000000 end 20800000 flags 100077 [ 37.671670][ T6498] file 0000000000000000 anon_vma ffff0000dd3aa880 policy 0000000000000000 [ 37.671670][ T6498] uffd_ctx 0000000000000000 [ 37.671670][ T6498] anon_name 0000000000000000 [ 37.671670][ T6498] state 0 [ 37.671670][ T6498] just_expand 0 [ 37.671670][ T6498] __adjust_middle_start 0 __adjust_next_start 0 [ 37.671670][ T6498] __remove_middle 0 __remove_next 0 [ 37.671723][ T6498] vmg ffff8000a0cf7a60 mm: [ 37.671741][ T6498] mm ffff0000ca5e1100 task_size 281474976710656 [ 37.671741][ T6498] mmap_base 281473148436480 mmap_legacy_base 0 [ 37.671741][ T6498] pgd ffff0000ca664000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 37.671741][ T6498] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 37.671741][ T6498] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 37.671741][ T6498] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 37.671741][ T6498] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 37.671741][ T6498] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 37.671741][ T6498] binfmt ffff80008f670700 flags 8000008d [ 37.671741][ T6498] ioctx_table 0000000000000000 [ 37.671741][ T6498] owner ffff0000ca5f1e80 exe_file ffff0000d4cb41c0 [ 37.671741][ T6498] notifier_subscriptions 0000000000000000 [ 37.671741][ T6498] numa_next_scan 4294941119 numa_scan_offset 0 numa_scan_seq 0 [ 37.671741][ T6498] tlb_flush_pending 0 [ 37.671741][ T6498] def_flags: 0x0() [ 37.671818][ T6498] vmg ffff8000a0cf7a60 prev: [ 37.671836][ T6498] vma ffff0000ca665140 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e1100 [ 37.671836][ T6498] prot 20000000000fc3 anon_vma ffff0000dd3aa880 vm_ops 0000000000000000 [ 37.671836][ T6498] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 37.671836][ T6498] refcnt 1 [ 37.671836][ T6498] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 37.671875][ T6498] vmg ffff8000a0cf7a60 middle: [ 37.671892][ T6498] vma ffff0000ca665140 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e1100 [ 37.671892][ T6498] prot 20000000000fc3 anon_vma ffff0000dd3aa880 vm_ops 0000000000000000 [ 37.671892][ T6498] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 37.671892][ T6498] refcnt 1 [ 37.671892][ T6498] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 37.671930][ T6498] vmg ffff8000a0cf7a60 next: (NULL) [ 37.671948][ T6498] vmg ffff8000a0cf7a60 vmi: [ 37.671965][ T6498] MAS: tree=ffff0000ca5e1140 enode=ffff0000d8d8620c [ 37.671977][ T6498] (ma_active) [ 37.671993][ T6498] Store Type: [ 37.672008][ T6498] node_store [ 37.672030][ T6498] [2/10] index=20000000 last=207fffff [ 37.672050][ T6498] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 37.672071][ T6498] maple_tree(ffff0000ca5e1140) flags 30B, height 2 root ffff0000c869ca1e [ 37.672100][ T6498] 0-ffffffffffffffff: node ffff0000c869ca00 depth 0 type 3 parent ffff0000ca5e1141 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d8d8620c FFFF93059FFF ffff0000cae3d60c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 37.672380][ T6498] 0-ffff93059fff: node ffff0000d8d86200 depth 1 type 1 parent ffff0000c869ca06 contents: 0000000000000000 1FFFEFFF ffff0000ca665000 1FFFFFFF ffff0000ca665140 207FFFFF ffff0000c9b04a00 20FFFFFF ffff0000ca665280 21000FFF 0000000000000000 AAAAD5929FFF ffff0000ca6653c0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000ca665500 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000ca665640 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 37.672618][ T6498] 0-1fffefff: 0000000000000000 [ 37.672650][ T6498] 1ffff000-1fffffff: ffff0000ca665000 [ 37.672682][ T6498] 20000000-207fffff: ffff0000ca665140 [ 37.672713][ T6498] 20800000-20ffffff: ffff0000c9b04a00 [ 37.672745][ T6498] 21000000-21000fff: ffff0000ca665280 [ 37.672774][ T6498] 21001000-aaaad5929fff: 0000000000000000 [ 37.672802][ T6498] aaaad592a000-aaaad594bfff: ffff0000ca6653c0 [ 37.672837][ T6498] aaaad594c000-ffff92fbffff: 0000000000000000 [ 37.672866][ T6498] ffff92fc0000-ffff9304bfff: ffff0000ca665500 [ 37.672898][ T6498] ffff9304c000-ffff93055fff: 0000000000000000 [ 37.672930][ T6498] ffff93056000-ffff93059fff: ffff0000ca665640 [ 37.672963][ T6498] ffff9305a000-ffffffffffffffff: node ffff0000cae3d600 depth 1 type 1 parent ffff0000c869ca0e contents: ffff0000ca665780 FFFF9305BFFF ffff0000ca6658c0 FFFF9305FFFF ffff0000ca665a00 FFFF93062FFF ffff0000ca665b40 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000ca665c80 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 37.673186][ T6498] ffff9305a000-ffff9305bfff: ffff0000ca665780 [ 37.673216][ T6498] ffff9305c000-ffff9305ffff: ffff0000ca6658c0 [ 37.673248][ T6498] ffff93060000-ffff93062fff: ffff0000ca665a00 [ 37.673285][ T6498] ffff93063000-ffff93068fff: ffff0000ca665b40 [ 37.673314][ T6498] ffff93069000-ffffd1a12fff: 0000000000000000 [ 37.673342][ T6498] ffffd1a13000-ffffd1a33fff: ffff0000ca665c80 [ 37.673374][ T6498] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 37.673514][ T6498] ------------[ cut here ]------------ [ 37.673528][ T6498] WARNING: CPU: 0 PID: 6498 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 37.876664][ T6498] Modules linked in: [ 37.877773][ T6498] CPU: 0 UID: 0 PID: 6498 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 37.881466][ T6498] Tainted: [W]=WARN [ 37.882555][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.885339][ T6498] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.887558][ T6498] pc : vma_merge_existing_range+0x14a8/0x1964 [ 37.889414][ T6498] lr : vma_merge_existing_range+0x14a8/0x1964 [ 37.891113][ T6498] sp : ffff8000a0cf7910 [ 37.892304][ T6498] x29: ffff8000a0cf7990 x28: dfff800000000000 x27: 0000000000000001 [ 37.894597][ T6498] x26: 0000000020000000 x25: ffff8000a0cf7a80 x24: 0000000020000000 [ 37.896890][ T6498] x23: 1ffff0001419ef50 x22: ffff0000ca665140 x21: 0000000020800000 [ 37.899195][ T6498] x20: ffff0000ca665140 x19: ffff8000a0cf7a60 x18: 0000000000000000 [ 37.901475][ T6498] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 37.903805][ T6498] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 37.906065][ T6498] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 37.908336][ T6498] x8 : ffff0000ca5f1e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.910598][ T6498] x5 : ffff8000a0cf6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 37.912881][ T6498] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 37.915183][ T6498] Call trace: [ 37.916083][ T6498] vma_merge_existing_range+0x14a8/0x1964 (P) [ 37.917826][ T6498] vma_modify+0x7c/0x424 [ 37.919046][ T6498] vma_modify_flags+0x18c/0x1dc [ 37.920433][ T6498] mlock_fixup+0x18c/0x2c4 [ 37.921699][ T6498] apply_mlockall_flags+0x290/0x344 [ 37.923183][ T6498] __arm64_sys_munlockall+0x11c/0x238 [ 37.924716][ T6498] invoke_syscall+0x98/0x2b8 [ 37.926030][ T6498] el0_svc_common+0x130/0x23c [ 37.927367][ T6498] do_el0_svc+0x48/0x58 [ 37.928556][ T6498] el0_svc+0x58/0x17c [ 37.929704][ T6498] el0t_64_sync_handler+0x78/0x108 [ 37.931146][ T6498] el0t_64_sync+0x198/0x19c [ 37.932502][ T6498] irq event stamp: 14420 [ 37.933710][ T6498] hardirqs last enabled at (14419): [] __console_unlock+0x70/0xc4 [ 37.936455][ T6498] hardirqs last disabled at (14420): [] el1_dbg+0x24/0x80 [ 37.938964][ T6498] softirqs last enabled at (10930): [] handle_softirqs+0xaf8/0xc88 [ 37.941639][ T6498] softirqs last disabled at (10557): [] __do_softirq+0x14/0x20 [ 37.944420][ T6498] ---[ end trace 0000000000000000 ]--- executing program [ 38.017402][ T6499] FAULT_INJECTION: forcing a failure. [ 38.017402][ T6499] name failslab, interval 1, probability 0, space 0, times 0 [ 38.017473][ T6499] CPU: 0 UID: 0 PID: 6499 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.017491][ T6499] Tainted: [W]=WARN [ 38.017496][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.017502][ T6499] Call trace: [ 38.017506][ T6499] show_stack+0x2c/0x3c (C) [ 38.017523][ T6499] __dump_stack+0x30/0x40 [ 38.017535][ T6499] dump_stack_lvl+0xd8/0x12c [ 38.017545][ T6499] dump_stack+0x1c/0x28 [ 38.017555][ T6499] should_fail_ex+0x41c/0x594 [ 38.017567][ T6499] should_failslab+0xc0/0x128 [ 38.017579][ T6499] kmem_cache_alloc_noprof+0x80/0x3e8 [ 38.017594][ T6499] mas_alloc_nodes+0x268/0x788 [ 38.017608][ T6499] mas_preallocate+0x4b0/0x778 [ 38.017620][ T6499] commit_merge+0x1a4/0x5b0 [ 38.017633][ T6499] vma_merge_existing_range+0x1388/0x1964 [ 38.017647][ T6499] vma_modify+0x7c/0x424 [ 38.017659][ T6499] vma_modify_flags+0x18c/0x1dc [ 38.017672][ T6499] mlock_fixup+0x18c/0x2c4 [ 38.017683][ T6499] apply_mlockall_flags+0x290/0x344 [ 38.017695][ T6499] __arm64_sys_munlockall+0x11c/0x238 [ 38.017706][ T6499] invoke_syscall+0x98/0x2b8 [ 38.017717][ T6499] el0_svc_common+0x130/0x23c [ 38.017727][ T6499] do_el0_svc+0x48/0x58 [ 38.017736][ T6499] el0_svc+0x58/0x17c [ 38.017750][ T6499] el0t_64_sync_handler+0x78/0x108 [ 38.017763][ T6499] el0t_64_sync+0x198/0x19c [ 38.019372][ T6499] vmg ffff8000a0ce7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 38.019405][ T6499] vmg ffff8000a0ce7a60 state: mm ffff0000ca5e1980 pgoff 20000 [ 38.019405][ T6499] vmi ffff8000a0ce7c40 [20000000,20800000) [ 38.019405][ T6499] prev ffff0000c82dd000 middle ffff0000c82dd000 next 0000000000000000 target 0000000000000000 [ 38.019405][ T6499] start 20000000 end 20800000 flags 100077 [ 38.019405][ T6499] file 0000000000000000 anon_vma ffff0000dd3aaaa0 policy 0000000000000000 [ 38.019405][ T6499] uffd_ctx 0000000000000000 [ 38.019405][ T6499] anon_name 0000000000000000 [ 38.019405][ T6499] state 0 [ 38.019405][ T6499] just_expand 0 [ 38.019405][ T6499] __adjust_middle_start 0 __adjust_next_start 0 [ 38.019405][ T6499] __remove_middle 0 __remove_next 0 [ 38.019460][ T6499] vmg ffff8000a0ce7a60 mm: [ 38.019478][ T6499] mm ffff0000ca5e1980 task_size 281474976710656 [ 38.019478][ T6499] mmap_base 281473148436480 mmap_legacy_base 0 [ 38.019478][ T6499] pgd ffff0000c82dc000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 38.019478][ T6499] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 38.019478][ T6499] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 38.019478][ T6499] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 38.019478][ T6499] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 38.019478][ T6499] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 38.019478][ T6499] binfmt ffff80008f670700 flags 8000008d [ 38.019478][ T6499] ioctx_table 0000000000000000 [ 38.019478][ T6499] owner ffff0000ca5f3d00 exe_file ffff0000d4cb41c0 [ 38.019478][ T6499] notifier_subscriptions 0000000000000000 [ 38.019478][ T6499] numa_next_scan 4294941153 numa_scan_offset 0 numa_scan_seq 0 [ 38.019478][ T6499] tlb_flush_pending 0 [ 38.019478][ T6499] def_flags: 0x0() [ 38.019556][ T6499] vmg ffff8000a0ce7a60 prev: [ 38.019574][ T6499] vma ffff0000c82dd000 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e1980 [ 38.019574][ T6499] prot 20000000000fc3 anon_vma ffff0000dd3aaaa0 vm_ops 0000000000000000 [ 38.019574][ T6499] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.019574][ T6499] refcnt 1 [ 38.019574][ T6499] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.019614][ T6499] vmg ffff8000a0ce7a60 middle: [ 38.019631][ T6499] vma ffff0000c82dd000 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e1980 [ 38.019631][ T6499] prot 20000000000fc3 anon_vma ffff0000dd3aaaa0 vm_ops 0000000000000000 [ 38.019631][ T6499] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.019631][ T6499] refcnt 1 [ 38.019631][ T6499] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.019669][ T6499] vmg ffff8000a0ce7a60 next: (NULL) [ 38.019686][ T6499] vmg ffff8000a0ce7a60 vmi: [ 38.019703][ T6499] MAS: tree=ffff0000ca5e19c0 enode=ffff0000d8d8680c [ 38.019716][ T6499] (ma_active) [ 38.019731][ T6499] Store Type: [ 38.019747][ T6499] node_store [ 38.019769][ T6499] [2/10] index=20000000 last=207fffff [ 38.019788][ T6499] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 38.019810][ T6499] maple_tree(ffff0000ca5e19c0) flags 30B, height 2 root ffff0000cae3d01e [ 38.019832][ T6499] 0-ffffffffffffffff: node ffff0000cae3d000 depth 0 type 3 parent ffff0000ca5e19c1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d8d8680c FFFF93059FFF ffff0000cae3d40c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 38.020084][ T6499] 0-ffff93059fff: node ffff0000d8d86800 depth 1 type 1 parent ffff0000cae3d006 contents: 0000000000000000 1FFFEFFF ffff0000ca665dc0 1FFFFFFF ffff0000c82dd000 207FFFFF ffff0000c9b04c80 20FFFFFF ffff0000c82dd140 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c82dd280 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c82dd3c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c82dd500 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 38.020307][ T6499] 0-1fffefff: 0000000000000000 [ 38.020335][ T6499] 1ffff000-1fffffff: ffff0000ca665dc0 [ 38.020364][ T6499] 20000000-207fffff: ffff0000c82dd000 [ 38.020393][ T6499] 20800000-20ffffff: ffff0000c9b04c80 [ 38.020425][ T6499] 21000000-21000fff: ffff0000c82dd140 [ 38.020453][ T6499] 21001000-aaaad5929fff: 0000000000000000 [ 38.020482][ T6499] aaaad592a000-aaaad594bfff: ffff0000c82dd280 [ 38.020511][ T6499] aaaad594c000-ffff92fbffff: 0000000000000000 [ 38.020539][ T6499] ffff92fc0000-ffff9304bfff: ffff0000c82dd3c0 [ 38.020568][ T6499] ffff9304c000-ffff93055fff: 0000000000000000 [ 38.020597][ T6499] ffff93056000-ffff93059fff: ffff0000c82dd500 [ 38.020626][ T6499] ffff9305a000-ffffffffffffffff: node ffff0000cae3d400 depth 1 type 1 parent ffff0000cae3d00e contents: ffff0000c82dd640 FFFF9305BFFF ffff0000c82dd780 FFFF9305FFFF ffff0000c82dd8c0 FFFF93062FFF ffff0000c82dda00 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c82ddb40 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 38.020841][ T6499] ffff9305a000-ffff9305bfff: ffff0000c82dd640 [ 38.020870][ T6499] ffff9305c000-ffff9305ffff: ffff0000c82dd780 [ 38.020899][ T6499] ffff93060000-ffff93062fff: ffff0000c82dd8c0 [ 38.020928][ T6499] ffff93063000-ffff93068fff: ffff0000c82dda00 [ 38.020957][ T6499] ffff93069000-ffffd1a12fff: 0000000000000000 [ 38.020986][ T6499] ffffd1a13000-ffffd1a33fff: ffff0000c82ddb40 [ 38.021015][ T6499] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 38.021148][ T6499] ------------[ cut here ]------------ [ 38.021161][ T6499] WARNING: CPU: 0 PID: 6499 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 38.208018][ T6499] Modules linked in: [ 38.209080][ T6499] CPU: 0 UID: 0 PID: 6499 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.212680][ T6499] Tainted: [W]=WARN [ 38.213714][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.216460][ T6499] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.218630][ T6499] pc : vma_merge_existing_range+0x14a8/0x1964 [ 38.220245][ T6499] lr : vma_merge_existing_range+0x14a8/0x1964 [ 38.221857][ T6499] sp : ffff8000a0ce7910 [ 38.222971][ T6499] x29: ffff8000a0ce7990 x28: dfff800000000000 x27: 0000000000000001 [ 38.225183][ T6499] x26: 0000000020000000 x25: ffff8000a0ce7a80 x24: 0000000020000000 [ 38.227450][ T6499] x23: 1ffff0001419cf50 x22: ffff0000c82dd000 x21: 0000000020800000 [ 38.229691][ T6499] x20: ffff0000c82dd000 x19: ffff8000a0ce7a60 x18: 0000000000000000 [ 38.231852][ T6499] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 38.234075][ T6499] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 38.236357][ T6499] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 38.238709][ T6499] x8 : ffff0000ca5f3d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.240938][ T6499] x5 : ffff8000a0ce6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 38.243228][ T6499] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 38.245500][ T6499] Call trace: [ 38.246423][ T6499] vma_merge_existing_range+0x14a8/0x1964 (P) [ 38.248179][ T6499] vma_modify+0x7c/0x424 [ 38.249324][ T6499] vma_modify_flags+0x18c/0x1dc [ 38.250678][ T6499] mlock_fixup+0x18c/0x2c4 [ 38.251864][ T6499] apply_mlockall_flags+0x290/0x344 [ 38.253299][ T6499] __arm64_sys_munlockall+0x11c/0x238 [ 38.254809][ T6499] invoke_syscall+0x98/0x2b8 [ 38.256149][ T6499] el0_svc_common+0x130/0x23c [ 38.257452][ T6499] do_el0_svc+0x48/0x58 [ 38.258627][ T6499] el0_svc+0x58/0x17c [ 38.259799][ T6499] el0t_64_sync_handler+0x78/0x108 [ 38.261157][ T6499] el0t_64_sync+0x198/0x19c [ 38.262429][ T6499] irq event stamp: 14648 [ 38.263624][ T6499] hardirqs last enabled at (14647): [] __console_unlock+0x70/0xc4 [ 38.266177][ T6499] hardirqs last disabled at (14648): [] el1_dbg+0x24/0x80 [ 38.268548][ T6499] softirqs last enabled at (12136): [] handle_softirqs+0xaf8/0xc88 [ 38.271100][ T6499] softirqs last disabled at (11941): [] __do_softirq+0x14/0x20 [ 38.273493][ T6499] ---[ end trace 0000000000000000 ]--- executing program [ 38.345100][ T6500] FAULT_INJECTION: forcing a failure. [ 38.345100][ T6500] name fails ** replaying previous printk message ** [ 38.345100][ T6500] FAULT_INJECTION: forcing a failure. [ 38.345100][ T6500] name failslab, interval 1, probability 0, space 0, times 0 [ 38.345170][ T6500] CPU: 0 UID: 0 PID: 6500 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.345188][ T6500] Tainted: [W]=WARN [ 38.345192][ T6500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.345199][ T6500] Call trace: [ 38.345203][ T6500] show_stack+0x2c/0x3c (C) [ 38.345219][ T6500] __dump_stack+0x30/0x40 [ 38.345231][ T6500] dump_stack_lvl+0xd8/0x12c [ 38.345241][ T6500] dump_stack+0x1c/0x28 [ 38.345251][ T6500] should_fail_ex+0x41c/0x594 [ 38.345263][ T6500] should_failslab+0xc0/0x128 [ 38.345286][ T6500] kmem_cache_alloc_noprof+0x80/0x3e8 [ 38.345301][ T6500] mas_alloc_nodes+0x268/0x788 [ 38.345315][ T6500] mas_preallocate+0x4b0/0x778 [ 38.345327][ T6500] commit_merge+0x1a4/0x5b0 [ 38.345340][ T6500] vma_merge_existing_range+0x1388/0x1964 [ 38.345354][ T6500] vma_modify+0x7c/0x424 [ 38.345366][ T6500] vma_modify_flags+0x18c/0x1dc [ 38.345379][ T6500] mlock_fixup+0x18c/0x2c4 [ 38.345391][ T6500] apply_mlockall_flags+0x290/0x344 [ 38.345409][ T6500] __arm64_sys_munlockall+0x11c/0x238 [ 38.345421][ T6500] invoke_syscall+0x98/0x2b8 [ 38.345432][ T6500] el0_svc_common+0x130/0x23c [ 38.345442][ T6500] do_el0_svc+0x48/0x58 [ 38.345452][ T6500] el0_svc+0x58/0x17c [ 38.345465][ T6500] el0t_64_sync_handler+0x78/0x108 [ 38.345479][ T6500] el0t_64_sync+0x198/0x19c [ 38.345646][ T6500] vmg ffff8000a4237a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 38.345668][ T6500] vmg ffff8000a4237a60 state: mm ffff0000ca5e2200 pgoff 20000 [ 38.345668][ T6500] vmi ffff8000a4237c40 [20000000,20800000) [ 38.345668][ T6500] prev ffff0000c82dddc0 middle ffff0000c82dddc0 next 0000000000000000 target 0000000000000000 [ 38.345668][ T6500] start 20000000 end 20800000 flags 100077 [ 38.345668][ T6500] file 0000000000000000 anon_vma ffff0000dd3aacc0 policy 0000000000000000 [ 38.345668][ T6500] uffd_ctx 0000000000000000 [ 38.345668][ T6500] anon_name 0000000000000000 [ 38.345668][ T6500] state 0 [ 38.345668][ T6500] just_expand 0 [ 38.345668][ T6500] __adjust_middle_start 0 __adjust_next_start 0 [ 38.345668][ T6500] __remove_middle 0 __remove_next 0 [ 38.345721][ T6500] vmg ffff8000a4237a60 mm: [ 38.345739][ T6500] mm ffff0000ca5e2200 task_size 281474976710656 [ 38.345739][ T6500] mmap_base 281473148436480 mmap_legacy_base 0 [ 38.345739][ T6500] pgd ffff0000c91dc000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 38.345739][ T6500] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 38.345739][ T6500] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 38.345739][ T6500] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 38.345739][ T6500] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 38.345739][ T6500] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 38.345739][ T6500] binfmt ffff80008f670700 flags 8000008d [ 38.345739][ T6500] ioctx_table 0000000000000000 [ 38.345739][ T6500] owner ffff0000ca5f5b80 exe_file ffff0000d4cb41c0 [ 38.345739][ T6500] notifier_subscriptions 0000000000000000 [ 38.345739][ T6500] numa_next_scan 4294941186 numa_scan_offset 0 numa_scan_seq 0 [ 38.345739][ T6500] tlb_flush_pending 0 [ 38.345739][ T6500] def_flags: 0x0() [ 38.345817][ T6500] vmg ffff8000a4237a60 prev: [ 38.345835][ T6500] vma ffff0000c82dddc0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e2200 [ 38.345835][ T6500] prot 20000000000fc3 anon_vma ffff0000dd3aacc0 vm_ops 0000000000000000 [ 38.345835][ T6500] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.345835][ T6500] refcnt 1 [ 38.345835][ T6500] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.345874][ T6500] vmg ffff8000a4237a60 middle: [ 38.345892][ T6500] vma ffff0000c82dddc0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e2200 [ 38.345892][ T6500] prot 20000000000fc3 anon_vma ffff0000dd3aacc0 vm_ops 0000000000000000 [ 38.345892][ T6500] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.345892][ T6500] refcnt 1 [ 38.345892][ T6500] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.345930][ T6500] vmg ffff8000a4237a60 next: (NULL) [ 38.345947][ T6500] vmg ffff8000a4237a60 vmi: [ 38.345964][ T6500] MAS: tree=ffff0000ca5e2240 enode=ffff0000d8d8700c [ 38.345976][ T6500] (ma_active) [ 38.345991][ T6500] Store Type: [ 38.346007][ T6500] node_store [ 38.346028][ T6500] [2/10] index=20000000 last=207fffff [ 38.346048][ T6500] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 38.346070][ T6500] maple_tree(ffff0000ca5e2240) flags 30B, height 2 root ffff0000cae3d81e [ 38.346091][ T6500] 0-ffffffffffffffff: node ffff0000cae3d800 depth 0 type 3 parent ffff0000ca5e2241 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d8d8700c FFFF93059FFF ffff0000d4cc820c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 38.346347][ T6500] 0-ffff93059fff: node ffff0000d8d87000 depth 1 type 1 parent ffff0000cae3d806 contents: 0000000000000000 1FFFEFFF ffff0000c82ddc80 1FFFFFFF ffff0000c82dddc0 207FFFFF ffff0000ca660000 20FFFFFF ffff0000c8388000 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c8388140 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c8388280 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c83883c0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 38.346568][ T6500] 0-1fffefff: 0000000000000000 [ 38.346596][ T6500] 1ffff000-1fffffff: ffff0000c82ddc80 [ 38.346625][ T6500] 20000000-207fffff: ffff0000c82dddc0 [ 38.346653][ T6500] 20800000-20ffffff: ffff0000ca660000 [ 38.346682][ T6500] 21000000-21000fff: ffff0000c8388000 [ 38.346710][ T6500] 21001000-aaaad5929fff: 0000000000000000 [ 38.346738][ T6500] aaaad592a000-aaaad594bfff: ffff0000c8388140 [ 38.346767][ T6500] aaaad594c000-ffff92fbffff: 0000000000000000 [ 38.346796][ T6500] ffff92fc0000-ffff9304bfff: ffff0000c8388280 [ 38.346825][ T6500] ffff9304c000-ffff93055fff: 0000000000000000 [ 38.346853][ T6500] ffff93056000-ffff93059fff: ffff0000c83883c0 [ 38.346882][ T6500] ffff9305a000-ffffffffffffffff: node ffff0000d4cc8200 depth 1 type 1 parent ffff0000cae3d80e contents: ffff0000c8388500 FFFF9305BFFF ffff0000c8388640 FFFF9305FFFF ffff0000c8388780 FFFF93062FFF ffff0000c83888c0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8388a00 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 38.347095][ T6500] ffff9305a000-ffff9305bfff: ffff0000c8388500 [ 38.347124][ T6500] ffff9305c000-ffff9305ffff: ffff0000c8388640 [ 38.347152][ T6500] ffff93060000-ffff93062fff: ffff0000c8388780 [ 38.347181][ T6500] ffff93063000-ffff93068fff: ffff0000c83888c0 [ 38.347210][ T6500] ffff93069000-ffffd1a12fff: 0000000000000000 [ 38.347239][ T6500] ffffd1a13000-ffffd1a33fff: ffff0000c8388a00 [ 38.347267][ T6500] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 38.347406][ T6500] ------------[ cut here ]------------ [ 38.347419][ T6500] WARNING: CPU: 0 PID: 6500 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 38.542970][ T6500] Modules linked in: [ 38.544094][ T6500] CPU: 0 UID: 0 PID: 6500 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.547658][ T6500] Tainted: [W]=WARN [ 38.548735][ T6500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.551510][ T6500] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.553716][ T6500] pc : vma_merge_existing_range+0x14a8/0x1964 [ 38.555460][ T6500] lr : vma_merge_existing_range+0x14a8/0x1964 [ 38.557164][ T6500] sp : ffff8000a4237910 [ 38.558318][ T6500] x29: ffff8000a4237990 x28: dfff800000000000 x27: 0000000000000001 [ 38.560483][ T6500] x26: 0000000020000000 x25: ffff8000a4237a80 x24: 0000000020000000 [ 38.562682][ T6500] x23: 1ffff00014846f50 x22: ffff0000c82dddc0 x21: 0000000020800000 [ 38.564841][ T6500] x20: ffff0000c82dddc0 x19: ffff8000a4237a60 x18: 0000000000000000 [ 38.567052][ T6500] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 38.569209][ T6500] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 38.571382][ T6500] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 38.573662][ T6500] x8 : ffff0000ca5f5b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.575863][ T6500] x5 : ffff8000a4236ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 38.578171][ T6500] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 38.580425][ T6500] Call trace: [ 38.581293][ T6500] vma_merge_existing_range+0x14a8/0x1964 (P) [ 38.583031][ T6500] vma_modify+0x7c/0x424 [ 38.584208][ T6500] vma_modify_flags+0x18c/0x1dc [ 38.585544][ T6500] mlock_fixup+0x18c/0x2c4 [ 38.586820][ T6500] apply_mlockall_flags+0x290/0x344 [ 38.588298][ T6500] __arm64_sys_munlockall+0x11c/0x238 [ 38.589840][ T6500] invoke_syscall+0x98/0x2b8 [ 38.591141][ T6500] el0_svc_common+0x130/0x23c [ 38.592507][ T6500] do_el0_svc+0x48/0x58 [ 38.593730][ T6500] el0_svc+0x58/0x17c [ 38.594879][ T6500] el0t_64_sync_handler+0x78/0x108 [ 38.596268][ T6500] el0t_64_sync+0x198/0x19c [ 38.597530][ T6500] irq event stamp: 14366 [ 38.598713][ T6500] hardirqs last enabled at (14365): [] __console_unlock+0x70/0xc4 [ 38.601360][ T6500] hardirqs last disabled at (14366): [] el1_dbg+0x24/0x80 [ 38.603815][ T6500] softirqs last enabled at (12464): [] handle_softirqs+0xaf8/0xc88 [ 38.606545][ T6500] softirqs last disabled at (12455): [] __do_softirq+0x14/0x20 [ 38.609064][ T6500] ---[ end trace 0000000000000000 ]--- executing program [ 38.679503][ T6501] FAULT_INJECTION: forcing a failure. [ 38.679503][ T6501] name ** replaying previous printk message ** [ 38.679503][ T6501] FAULT_INJECTION: forcing a failure. [ 38.679503][ T6501] name failslab, interval 1, probability 0, space 0, times 0 [ 38.679578][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.679596][ T6501] Tainted: [W]=WARN [ 38.679601][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.679609][ T6501] Call trace: [ 38.679613][ T6501] show_stack+0x2c/0x3c (C) [ 38.679630][ T6501] __dump_stack+0x30/0x40 [ 38.679643][ T6501] dump_stack_lvl+0xd8/0x12c [ 38.679653][ T6501] dump_stack+0x1c/0x28 [ 38.679664][ T6501] should_fail_ex+0x41c/0x594 [ 38.679677][ T6501] should_failslab+0xc0/0x128 [ 38.679691][ T6501] kmem_cache_alloc_noprof+0x80/0x3e8 [ 38.679706][ T6501] mas_alloc_nodes+0x268/0x788 [ 38.679721][ T6501] mas_preallocate+0x4b0/0x778 [ 38.679733][ T6501] commit_merge+0x1a4/0x5b0 [ 38.679747][ T6501] vma_merge_existing_range+0x1388/0x1964 [ 38.679761][ T6501] vma_modify+0x7c/0x424 [ 38.679774][ T6501] vma_modify_flags+0x18c/0x1dc [ 38.679788][ T6501] mlock_fixup+0x18c/0x2c4 [ 38.679800][ T6501] apply_mlockall_flags+0x290/0x344 [ 38.679812][ T6501] __arm64_sys_munlockall+0x11c/0x238 [ 38.679824][ T6501] invoke_syscall+0x98/0x2b8 [ 38.679836][ T6501] el0_svc_common+0x130/0x23c [ 38.679847][ T6501] do_el0_svc+0x48/0x58 [ 38.679857][ T6501] el0_svc+0x58/0x17c [ 38.679871][ T6501] el0t_64_sync_handler+0x78/0x108 [ 38.679885][ T6501] el0t_64_sync+0x198/0x19c [ 38.680066][ T6501] vmg ffff8000a0cd7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 38.680089][ T6501] vmg ffff8000a0cd7a60 state: mm ffff0000ca5e2a80 pgoff 20000 [ 38.680089][ T6501] vmi ffff8000a0cd7c40 [20000000,20800000) [ 38.680089][ T6501] prev ffff0000c8388c80 middle ffff0000c8388c80 next 0000000000000000 target 0000000000000000 [ 38.680089][ T6501] start 20000000 end 20800000 flags 100077 [ 38.680089][ T6501] file 0000000000000000 anon_vma ffff0000dd3aaee0 policy 0000000000000000 [ 38.680089][ T6501] uffd_ctx 0000000000000000 [ 38.680089][ T6501] anon_name 0000000000000000 [ 38.680089][ T6501] state 0 [ 38.680089][ T6501] just_expand 0 [ 38.680089][ T6501] __adjust_middle_start 0 __adjust_next_start 0 [ 38.680089][ T6501] __remove_middle 0 __remove_next 0 [ 38.680146][ T6501] vmg ffff8000a0cd7a60 mm: [ 38.680165][ T6501] mm ffff0000ca5e2a80 task_size 281474976710656 [ 38.680165][ T6501] mmap_base 281473148436480 mmap_legacy_base 0 [ 38.680165][ T6501] pgd ffff0000c80a3000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 38.680165][ T6501] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 38.680165][ T6501] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 38.680165][ T6501] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 38.680165][ T6501] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 38.680165][ T6501] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 38.680165][ T6501] binfmt ffff80008f670700 flags 8000008d [ 38.680165][ T6501] ioctx_table 0000000000000000 [ 38.680165][ T6501] owner ffff0000dd218000 exe_file ffff0000d4cb41c0 [ 38.680165][ T6501] notifier_subscriptions 0000000000000000 [ 38.680165][ T6501] numa_next_scan 4294941220 numa_scan_offset 0 numa_scan_seq 0 [ 38.680165][ T6501] tlb_flush_pending 0 [ 38.680165][ T6501] def_flags: 0x0() [ 38.680247][ T6501] vmg ffff8000a0cd7a60 prev: [ 38.680266][ T6501] vma ffff0000c8388c80 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e2a80 [ 38.680266][ T6501] prot 20000000000fc3 anon_vma ffff0000dd3aaee0 vm_ops 0000000000000000 [ 38.680266][ T6501] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.680266][ T6501] refcnt 1 [ 38.680266][ T6501] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.680317][ T6501] vmg ffff8000a0cd7a60 middle: [ 38.680335][ T6501] vma ffff0000c8388c80 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e2a80 [ 38.680335][ T6501] prot 20000000000fc3 anon_vma ffff0000dd3aaee0 vm_ops 0000000000000000 [ 38.680335][ T6501] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 38.680335][ T6501] refcnt 1 [ 38.680335][ T6501] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 38.680376][ T6501] vmg ffff8000a0cd7a60 next: (NULL) [ 38.680394][ T6501] vmg ffff8000a0cd7a60 vmi: [ 38.680413][ T6501] MAS: tree=ffff0000ca5e2ac0 enode=ffff0000d8d8780c [ 38.680426][ T6501] (ma_active) [ 38.680442][ T6501] Store Type: [ 38.680463][ T6501] node_store [ 38.680486][ T6501] [2/10] index=20000000 last=207fffff [ 38.680507][ T6501] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 38.680530][ T6501] maple_tree(ffff0000ca5e2ac0) flags 30B, height 2 root ffff0000d4cc921e [ 38.680553][ T6501] 0-ffffffffffffffff: node ffff0000d4cc9200 depth 0 type 3 parent ffff0000ca5e2ac1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d8d8780c FFFF93059FFF ffff0000d4cc880c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 38.680818][ T6501] 0-ffff93059fff: node ffff0000d8d87800 depth 1 type 1 parent ffff0000d4cc9206 contents: 0000000000000000 1FFFEFFF ffff0000c8388b40 1FFFFFFF ffff0000c8388c80 207FFFFF ffff0000ca660280 20FFFFFF ffff0000c8388dc0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c80a4000 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c80a4140 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c80a4280 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 38.681049][ T6501] 0-1fffefff: 0000000000000000 [ 38.681078][ T6501] 1ffff000-1fffffff: ffff0000c8388b40 [ 38.681168][ T6501] 20000000-207fffff: ffff0000c8388c80 [ 38.681199][ T6501] 20800000-20ffffff: ffff0000ca660280 [ 38.681230][ T6501] 21000000-21000fff: ffff0000c8388dc0 [ 38.681260][ T6501] 21001000-aaaad5929fff: 0000000000000000 [ 38.681297][ T6501] aaaad592a000-aaaad594bfff: ffff0000c80a4000 [ 38.681328][ T6501] aaaad594c000-ffff92fbffff: 0000000000000000 [ 38.681358][ T6501] ffff92fc0000-ffff9304bfff: ffff0000c80a4140 [ 38.681389][ T6501] ffff9304c000-ffff93055fff: 0000000000000000 [ 38.681419][ T6501] ffff93056000-ffff93059fff: ffff0000c80a4280 [ 38.681454][ T6501] ffff9305a000-ffffffffffffffff: node ffff0000d4cc8800 depth 1 type 1 parent ffff0000d4cc920e contents: ffff0000c80a43c0 FFFF9305BFFF ffff0000c80a4500 FFFF9305FFFF ffff0000c80a4640 FFFF93062FFF ffff0000c80a4780 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c80a48c0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 38.681681][ T6501] ffff9305a000-ffff9305bfff: ffff0000c80a43c0 [ 38.681712][ T6501] ffff9305c000-ffff9305ffff: ffff0000c80a4500 [ 38.681743][ T6501] ffff93060000-ffff93062fff: ffff0000c80a4640 [ 38.681774][ T6501] ffff93063000-ffff93068fff: ffff0000c80a4780 [ 38.681804][ T6501] ffff93069000-ffffd1a12fff: 0000000000000000 [ 38.681835][ T6501] ffffd1a13000-ffffd1a33fff: ffff0000c80a48c0 [ 38.681866][ T6501] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 38.682000][ T6501] ------------[ cut here ]------------ [ 38.682013][ T6501] WARNING: CPU: 0 PID: 6501 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 38.879171][ T6501] Modules linked in: [ 38.880410][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 38.884255][ T6501] Tainted: [W]=WARN [ 38.885458][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.888407][ T6501] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.890685][ T6501] pc : vma_merge_existing_range+0x14a8/0x1964 [ 38.892437][ T6501] lr : vma_merge_existing_range+0x14a8/0x1964 [ 38.894130][ T6501] sp : ffff8000a0cd7910 [ 38.895342][ T6501] x29: ffff8000a0cd7990 x28: dfff800000000000 x27: 0000000000000001 [ 38.897678][ T6501] x26: 0000000020000000 x25: ffff8000a0cd7a80 x24: 0000000020000000 [ 38.900019][ T6501] x23: 1ffff0001419af50 x22: ffff0000c8388c80 x21: 0000000020800000 [ 38.902343][ T6501] x20: ffff0000c8388c80 x19: ffff8000a0cd7a60 x18: 0000000000000000 [ 38.904690][ T6501] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 38.907016][ T6501] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 38.909381][ T6501] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 38.911703][ T6501] x8 : ffff0000dd218000 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.914043][ T6501] x5 : ffff8000a0cd6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 38.916356][ T6501] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 38.918697][ T6501] Call trace: [ 38.919624][ T6501] vma_merge_existing_range+0x14a8/0x1964 (P) [ 38.921336][ T6501] vma_modify+0x7c/0x424 [ 38.922570][ T6501] vma_modify_flags+0x18c/0x1dc [ 38.923966][ T6501] mlock_fixup+0x18c/0x2c4 [ 38.925290][ T6501] apply_mlockall_flags+0x290/0x344 [ 38.926794][ T6501] __arm64_sys_munlockall+0x11c/0x238 [ 38.928321][ T6501] invoke_syscall+0x98/0x2b8 [ 38.929658][ T6501] el0_svc_common+0x130/0x23c [ 38.931025][ T6501] do_el0_svc+0x48/0x58 [ 38.932264][ T6501] el0_svc+0x58/0x17c [ 38.933428][ T6501] el0t_64_sync_handler+0x78/0x108 [ 38.934940][ T6501] el0t_64_sync+0x198/0x19c [ 38.936254][ T6501] irq event stamp: 14204 [ 38.937511][ T6501] hardirqs last enabled at (14203): [] __console_unlock+0x70/0xc4 [ 38.940147][ T6501] hardirqs last disabled at (14204): [] el1_dbg+0x24/0x80 [ 38.942757][ T6501] softirqs last enabled at (13858): [] handle_softirqs+0xaf8/0xc88 [ 38.945509][ T6501] softirqs last disabled at (13843): [] __do_softirq+0x14/0x20 [ 38.948123][ T6501] ---[ end trace 0000000000000000 ]--- executing program [ 39.017873][ T6502] FAULT_INJECTION: forcing a failure. [ 39.017873][ T6502] name failslab, interval 1, probability 0, space 0, times 0 [ 39.017945][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz-executor371 Tainted: G W 6.15.0-rc ** replaying previous printk message ** [ 39.017945][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.017963][ T6502] Tainted: [W]=WARN [ 39.017967][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.017974][ T6502] Call trace: [ 39.017978][ T6502] show_stack+0x2c/0x3c (C) [ 39.017995][ T6502] __dump_stack+0x30/0x40 [ 39.018006][ T6502] dump_stack_lvl+0xd8/0x12c [ 39.018016][ T6502] dump_stack+0x1c/0x28 [ 39.018026][ T6502] should_fail_ex+0x41c/0x594 [ 39.018038][ T6502] should_failslab+0xc0/0x128 [ 39.018051][ T6502] kmem_cache_alloc_noprof+0x80/0x3e8 [ 39.018066][ T6502] mas_alloc_nodes+0x268/0x788 [ 39.018079][ T6502] mas_preallocate+0x4b0/0x778 [ 39.018091][ T6502] commit_merge+0x1a4/0x5b0 [ 39.018104][ T6502] vma_merge_existing_range+0x1388/0x1964 [ 39.018117][ T6502] vma_modify+0x7c/0x424 [ 39.018130][ T6502] vma_modify_flags+0x18c/0x1dc [ 39.018142][ T6502] mlock_fixup+0x18c/0x2c4 [ 39.018154][ T6502] apply_mlockall_flags+0x290/0x344 [ 39.018165][ T6502] __arm64_sys_munlockall+0x11c/0x238 [ 39.018177][ T6502] invoke_syscall+0x98/0x2b8 [ 39.018188][ T6502] el0_svc_common+0x130/0x23c [ 39.018198][ T6502] do_el0_svc+0x48/0x58 [ 39.018208][ T6502] el0_svc+0x58/0x17c [ 39.018221][ T6502] el0t_64_sync_handler+0x78/0x108 [ 39.018234][ T6502] el0t_64_sync+0x198/0x19c [ 39.019447][ T6502] vmg ffff8000a0c57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 39.019479][ T6502] vmg ffff8000a0c57a60 state: mm ffff0000ca5e3300 pgoff 20000 [ 39.019479][ T6502] vmi ffff8000a0c57c40 [20000000,20800000) [ 39.019479][ T6502] prev ffff0000c80a4b40 middle ffff0000c80a4b40 next 0000000000000000 target 0000000000000000 [ 39.019479][ T6502] start 20000000 end 20800000 flags 100077 [ 39.019479][ T6502] file 0000000000000000 anon_vma ffff0000c80ac880 policy 0000000000000000 [ 39.019479][ T6502] uffd_ctx 0000000000000000 [ 39.019479][ T6502] anon_name 0000000000000000 [ 39.019479][ T6502] state 0 [ 39.019479][ T6502] just_expand 0 [ 39.019479][ T6502] __adjust_middle_start 0 __adjust_next_start 0 [ 39.019479][ T6502] __remove_middle 0 __remove_next 0 [ 39.019536][ T6502] vmg ffff8000a0c57a60 mm: [ 39.019555][ T6502] mm ffff0000ca5e3300 task_size 281474976710656 [ 39.019555][ T6502] mmap_base 281473148436480 mmap_legacy_base 0 [ 39.019555][ T6502] pgd ffff0000ca5ff000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 39.019555][ T6502] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 39.019555][ T6502] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 39.019555][ T6502] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 39.019555][ T6502] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 39.019555][ T6502] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 39.019555][ T6502] binfmt ffff80008f670700 flags 8000008d [ 39.019555][ T6502] ioctx_table 0000000000000000 [ 39.019555][ T6502] owner ffff0000dd219e80 exe_file ffff0000d4cb41c0 [ 39.019555][ T6502] notifier_subscriptions 0000000000000000 [ 39.019555][ T6502] numa_next_scan 4294941253 numa_scan_offset 0 numa_scan_seq 0 [ 39.019555][ T6502] tlb_flush_pending 0 [ 39.019555][ T6502] def_flags: 0x0() [ 39.019638][ T6502] vmg ffff8000a0c57a60 prev: [ 39.019656][ T6502] vma ffff0000c80a4b40 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e3300 [ 39.019656][ T6502] prot 20000000000fc3 anon_vma ffff0000c80ac880 vm_ops 0000000000000000 [ 39.019656][ T6502] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.019656][ T6502] refcnt 1 [ 39.019656][ T6502] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.019699][ T6502] vmg ffff8000a0c57a60 middle: [ 39.019717][ T6502] vma ffff0000c80a4b40 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e3300 [ 39.019717][ T6502] prot 20000000000fc3 anon_vma ffff0000c80ac880 vm_ops 0000000000000000 [ 39.019717][ T6502] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.019717][ T6502] refcnt 1 [ 39.019717][ T6502] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.019758][ T6502] vmg ffff8000a0c57a60 next: (NULL) [ 39.019776][ T6502] vmg ffff8000a0c57a60 vmi: [ 39.019794][ T6502] MAS: tree=ffff0000ca5e3340 enode=ffff0000d0eece0c [ 39.019808][ T6502] (ma_active) [ 39.019824][ T6502] Store Type: [ 39.019839][ T6502] node_store [ 39.019862][ T6502] [2/10] index=20000000 last=207fffff [ 39.019884][ T6502] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 39.019907][ T6502] maple_tree(ffff0000ca5e3340) flags 30B, height 2 root ffff0000d4cc9e1e [ 39.019930][ T6502] 0-ffffffffffffffff: node ffff0000d4cc9e00 depth 0 type 3 parent ffff0000ca5e3341 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d0eece0c FFFF93059FFF ffff0000d0eecc0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 39.020196][ T6502] 0-ffff93059fff: node ffff0000d0eece00 depth 1 type 1 parent ffff0000d4cc9e06 contents: 0000000000000000 1FFFEFFF ffff0000c80a4a00 1FFFFFFF ffff0000c80a4b40 207FFFFF ffff0000dd03ba00 20FFFFFF ffff0000c80a4c80 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c80a4dc0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000dd03b000 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000dd03b140 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 39.020438][ T6502] 0-1fffefff: 0000000000000000 [ 39.020468][ T6502] 1ffff000-1fffffff: ffff0000c80a4a00 [ 39.020498][ T6502] 20000000-207fffff: ffff0000c80a4b40 [ 39.020529][ T6502] 20800000-20ffffff: ffff0000dd03ba00 [ 39.020559][ T6502] 21000000-21000fff: ffff0000c80a4c80 [ 39.020590][ T6502] 21001000-aaaad5929fff: 0000000000000000 [ 39.020620][ T6502] aaaad592a000-aaaad594bfff: ffff0000c80a4dc0 [ 39.020651][ T6502] aaaad594c000-ffff92fbffff: 0000000000000000 [ 39.020681][ T6502] ffff92fc0000-ffff9304bfff: ffff0000dd03b000 [ 39.020712][ T6502] ffff9304c000-ffff93055fff: 0000000000000000 [ 39.020742][ T6502] ffff93056000-ffff93059fff: ffff0000dd03b140 [ 39.020773][ T6502] ffff9305a000-ffffffffffffffff: node ffff0000d0eecc00 depth 1 type 1 parent ffff0000d4cc9e0e contents: ffff0000dd03b280 FFFF9305BFFF ffff0000dd03b3c0 FFFF9305FFFF ffff0000dd03b500 FFFF93062FFF ffff0000dd03b640 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000dd03b780 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 39.020995][ T6502] ffff9305a000-ffff9305bfff: ffff0000dd03b280 [ 39.021024][ T6502] ffff9305c000-ffff9305ffff: ffff0000dd03b3c0 [ 39.021053][ T6502] ffff93060000-ffff93062fff: ffff0000dd03b500 [ 39.021082][ T6502] ffff93063000-ffff93068fff: ffff0000dd03b640 [ 39.024286][ T6502] ffff93069000-ffffd1a12fff: 0000000000000000 [ 39.024325][ T6502] ffffd1a13000-ffffd1a33fff: ffff0000dd03b780 [ 39.024359][ T6502] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 39.024487][ T6502] ------------[ cut here ]------------ [ 39.024499][ T6502] WARNING: CPU: 1 PID: 6502 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 39.216412][ T6502] Modules linked in: [ 39.217513][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.221174][ T6502] Tainted: [W]=WARN [ 39.222270][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.225076][ T6502] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.227236][ T6502] pc : vma_merge_existing_range+0x14a8/0x1964 [ 39.228890][ T6502] lr : vma_merge_existing_range+0x14a8/0x1964 [ 39.230540][ T6502] sp : ffff8000a0c57910 [ 39.231612][ T6502] x29: ffff8000a0c57990 x28: dfff800000000000 x27: 0000000000000001 [ 39.233788][ T6502] x26: 0000000020000000 x25: ffff8000a0c57a80 x24: 0000000020000000 [ 39.236015][ T6502] x23: 1ffff0001418af50 x22: ffff0000c80a4b40 x21: 0000000020800000 [ 39.238177][ T6502] x20: ffff0000c80a4b40 x19: ffff8000a0c57a60 x18: 1fffe0003386f276 [ 39.240389][ T6502] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 39.242501][ T6502] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 39.244667][ T6502] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 39.246777][ T6502] x8 : ffff0000dd219e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 39.248939][ T6502] x5 : ffff8000a0c56ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 39.251095][ T6502] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 39.253224][ T6502] Call trace: [ 39.254099][ T6502] vma_merge_existing_range+0x14a8/0x1964 (P) [ 39.255822][ T6502] vma_modify+0x7c/0x424 [ 39.256959][ T6502] vma_modify_flags+0x18c/0x1dc [ 39.258307][ T6502] mlock_fixup+0x18c/0x2c4 [ 39.259543][ T6502] apply_mlockall_flags+0x290/0x344 [ 39.260937][ T6502] __arm64_sys_munlockall+0x11c/0x238 [ 39.262411][ T6502] invoke_syscall+0x98/0x2b8 [ 39.263645][ T6502] el0_svc_common+0x130/0x23c [ 39.264908][ T6502] do_el0_svc+0x48/0x58 [ 39.266030][ T6502] el0_svc+0x58/0x17c [ 39.267130][ T6502] el0t_64_sync_handler+0x78/0x108 [ 39.268511][ T6502] el0t_64_sync+0x198/0x19c [ 39.269721][ T6502] irq event stamp: 14122 [ 39.270911][ T6502] hardirqs last enabled at (14121): [] __console_unlock+0x70/0xc4 [ 39.273503][ T6502] hardirqs last disabled at (14122): [] el1_dbg+0x24/0x80 [ 39.275832][ T6502] softirqs last enabled at (14072): [] handle_softirqs+0xaf8/0xc88 [ 39.278485][ T6502] softirqs last disabled at (13951): [] __do_softirq+0x14/0x20 [ 39.280954][ T6502] ---[ end trace 0000000000000000 ]--- executing program [ 39.349625][ T6503] FAULT_INJECTION: forcing a failure. [ 39.349625][ T6503] name failslab, inte ** replaying previous printk message ** [ 39.349625][ T6503] FAULT_INJECTION: forcing a failure. [ 39.349625][ T6503] name failslab, interval 1, probability 0, space 0, times 0 [ 39.349693][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.349710][ T6503] Tainted: [W]=WARN [ 39.349715][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.349721][ T6503] Call trace: [ 39.349725][ T6503] show_stack+0x2c/0x3c (C) [ 39.349742][ T6503] __dump_stack+0x30/0x40 [ 39.349753][ T6503] dump_stack_lvl+0xd8/0x12c [ 39.349763][ T6503] dump_stack+0x1c/0x28 [ 39.349773][ T6503] should_fail_ex+0x41c/0x594 [ 39.349785][ T6503] should_failslab+0xc0/0x128 [ 39.349798][ T6503] kmem_cache_alloc_noprof+0x80/0x3e8 [ 39.349813][ T6503] mas_alloc_nodes+0x268/0x788 [ 39.349826][ T6503] mas_preallocate+0x4b0/0x778 [ 39.349837][ T6503] commit_merge+0x1a4/0x5b0 [ 39.349850][ T6503] vma_merge_existing_range+0x1388/0x1964 [ 39.349864][ T6503] vma_modify+0x7c/0x424 [ 39.349876][ T6503] vma_modify_flags+0x18c/0x1dc [ 39.349889][ T6503] mlock_fixup+0x18c/0x2c4 [ 39.349900][ T6503] apply_mlockall_flags+0x290/0x344 [ 39.349912][ T6503] __arm64_sys_munlockall+0x11c/0x238 [ 39.349923][ T6503] invoke_syscall+0x98/0x2b8 [ 39.349934][ T6503] el0_svc_common+0x130/0x23c [ 39.349944][ T6503] do_el0_svc+0x48/0x58 [ 39.349954][ T6503] el0_svc+0x58/0x17c [ 39.349967][ T6503] el0t_64_sync_handler+0x78/0x108 [ 39.349980][ T6503] el0t_64_sync+0x198/0x19c [ 39.350149][ T6503] vmg ffff8000a0d67a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 39.350171][ T6503] vmg ffff8000a0d67a60 state: mm ffff0000c9eb9100 pgoff 20000 [ 39.350171][ T6503] vmi ffff8000a0d67c40 [20000000,20800000) [ 39.350171][ T6503] prev ffff0000ca660500 middle ffff0000ca660500 next 0000000000000000 target 0000000000000000 [ 39.350171][ T6503] start 20000000 end 20800000 flags 100077 [ 39.350171][ T6503] file 0000000000000000 anon_vma ffff0000c80acaa0 policy 0000000000000000 [ 39.350171][ T6503] uffd_ctx 0000000000000000 [ 39.350171][ T6503] anon_name 0000000000000000 [ 39.350171][ T6503] state 0 [ 39.350171][ T6503] just_expand 0 [ 39.350171][ T6503] __adjust_middle_start 0 __adjust_next_start 0 [ 39.350171][ T6503] __remove_middle 0 __remove_next 0 [ 39.350225][ T6503] vmg ffff8000a0d67a60 mm: [ 39.350243][ T6503] mm ffff0000c9eb9100 task_size 281474976710656 [ 39.350243][ T6503] mmap_base 281473148436480 mmap_legacy_base 0 [ 39.350243][ T6503] pgd ffff0000c840c000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 39.350243][ T6503] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 39.350243][ T6503] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 39.350243][ T6503] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 39.350243][ T6503] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 39.350243][ T6503] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 39.350243][ T6503] binfmt ffff80008f670700 flags 8000008d [ 39.350243][ T6503] ioctx_table 0000000000000000 [ 39.350243][ T6503] owner ffff0000ca345b80 exe_file ffff0000d4cb41c0 [ 39.350243][ T6503] notifier_subscriptions 0000000000000000 [ 39.350243][ T6503] numa_next_scan 4294941287 numa_scan_offset 0 numa_scan_seq 0 [ 39.350243][ T6503] tlb_flush_pending 0 [ 39.350243][ T6503] def_flags: 0x0() [ 39.350331][ T6503] vmg ffff8000a0d67a60 prev: [ 39.350348][ T6503] vma ffff0000ca660500 start 0000000020000000 end 0000000020800000 mm ffff0000c9eb9100 [ 39.350348][ T6503] prot 20000000000fc3 anon_vma ffff0000c80acaa0 vm_ops 0000000000000000 [ 39.350348][ T6503] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.350348][ T6503] refcnt 1 [ 39.350348][ T6503] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.350388][ T6503] vmg ffff8000a0d67a60 middle: [ 39.350406][ T6503] vma ffff0000ca660500 start 0000000020000000 end 0000000020800000 mm ffff0000c9eb9100 [ 39.350406][ T6503] prot 20000000000fc3 anon_vma ffff0000c80acaa0 vm_ops 0000000000000000 [ 39.350406][ T6503] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.350406][ T6503] refcnt 1 [ 39.350406][ T6503] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.350444][ T6503] vmg ffff8000a0d67a60 next: (NULL) [ 39.350461][ T6503] vmg ffff8000a0d67a60 vmi: [ 39.350478][ T6503] MAS: tree=ffff0000c9eb9140 enode=ffff0000d3ec660c [ 39.350496][ T6503] (ma_active) [ 39.350512][ T6503] Store Type: [ 39.350528][ T6503] node_store [ 39.350550][ T6503] [2/10] index=20000000 last=207fffff [ 39.350570][ T6503] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 39.350591][ T6503] maple_tree(ffff0000c9eb9140) flags 30B, height 2 root ffff0000d8d87a1e [ 39.350613][ T6503] 0-ffffffffffffffff: node ffff0000d8d87a00 depth 0 type 3 parent ffff0000c9eb9141 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3ec660c FFFF93059FFF ffff0000d8d87e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 39.350862][ T6503] 0-ffff93059fff: node ffff0000d3ec6600 depth 1 type 1 parent ffff0000d8d87a06 contents: 0000000000000000 1FFFEFFF ffff0000ca6603c0 1FFFFFFF ffff0000ca660500 207FFFFF ffff0000dd03bc80 20FFFFFF ffff0000ca660640 21000FFF 0000000000000000 AAAAD5929FFF ffff0000ca660780 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000ca6608c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000ca660a00 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 39.351080][ T6503] 0-1fffefff: 0000000000000000 [ 39.351470][ T6503] 1ffff000-1fffffff: ffff0000ca6603c0 [ 39.351508][ T6503] 20000000-207fffff: ffff0000ca660500 [ 39.351537][ T6503] 20800000-20ffffff: ffff0000dd03bc80 [ 39.351565][ T6503] 21000000-21000fff: ffff0000ca660640 [ 39.351594][ T6503] 21001000-aaaad5929fff: 0000000000000000 [ 39.351622][ T6503] aaaad592a000-aaaad594bfff: ffff0000ca660780 [ 39.351651][ T6503] aaaad594c000-ffff92fbffff: 0000000000000000 [ 39.351680][ T6503] ffff92fc0000-ffff9304bfff: ffff0000ca6608c0 [ 39.351708][ T6503] ffff9304c000-ffff93055fff: 0000000000000000 [ 39.351737][ T6503] ffff93056000-ffff93059fff: ffff0000ca660a00 [ 39.351766][ T6503] ffff9305a000-ffffffffffffffff: node ffff0000d8d87e00 depth 1 type 1 parent ffff0000d8d87a0e contents: ffff0000ca660b40 FFFF9305BFFF ffff0000ca660c80 FFFF9305FFFF ffff0000ca660dc0 FFFF93062FFF ffff0000c80a9000 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c80a9140 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 39.351981][ T6503] ffff9305a000-ffff9305bfff: ffff0000ca660b40 [ 39.352010][ T6503] ffff9305c000-ffff9305ffff: ffff0000ca660c80 [ 39.352039][ T6503] ffff93060000-ffff93062fff: ffff0000ca660dc0 [ 39.352068][ T6503] ffff93063000-ffff93068fff: ffff0000c80a9000 [ 39.352097][ T6503] ffff93069000-ffffd1a12fff: 0000000000000000 [ 39.352125][ T6503] ffffd1a13000-ffffd1a33fff: ffff0000c80a9140 [ 39.352155][ T6503] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 39.352288][ T6503] ------------[ cut here ]------------ [ 39.352302][ T6503] WARNING: CPU: 1 PID: 6503 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 39.543988][ T6503] Modules linked in: [ 39.545076][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.548723][ T6503] Tainted: [W]=WARN [ 39.549770][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.552664][ T6503] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.554788][ T6503] pc : vma_merge_existing_range+0x14a8/0x1964 [ 39.556512][ T6503] lr : vma_merge_existing_range+0x14a8/0x1964 [ 39.558176][ T6503] sp : ffff8000a0d67910 [ 39.559356][ T6503] x29: ffff8000a0d67990 x28: dfff800000000000 x27: 0000000000000001 [ 39.561598][ T6503] x26: 0000000020000000 x25: ffff8000a0d67a80 x24: 0000000020000000 [ 39.563804][ T6503] x23: 1ffff000141acf50 x22: ffff0000ca660500 x21: 0000000020800000 [ 39.565982][ T6503] x20: ffff0000ca660500 x19: ffff8000a0d67a60 x18: 0000000000000000 [ 39.568210][ T6503] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 39.570454][ T6503] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 39.572679][ T6503] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 39.574921][ T6503] x8 : ffff0000ca345b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 39.577305][ T6503] x5 : ffff8000a0d66ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 39.579487][ T6503] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 39.581674][ T6503] Call trace: [ 39.582640][ T6503] vma_merge_existing_range+0x14a8/0x1964 (P) [ 39.584300][ T6503] vma_modify+0x7c/0x424 [ 39.585408][ T6503] vma_modify_flags+0x18c/0x1dc [ 39.586750][ T6503] mlock_fixup+0x18c/0x2c4 [ 39.587977][ T6503] apply_mlockall_flags+0x290/0x344 [ 39.589461][ T6503] __arm64_sys_munlockall+0x11c/0x238 [ 39.590906][ T6503] invoke_syscall+0x98/0x2b8 [ 39.592176][ T6503] el0_svc_common+0x130/0x23c [ 39.593490][ T6503] do_el0_svc+0x48/0x58 [ 39.594667][ T6503] el0_svc+0x58/0x17c [ 39.595737][ T6503] el0t_64_sync_handler+0x78/0x108 [ 39.597138][ T6503] el0t_64_sync+0x198/0x19c [ 39.598329][ T6503] irq event stamp: 14426 [ 39.599499][ T6503] hardirqs last enabled at (14425): [] __console_unlock+0x70/0xc4 [ 39.602094][ T6503] hardirqs last disabled at (14426): [] el1_dbg+0x24/0x80 [ 39.604511][ T6503] softirqs last enabled at (14068): [] handle_softirqs+0xaf8/0xc88 [ 39.607194][ T6503] softirqs last disabled at (13775): [] __do_softirq+0x14/0x20 [ 39.609770][ T6503] ---[ end trace 0000000000000000 ]--- executing program [ 39.681650][ T6504] FAULT_INJECTION: forcing a failure. [ 39.681650][ T6504] name fails ** replaying previous printk message ** [ 39.681650][ T6504] FAULT_INJECTION: forcing a failure. [ 39.681650][ T6504] name failslab, interval 1, probability 0, space 0, times 0 [ 39.681720][ T6504] CPU: 1 UID: 0 PID: 6504 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.681738][ T6504] Tainted: [W]=WARN [ 39.681742][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.681749][ T6504] Call trace: [ 39.681753][ T6504] show_stack+0x2c/0x3c (C) [ 39.681769][ T6504] __dump_stack+0x30/0x40 [ 39.681781][ T6504] dump_stack_lvl+0xd8/0x12c [ 39.681791][ T6504] dump_stack+0x1c/0x28 [ 39.681800][ T6504] should_fail_ex+0x41c/0x594 [ 39.681812][ T6504] should_failslab+0xc0/0x128 [ 39.681826][ T6504] kmem_cache_alloc_noprof+0x80/0x3e8 [ 39.681840][ T6504] mas_alloc_nodes+0x268/0x788 [ 39.681854][ T6504] mas_preallocate+0x4b0/0x778 [ 39.681866][ T6504] commit_merge+0x1a4/0x5b0 [ 39.681879][ T6504] vma_merge_existing_range+0x1388/0x1964 [ 39.681893][ T6504] vma_modify+0x7c/0x424 [ 39.681905][ T6504] vma_modify_flags+0x18c/0x1dc [ 39.681918][ T6504] mlock_fixup+0x18c/0x2c4 [ 39.681930][ T6504] apply_mlockall_flags+0x290/0x344 [ 39.681941][ T6504] __arm64_sys_munlockall+0x11c/0x238 [ 39.681953][ T6504] invoke_syscall+0x98/0x2b8 [ 39.681963][ T6504] el0_svc_common+0x130/0x23c [ 39.681974][ T6504] do_el0_svc+0x48/0x58 [ 39.681983][ T6504] el0_svc+0x58/0x17c [ 39.681996][ T6504] el0t_64_sync_handler+0x78/0x108 [ 39.682010][ T6504] el0t_64_sync+0x198/0x19c [ 39.682193][ T6504] vmg ffff8000a0d57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 39.682217][ T6504] vmg ffff8000a0d57a60 state: mm ffff0000c9eb9980 pgoff 20000 [ 39.682217][ T6504] vmi ffff8000a0d57c40 [20000000,20800000) [ 39.682217][ T6504] prev ffff0000c80a93c0 middle ffff0000c80a93c0 next 0000000000000000 target 0000000000000000 [ 39.682217][ T6504] start 20000000 end 20800000 flags 100077 [ 39.682217][ T6504] file 0000000000000000 anon_vma ffff0000c80accc0 policy 0000000000000000 [ 39.682217][ T6504] uffd_ctx 0000000000000000 [ 39.682217][ T6504] anon_name 0000000000000000 [ 39.682217][ T6504] state 0 [ 39.682217][ T6504] just_expand 0 [ 39.682217][ T6504] __adjust_middle_start 0 __adjust_next_start 0 [ 39.682217][ T6504] __remove_middle 0 __remove_next 0 [ 39.682283][ T6504] vmg ffff8000a0d57a60 mm: [ 39.682303][ T6504] mm ffff0000c9eb9980 task_size 281474976710656 [ 39.682303][ T6504] mmap_base 281473148436480 mmap_legacy_base 0 [ 39.682303][ T6504] pgd ffff0000cf3d7000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 39.682303][ T6504] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 39.682303][ T6504] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 39.682303][ T6504] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 39.682303][ T6504] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 39.682303][ T6504] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 39.682303][ T6504] binfmt ffff80008f670700 flags 8000008d [ 39.682303][ T6504] ioctx_table 0000000000000000 [ 39.682303][ T6504] owner ffff0000dd270000 exe_file ffff0000d4cb41c0 [ 39.682303][ T6504] notifier_subscriptions 0000000000000000 [ 39.682303][ T6504] numa_next_scan 4294941320 numa_scan_offset 0 numa_scan_seq 0 [ 39.682303][ T6504] tlb_flush_pending 0 [ 39.682303][ T6504] def_flags: 0x0() [ 39.682386][ T6504] vmg ffff8000a0d57a60 prev: [ 39.682404][ T6504] vma ffff0000c80a93c0 start 0000000020000000 end 0000000020800000 mm ffff0000c9eb9980 [ 39.682404][ T6504] prot 20000000000fc3 anon_vma ffff0000c80accc0 vm_ops 0000000000000000 [ 39.682404][ T6504] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.682404][ T6504] refcnt 1 [ 39.682404][ T6504] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.682453][ T6504] vmg ffff8000a0d57a60 middle: [ 39.682472][ T6504] vma ffff0000c80a93c0 start 0000000020000000 end 0000000020800000 mm ffff0000c9eb9980 [ 39.682472][ T6504] prot 20000000000fc3 anon_vma ffff0000c80accc0 vm_ops 0000000000000000 [ 39.682472][ T6504] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 39.682472][ T6504] refcnt 1 [ 39.682472][ T6504] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 39.682512][ T6504] vmg ffff8000a0d57a60 next: (NULL) [ 39.682531][ T6504] vmg ffff8000a0d57a60 vmi: [ 39.682549][ T6504] MAS: tree=ffff0000c9eb99c0 enode=ffff0000d3ec620c [ 39.682562][ T6504] (ma_active) [ 39.682578][ T6504] Store Type: [ 39.682594][ T6504] node_store [ 39.682617][ T6504] [2/10] index=20000000 last=207fffff [ 39.682639][ T6504] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 39.682662][ T6504] maple_tree(ffff0000c9eb99c0) flags 30B, height 2 root ffff0000d863401e [ 39.682685][ T6504] 0-ffffffffffffffff: node ffff0000d8634000 depth 0 type 3 parent ffff0000c9eb99c1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3ec620c FFFF93059FFF ffff0000d863440c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 39.682951][ T6504] 0-ffff93059fff: node ffff0000d3ec6200 depth 1 type 1 parent ffff0000d8634006 contents: 0000000000000000 1FFFEFFF ffff0000c80a9280 1FFFFFFF ffff0000c80a93c0 207FFFFF ffff0000dd038000 20FFFFFF ffff0000c80a9500 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c80a9640 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c80a9780 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c80a98c0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 39.683182][ T6504] 0-1fffefff: 0000000000000000 [ 39.683211][ T6504] 1ffff000-1fffffff: ffff0000c80a9280 [ 39.683242][ T6504] 20000000-207fffff: ffff0000c80a93c0 [ 39.683272][ T6504] 20800000-20ffffff: ffff0000dd038000 [ 39.683307][ T6504] 21000000-21000fff: ffff0000c80a9500 [ 39.683337][ T6504] 21001000-aaaad5929fff: 0000000000000000 [ 39.683367][ T6504] aaaad592a000-aaaad594bfff: ffff0000c80a9640 [ 39.683398][ T6504] aaaad594c000-ffff92fbffff: 0000000000000000 [ 39.683430][ T6504] ffff92fc0000-ffff9304bfff: ffff0000c80a9780 [ 39.683459][ T6504] ffff9304c000-ffff93055fff: 0000000000000000 [ 39.683487][ T6504] ffff93056000-ffff93059fff: ffff0000c80a98c0 [ 39.683516][ T6504] ffff9305a000-ffffffffffffffff: node ffff0000d8634400 depth 1 type 1 parent ffff0000d863400e contents: ffff0000c80a9a00 FFFF9305BFFF ffff0000c80a9b40 FFFF9305FFFF ffff0000c80a9c80 FFFF93062FFF ffff0000c80a9dc0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8709000 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 39.683736][ T6504] ffff9305a000-ffff9305bfff: ffff0000c80a9a00 [ 39.683765][ T6504] ffff9305c000-ffff9305ffff: ffff0000c80a9b40 [ 39.683794][ T6504] ffff93060000-ffff93062fff: ffff0000c80a9c80 [ 39.683822][ T6504] ffff93063000-ffff93068fff: ffff0000c80a9dc0 [ 39.683851][ T6504] ffff93069000-ffffd1a12fff: 0000000000000000 [ 39.683880][ T6504] ffffd1a13000-ffffd1a33fff: ffff0000c8709000 [ 39.683909][ T6504] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 39.684040][ T6504] ------------[ cut here ]------------ [ 39.684053][ T6504] WARNING: CPU: 1 PID: 6504 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 39.874940][ T6504] Modules linked in: [ 39.876042][ T6504] CPU: 1 UID: 0 PID: 6504 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 39.879743][ T6504] Tainted: [W]=WARN [ 39.880811][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.883786][ T6504] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 39.885925][ T6504] pc : vma_merge_existing_range+0x14a8/0x1964 [ 39.887658][ T6504] lr : vma_merge_existing_range+0x14a8/0x1964 [ 39.889350][ T6504] sp : ffff8000a0d57910 [ 39.890571][ T6504] x29: ffff8000a0d57990 x28: dfff800000000000 x27: 0000000000000001 [ 39.892777][ T6504] x26: 0000000020000000 x25: ffff8000a0d57a80 x24: 0000000020000000 [ 39.894984][ T6504] x23: 1ffff000141aaf50 x22: ffff0000c80a93c0 x21: 0000000020800000 [ 39.897181][ T6504] x20: ffff0000c80a93c0 x19: ffff8000a0d57a60 x18: 0000000000000000 [ 39.899479][ T6504] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 39.901680][ T6504] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 39.903892][ T6504] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 39.906132][ T6504] x8 : ffff0000dd270000 x7 : 0000000000000001 x6 : 0000000000000001 [ 39.908357][ T6504] x5 : ffff8000a0d56ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 39.910636][ T6504] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 39.912890][ T6504] Call trace: [ 39.913835][ T6504] vma_merge_existing_range+0x14a8/0x1964 (P) [ 39.915508][ T6504] vma_modify+0x7c/0x424 [ 39.916671][ T6504] vma_modify_flags+0x18c/0x1dc [ 39.918028][ T6504] mlock_fixup+0x18c/0x2c4 [ 39.919302][ T6504] apply_mlockall_flags+0x290/0x344 [ 39.920766][ T6504] __arm64_sys_munlockall+0x11c/0x238 [ 39.922279][ T6504] invoke_syscall+0x98/0x2b8 [ 39.923554][ T6504] el0_svc_common+0x130/0x23c [ 39.924823][ T6504] do_el0_svc+0x48/0x58 [ 39.925993][ T6504] el0_svc+0x58/0x17c [ 39.927127][ T6504] el0t_64_sync_handler+0x78/0x108 [ 39.928515][ T6504] el0t_64_sync+0x198/0x19c [ 39.929785][ T6504] irq event stamp: 14434 [ 39.930987][ T6504] hardirqs last enabled at (14433): [] __console_unlock+0x70/0xc4 [ 39.933674][ T6504] hardirqs last disabled at (14434): [] el1_dbg+0x24/0x80 [ 39.936146][ T6504] softirqs last enabled at (10688): [] handle_softirqs+0xaf8/0xc88 [ 39.938937][ T6504] softirqs last disabled at (10393): [] __do_softirq+0x14/0x20 [ 39.941506][ T6504] ---[ end trace 0000000000000000 ]--- executing program [ 40.012015][ T6505] FAULT_INJECTION: forcing a failure. [ 40.012015][ T6505] name failslab, interval 1, probability 0, space 0, times 0 [ ** replaying previous printk message ** [ 40.012087][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.012104][ T6505] Tainted: [W]=WARN [ 40.012109][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.012116][ T6505] Call trace: [ 40.012120][ T6505] show_stack+0x2c/0x3c (C) [ 40.012137][ T6505] __dump_stack+0x30/0x40 [ 40.012148][ T6505] dump_stack_lvl+0xd8/0x12c [ 40.012158][ T6505] dump_stack+0x1c/0x28 [ 40.012168][ T6505] should_fail_ex+0x41c/0x594 [ 40.012180][ T6505] should_failslab+0xc0/0x128 [ 40.012194][ T6505] kmem_cache_alloc_noprof+0x80/0x3e8 [ 40.012208][ T6505] mas_alloc_nodes+0x268/0x788 [ 40.012221][ T6505] mas_preallocate+0x4b0/0x778 [ 40.012233][ T6505] commit_merge+0x1a4/0x5b0 [ 40.012246][ T6505] vma_merge_existing_range+0x1388/0x1964 [ 40.012260][ T6505] vma_modify+0x7c/0x424 [ 40.012279][ T6505] vma_modify_flags+0x18c/0x1dc [ 40.012293][ T6505] mlock_fixup+0x18c/0x2c4 [ 40.012305][ T6505] apply_mlockall_flags+0x290/0x344 [ 40.012316][ T6505] __arm64_sys_munlockall+0x11c/0x238 [ 40.012328][ T6505] invoke_syscall+0x98/0x2b8 [ 40.012339][ T6505] el0_svc_common+0x130/0x23c [ 40.012349][ T6505] do_el0_svc+0x48/0x58 [ 40.012359][ T6505] el0_svc+0x58/0x17c [ 40.012372][ T6505] el0t_64_sync_handler+0x78/0x108 [ 40.012385][ T6505] el0t_64_sync+0x198/0x19c [ 40.013963][ T6505] vmg ffff8000a4227a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 40.013991][ T6505] vmg ffff8000a4227a60 state: mm ffff0000c9eba200 pgoff 20000 [ 40.013991][ T6505] vmi ffff8000a4227c40 [20000000,20800000) [ 40.013991][ T6505] prev ffff0000c8709280 middle ffff0000c8709280 next 0000000000000000 target 0000000000000000 [ 40.013991][ T6505] start 20000000 end 20800000 flags 100077 [ 40.013991][ T6505] file 0000000000000000 anon_vma ffff0000c80acee0 policy 0000000000000000 [ 40.013991][ T6505] uffd_ctx 0000000000000000 [ 40.013991][ T6505] anon_name 0000000000000000 [ 40.013991][ T6505] state 0 [ 40.013991][ T6505] just_expand 0 [ 40.013991][ T6505] __adjust_middle_start 0 __adjust_next_start 0 [ 40.013991][ T6505] __remove_middle 0 __remove_next 0 [ 40.014045][ T6505] vmg ffff8000a4227a60 mm: [ 40.014063][ T6505] mm ffff0000c9eba200 task_size 281474976710656 [ 40.014063][ T6505] mmap_base 281473148436480 mmap_legacy_base 0 [ 40.014063][ T6505] pgd ffff0000dd246000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 40.014063][ T6505] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 40.014063][ T6505] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 40.014063][ T6505] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 40.014063][ T6505] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 40.014063][ T6505] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 40.014063][ T6505] binfmt ffff80008f670700 flags 8000008d [ 40.014063][ T6505] ioctx_table 0000000000000000 [ 40.014063][ T6505] owner ffff0000dd271e80 exe_file ffff0000d4cb41c0 [ 40.014063][ T6505] notifier_subscriptions 0000000000000000 [ 40.014063][ T6505] numa_next_scan 4294941353 numa_scan_offset 0 numa_scan_seq 0 [ 40.014063][ T6505] tlb_flush_pending 0 [ 40.014063][ T6505] def_flags: 0x0() [ 40.014142][ T6505] vmg ffff8000a4227a60 prev: [ 40.014159][ T6505] vma ffff0000c8709280 start 0000000020000000 end 0000000020800000 mm ffff0000c9eba200 [ 40.014159][ T6505] prot 20000000000fc3 anon_vma ffff0000c80acee0 vm_ops 0000000000000000 [ 40.014159][ T6505] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.014159][ T6505] refcnt 1 [ 40.014159][ T6505] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.014198][ T6505] vmg ffff8000a4227a60 middle: [ 40.014215][ T6505] vma ffff0000c8709280 start 0000000020000000 end 0000000020800000 mm ffff0000c9eba200 [ 40.014215][ T6505] prot 20000000000fc3 anon_vma ffff0000c80acee0 vm_ops 0000000000000000 [ 40.014215][ T6505] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.014215][ T6505] refcnt 1 [ 40.014215][ T6505] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.014253][ T6505] vmg ffff8000a4227a60 next: (NULL) [ 40.014271][ T6505] vmg ffff8000a4227a60 vmi: [ 40.014298][ T6505] MAS: tree=ffff0000c9eba240 enode=ffff0000d3ec720c [ 40.014311][ T6505] (ma_active) [ 40.014326][ T6505] Store Type: [ 40.014342][ T6505] node_store [ 40.014363][ T6505] [2/10] index=20000000 last=207fffff [ 40.014383][ T6505] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 40.014405][ T6505] maple_tree(ffff0000c9eba240) flags 30B, height 2 root ffff0000d23ff61e [ 40.014433][ T6505] 0-ffffffffffffffff: node ffff0000d23ff600 depth 0 type 3 parent ffff0000c9eba241 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3ec720c FFFF93059FFF ffff0000d23fe20c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 40.014687][ T6505] 0-ffff93059fff: node ffff0000d3ec7200 depth 1 type 1 parent ffff0000d23ff606 contents: 0000000000000000 1FFFEFFF ffff0000c8709140 1FFFFFFF ffff0000c8709280 207FFFFF ffff0000dd038280 20FFFFFF ffff0000c87093c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c8709500 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c8709640 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c8709780 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 40.014905][ T6505] 0-1fffefff: 0000000000000000 [ 40.014933][ T6505] 1ffff000-1fffffff: ffff0000c8709140 [ 40.014962][ T6505] 20000000-207fffff: ffff0000c8709280 [ 40.014990][ T6505] 20800000-20ffffff: ffff0000dd038280 [ 40.015019][ T6505] 21000000-21000fff: ffff0000c87093c0 [ 40.015047][ T6505] 21001000-aaaad5929fff: 0000000000000000 [ 40.015076][ T6505] aaaad592a000-aaaad594bfff: ffff0000c8709500 [ 40.015105][ T6505] aaaad594c000-ffff92fbffff: 0000000000000000 [ 40.015134][ T6505] ffff92fc0000-ffff9304bfff: ffff0000c8709640 [ 40.015163][ T6505] ffff9304c000-ffff93055fff: 0000000000000000 [ 40.015191][ T6505] ffff93056000-ffff93059fff: ffff0000c8709780 [ 40.015220][ T6505] ffff9305a000-ffffffffffffffff: node ffff0000d23fe200 depth 1 type 1 parent ffff0000d23ff60e contents: ffff0000c87098c0 FFFF9305BFFF ffff0000c8709a00 FFFF9305FFFF ffff0000c8709b40 FFFF93062FFF ffff0000c8709c80 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8709dc0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 40.015443][ T6505] ffff9305a000-ffff9305bfff: ffff0000c87098c0 [ 40.015472][ T6505] ffff9305c000-ffff9305ffff: ffff0000c8709a00 [ 40.015501][ T6505] ffff93060000-ffff93062fff: ffff0000c8709b40 [ 40.015530][ T6505] ffff93063000-ffff93068fff: ffff0000c8709c80 [ 40.015559][ T6505] ffff93069000-ffffd1a12fff: 0000000000000000 [ 40.015588][ T6505] ffffd1a13000-ffffd1a33fff: ffff0000c8709dc0 [ 40.015617][ T6505] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 40.015744][ T6505] ------------[ cut here ]------------ [ 40.015756][ T6505] WARNING: CPU: 1 PID: 6505 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 40.203573][ T6505] Modules linked in: [ 40.204664][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.208270][ T6505] Tainted: [W]=WARN [ 40.209313][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.211903][ T6505] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.213985][ T6505] pc : vma_merge_existing_range+0x14a8/0x1964 [ 40.215595][ T6505] lr : vma_merge_existing_range+0x14a8/0x1964 [ 40.217268][ T6505] sp : ffff8000a4227910 [ 40.218423][ T6505] x29: ffff8000a4227990 x28: dfff800000000000 x27: 0000000000000001 [ 40.220553][ T6505] x26: 0000000020000000 x25: ffff8000a4227a80 x24: 0000000020000000 [ 40.222735][ T6505] x23: 1ffff00014844f50 x22: ffff0000c8709280 x21: 0000000020800000 [ 40.224895][ T6505] x20: ffff0000c8709280 x19: ffff8000a4227a60 x18: 0000000000000000 [ 40.227061][ T6505] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 40.229237][ T6505] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 40.231452][ T6505] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 40.233662][ T6505] x8 : ffff0000dd271e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 40.235849][ T6505] x5 : ffff8000a4226ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 40.238015][ T6505] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 40.240185][ T6505] Call trace: [ 40.241095][ T6505] vma_merge_existing_range+0x14a8/0x1964 (P) [ 40.242766][ T6505] vma_modify+0x7c/0x424 [ 40.243923][ T6505] vma_modify_flags+0x18c/0x1dc [ 40.245295][ T6505] mlock_fixup+0x18c/0x2c4 [ 40.246583][ T6505] apply_mlockall_flags+0x290/0x344 [ 40.248001][ T6505] __arm64_sys_munlockall+0x11c/0x238 [ 40.249437][ T6505] invoke_syscall+0x98/0x2b8 [ 40.250685][ T6505] el0_svc_common+0x130/0x23c [ 40.251926][ T6505] do_el0_svc+0x48/0x58 [ 40.253088][ T6505] el0_svc+0x58/0x17c [ 40.254172][ T6505] el0t_64_sync_handler+0x78/0x108 [ 40.255530][ T6505] el0t_64_sync+0x198/0x19c [ 40.256734][ T6505] irq event stamp: 14396 [ 40.257894][ T6505] hardirqs last enabled at (14395): [] __console_unlock+0x70/0xc4 [ 40.260545][ T6505] hardirqs last disabled at (14396): [] el1_dbg+0x24/0x80 [ 40.262878][ T6505] softirqs last enabled at (10914): [] handle_softirqs+0xaf8/0xc88 [ 40.265414][ T6505] softirqs last disabled at (10661): [] __do_softirq+0x14/0x20 [ 40.267931][ T6505] ---[ end trace 0000000000000000 ]--- executing program [ 40.337611][ T6506] FAULT_INJECTION: forcing a failure. [ 40.337611][ T6506] name failslab, interval 1, probability 0, space 0, times 0 [ 40.337682][ T6506] CPU: 1 UID: 0 PID: 6506 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.337701][ T6506] ** replaying previous printk message ** [ 40.337701][ T6506] Tainted: [W]=WARN [ 40.337706][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.337713][ T6506] Call trace: [ 40.337717][ T6506] show_stack+0x2c/0x3c (C) [ 40.337734][ T6506] __dump_stack+0x30/0x40 [ 40.337747][ T6506] dump_stack_lvl+0xd8/0x12c [ 40.337757][ T6506] dump_stack+0x1c/0x28 [ 40.337768][ T6506] should_fail_ex+0x41c/0x594 [ 40.337781][ T6506] should_failslab+0xc0/0x128 [ 40.337794][ T6506] kmem_cache_alloc_noprof+0x80/0x3e8 [ 40.337810][ T6506] mas_alloc_nodes+0x268/0x788 [ 40.337824][ T6506] mas_preallocate+0x4b0/0x778 [ 40.337836][ T6506] commit_merge+0x1a4/0x5b0 [ 40.337850][ T6506] vma_merge_existing_range+0x1388/0x1964 [ 40.337864][ T6506] vma_modify+0x7c/0x424 [ 40.337877][ T6506] vma_modify_flags+0x18c/0x1dc [ 40.337890][ T6506] mlock_fixup+0x18c/0x2c4 [ 40.337903][ T6506] apply_mlockall_flags+0x290/0x344 [ 40.337915][ T6506] __arm64_sys_munlockall+0x11c/0x238 [ 40.337927][ T6506] invoke_syscall+0x98/0x2b8 [ 40.337938][ T6506] el0_svc_common+0x130/0x23c [ 40.337949][ T6506] do_el0_svc+0x48/0x58 [ 40.337960][ T6506] el0_svc+0x58/0x17c [ 40.337973][ T6506] el0t_64_sync_handler+0x78/0x108 [ 40.337987][ T6506] el0t_64_sync+0x198/0x19c [ 40.340906][ T6506] vmg ffff8000a4217a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 40.340937][ T6506] vmg ffff8000a4217a60 state: mm ffff0000c9ebaa80 pgoff 20000 [ 40.340937][ T6506] vmi ffff8000a4217c40 [20000000,20800000) [ 40.340937][ T6506] prev ffff0000c8b36140 middle ffff0000c8b36140 next 0000000000000000 target 0000000000000000 [ 40.340937][ T6506] start 20000000 end 20800000 flags 100077 [ 40.340937][ T6506] file 0000000000000000 anon_vma ffff0000d3fef110 policy 0000000000000000 [ 40.340937][ T6506] uffd_ctx 0000000000000000 [ 40.340937][ T6506] anon_name 0000000000000000 [ 40.340937][ T6506] state 0 [ 40.340937][ T6506] just_expand 0 [ 40.340937][ T6506] __adjust_middle_start 0 __adjust_next_start 0 [ 40.340937][ T6506] __remove_middle 0 __remove_next 0 [ 40.340991][ T6506] vmg ffff8000a4217a60 mm: [ 40.341009][ T6506] mm ffff0000c9ebaa80 task_size 281474976710656 [ 40.341009][ T6506] mmap_base 281473148436480 mmap_legacy_base 0 [ 40.341009][ T6506] pgd ffff0000c8b35000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 40.341009][ T6506] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 40.341009][ T6506] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 40.341009][ T6506] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 40.341009][ T6506] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 40.341009][ T6506] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 40.341009][ T6506] binfmt ffff80008f670700 flags 8000008d [ 40.341009][ T6506] ioctx_table 0000000000000000 [ 40.341009][ T6506] owner ffff0000dd273d00 exe_file ffff0000d4cb41c0 [ 40.341009][ T6506] notifier_subscriptions 0000000000000000 [ 40.341009][ T6506] numa_next_scan 4294941385 numa_scan_offset 0 numa_scan_seq 0 [ 40.341009][ T6506] tlb_flush_pending 0 [ 40.341009][ T6506] def_flags: 0x0() [ 40.341088][ T6506] vmg ffff8000a4217a60 prev: [ 40.344134][ T6506] vma ffff0000c8b36140 start 0000000020000000 end 0000000020800000 mm ffff0000c9ebaa80 [ 40.344134][ T6506] prot 20000000000fc3 anon_vma ffff0000d3fef110 vm_ops 0000000000000000 [ 40.344134][ T6506] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.344134][ T6506] refcnt 1 [ 40.344134][ T6506] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.344183][ T6506] vmg ffff8000a4217a60 middle: [ 40.344200][ T6506] vma ffff0000c8b36140 start 0000000020000000 end 0000000020800000 mm ffff0000c9ebaa80 [ 40.344200][ T6506] prot 20000000000fc3 anon_vma ffff0000d3fef110 vm_ops 0000000000000000 [ 40.344200][ T6506] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.344200][ T6506] refcnt 1 [ 40.344200][ T6506] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.344239][ T6506] vmg ffff8000a4217a60 next: (NULL) [ 40.344256][ T6506] vmg ffff8000a4217a60 vmi: [ 40.344283][ T6506] MAS: tree=ffff0000c9ebaac0 enode=ffff0000d3ec6c0c [ 40.344297][ T6506] (ma_active) [ 40.344312][ T6506] Store Type: [ 40.344328][ T6506] node_store [ 40.344350][ T6506] [2/10] index=20000000 last=207fffff [ 40.344370][ T6506] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 40.344391][ T6506] maple_tree(ffff0000c9ebaac0) flags 30B, height 2 root ffff0000d23ff81e [ 40.344413][ T6506] 0-ffffffffffffffff: node ffff0000d23ff800 depth 0 type 3 parent ffff0000c9ebaac1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d3ec6c0c FFFF93059FFF ffff0000d4cc860c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 40.344672][ T6506] 0-ffff93059fff: node ffff0000d3ec6c00 depth 1 type 1 parent ffff0000d23ff806 contents: 0000000000000000 1FFFEFFF ffff0000c8b36000 1FFFFFFF ffff0000c8b36140 207FFFFF ffff0000dd038500 20FFFFFF ffff0000c8b36280 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c8b363c0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c8b36500 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c8b36640 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 40.344891][ T6506] 0-1fffefff: 0000000000000000 [ 40.344918][ T6506] 1ffff000-1fffffff: ffff0000c8b36000 [ 40.344947][ T6506] 20000000-207fffff: ffff0000c8b36140 [ 40.344976][ T6506] 20800000-20ffffff: ffff0000dd038500 [ 40.345004][ T6506] 21000000-21000fff: ffff0000c8b36280 [ 40.345033][ T6506] 21001000-aaaad5929fff: 0000000000000000 [ 40.345061][ T6506] aaaad592a000-aaaad594bfff: ffff0000c8b363c0 [ 40.345090][ T6506] aaaad594c000-ffff92fbffff: 0000000000000000 [ 40.345119][ T6506] ffff92fc0000-ffff9304bfff: ffff0000c8b36500 [ 40.345148][ T6506] ffff9304c000-ffff93055fff: 0000000000000000 [ 40.345176][ T6506] ffff93056000-ffff93059fff: ffff0000c8b36640 [ 40.345206][ T6506] ffff9305a000-ffffffffffffffff: node ffff0000d4cc8600 depth 1 type 1 parent ffff0000d23ff80e contents: ffff0000c8b36780 FFFF9305BFFF ffff0000c8b368c0 FFFF9305FFFF ffff0000c8b36a00 FFFF93062FFF ffff0000c8b36b40 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c8b36c80 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 40.345425][ T6506] ffff9305a000-ffff9305bfff: ffff0000c8b36780 [ 40.345455][ T6506] ffff9305c000-ffff9305ffff: ffff0000c8b368c0 [ 40.345484][ T6506] ffff93060000-ffff93062fff: ffff0000c8b36a00 [ 40.345517][ T6506] ffff93063000-ffff93068fff: ffff0000c8b36b40 [ 40.345546][ T6506] ffff93069000-ffffd1a12fff: 0000000000000000 [ 40.345574][ T6506] ffffd1a13000-ffffd1a33fff: ffff0000c8b36c80 [ 40.345603][ T6506] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 40.345730][ T6506] ------------[ cut here ]------------ [ 40.345743][ T6506] WARNING: CPU: 1 PID: 6506 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 40.529249][ T6506] Modules linked in: [ 40.530351][ T6506] CPU: 1 UID: 0 PID: 6506 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.534015][ T6506] Tainted: [W]=WARN [ 40.535073][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.537834][ T6506] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.540002][ T6506] pc : vma_merge_existing_range+0x14a8/0x1964 [ 40.541627][ T6506] lr : vma_merge_existing_range+0x14a8/0x1964 [ 40.543319][ T6506] sp : ffff8000a4217910 [ 40.544426][ T6506] x29: ffff8000a4217990 x28: dfff800000000000 x27: 0000000000000001 [ 40.546597][ T6506] x26: 0000000020000000 x25: ffff8000a4217a80 x24: 0000000020000000 [ 40.548843][ T6506] x23: 1ffff00014842f50 x22: ffff0000c8b36140 x21: 0000000020800000 [ 40.550972][ T6506] x20: ffff0000c8b36140 x19: ffff8000a4217a60 x18: 1fffe0003386f276 [ 40.553224][ T6506] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 40.555452][ T6506] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 40.557739][ T6506] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 40.559923][ T6506] x8 : ffff0000dd273d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 40.562053][ T6506] x5 : ffff8000a4216ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 40.564224][ T6506] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 40.566434][ T6506] Call trace: [ 40.567316][ T6506] vma_merge_existing_range+0x14a8/0x1964 (P) [ 40.569100][ T6506] vma_modify+0x7c/0x424 [ 40.570292][ T6506] vma_modify_flags+0x18c/0x1dc [ 40.571614][ T6506] mlock_fixup+0x18c/0x2c4 [ 40.572847][ T6506] apply_mlockall_flags+0x290/0x344 [ 40.574293][ T6506] __arm64_sys_munlockall+0x11c/0x238 [ 40.575788][ T6506] invoke_syscall+0x98/0x2b8 [ 40.577036][ T6506] el0_svc_common+0x130/0x23c [ 40.578365][ T6506] do_el0_svc+0x48/0x58 [ 40.579527][ T6506] el0_svc+0x58/0x17c [ 40.580600][ T6506] el0t_64_sync_handler+0x78/0x108 [ 40.581953][ T6506] el0t_64_sync+0x198/0x19c [ 40.583181][ T6506] irq event stamp: 14440 [ 40.584363][ T6506] hardirqs last enabled at (14439): [] __console_unlock+0x70/0xc4 [ 40.586967][ T6506] hardirqs last disabled at (14440): [] el1_dbg+0x24/0x80 [ 40.589318][ T6506] softirqs last enabled at (13708): [] handle_softirqs+0xaf8/0xc88 [ 40.592002][ T6506] softirqs last disabled at (13587): [] __do_softirq+0x14/0x20 [ 40.594493][ T6506] ---[ end trace 0000000000000000 ]--- executing program [ 40.668169][ T6507] FAULT_INJECTION: forcing a failure. [ 40.668169][ T6507] name fa ** replaying previous printk message ** [ 40.668169][ T6507] FAULT_INJECTION: forcing a failure. [ 40.668169][ T6507] name failslab, interval 1, probability 0, space 0, times 0 [ 40.668246][ T6507] CPU: 0 UID: 0 PID: 6507 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.668265][ T6507] Tainted: [W]=WARN [ 40.668269][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.668285][ T6507] Call trace: [ 40.668289][ T6507] show_stack+0x2c/0x3c (C) [ 40.668307][ T6507] __dump_stack+0x30/0x40 [ 40.668325][ T6507] dump_stack_lvl+0xd8/0x12c [ 40.668337][ T6507] dump_stack+0x1c/0x28 [ 40.668347][ T6507] should_fail_ex+0x41c/0x594 [ 40.668360][ T6507] should_failslab+0xc0/0x128 [ 40.668374][ T6507] kmem_cache_alloc_noprof+0x80/0x3e8 [ 40.668389][ T6507] mas_alloc_nodes+0x268/0x788 [ 40.668403][ T6507] mas_preallocate+0x4b0/0x778 [ 40.668416][ T6507] commit_merge+0x1a4/0x5b0 [ 40.668429][ T6507] vma_merge_existing_range+0x1388/0x1964 [ 40.668444][ T6507] vma_modify+0x7c/0x424 [ 40.668457][ T6507] vma_modify_flags+0x18c/0x1dc [ 40.668470][ T6507] mlock_fixup+0x18c/0x2c4 [ 40.668482][ T6507] apply_mlockall_flags+0x290/0x344 [ 40.668494][ T6507] __arm64_sys_munlockall+0x11c/0x238 [ 40.668507][ T6507] invoke_syscall+0x98/0x2b8 [ 40.668518][ T6507] el0_svc_common+0x130/0x23c [ 40.668528][ T6507] do_el0_svc+0x48/0x58 [ 40.668539][ T6507] el0_svc+0x58/0x17c [ 40.668552][ T6507] el0t_64_sync_handler+0x78/0x108 [ 40.668567][ T6507] el0t_64_sync+0x198/0x19c [ 40.668749][ T6507] vmg ffff8000a0c57a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 40.668773][ T6507] vmg ffff8000a0c57a60 state: mm ffff0000ca5e3b80 pgoff 20000 [ 40.668773][ T6507] vmi ffff8000a0c57c40 [20000000,20800000) [ 40.668773][ T6507] prev ffff0000dd038780 middle ffff0000dd038780 next 0000000000000000 target 0000000000000000 [ 40.668773][ T6507] start 20000000 end 20800000 flags 100077 [ 40.668773][ T6507] file 0000000000000000 anon_vma ffff0000ca9f3660 policy 0000000000000000 [ 40.668773][ T6507] uffd_ctx 0000000000000000 [ 40.668773][ T6507] anon_name 0000000000000000 [ 40.668773][ T6507] state 0 [ 40.668773][ T6507] just_expand 0 [ 40.668773][ T6507] __adjust_middle_start 0 __adjust_next_start 0 [ 40.668773][ T6507] __remove_middle 0 __remove_next 0 [ 40.668830][ T6507] vmg ffff8000a0c57a60 mm: [ 40.668849][ T6507] mm ffff0000ca5e3b80 task_size 281474976710656 [ 40.668849][ T6507] mmap_base 281473148436480 mmap_legacy_base 0 [ 40.668849][ T6507] pgd ffff0000ca666000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 40.668849][ T6507] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 40.668849][ T6507] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 40.668849][ T6507] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 40.668849][ T6507] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 40.668849][ T6507] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 40.668849][ T6507] binfmt ffff80008f670700 flags 8000008d [ 40.668849][ T6507] ioctx_table 0000000000000000 [ 40.668849][ T6507] owner ffff0000dd21bd00 exe_file ffff0000d4cb41c0 [ 40.668849][ T6507] notifier_subscriptions 0000000000000000 [ 40.668849][ T6507] numa_next_scan 4294941419 numa_scan_offset 0 numa_scan_seq 0 [ 40.668849][ T6507] tlb_flush_pending 0 [ 40.668849][ T6507] def_flags: 0x0() [ 40.668932][ T6507] vmg ffff8000a0c57a60 prev: [ 40.668950][ T6507] vma ffff0000dd038780 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e3b80 [ 40.668950][ T6507] prot 20000000000fc3 anon_vma ffff0000ca9f3660 vm_ops 0000000000000000 [ 40.668950][ T6507] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.668950][ T6507] refcnt 1 [ 40.668950][ T6507] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.668993][ T6507] vmg ffff8000a0c57a60 middle: [ 40.669011][ T6507] vma ffff0000dd038780 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e3b80 [ 40.669011][ T6507] prot 20000000000fc3 anon_vma ffff0000ca9f3660 vm_ops 0000000000000000 [ 40.669011][ T6507] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.669011][ T6507] refcnt 1 [ 40.669011][ T6507] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.669052][ T6507] vmg ffff8000a0c57a60 next: (NULL) [ 40.669070][ T6507] vmg ffff8000a0c57a60 vmi: [ 40.669088][ T6507] MAS: tree=ffff0000ca5e3bc0 enode=ffff0000cae3cc0c [ 40.669101][ T6507] (ma_active) [ 40.669118][ T6507] Store Type: [ 40.669134][ T6507] node_store [ 40.669157][ T6507] [2/10] index=20000000 last=207fffff [ 40.669178][ T6507] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 40.669201][ T6507] maple_tree(ffff0000ca5e3bc0) flags 30B, height 2 root ffff0000d5807a1e [ 40.669224][ T6507] 0-ffffffffffffffff: node ffff0000d5807a00 depth 0 type 3 parent ffff0000ca5e3bc1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cae3cc0c FFFF93059FFF ffff0000d580740c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 40.669500][ T6507] 0-ffff93059fff: node ffff0000cae3cc00 depth 1 type 1 parent ffff0000d5807a06 contents: 0000000000000000 1FFFEFFF ffff0000dd038640 1FFFFFFF ffff0000dd038780 207FFFFF ffff0000ca3c0000 20FFFFFF ffff0000dd0388c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000dd038a00 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000dd038b40 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000dd038c80 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 40.669730][ T6507] 0-1fffefff: 0000000000000000 [ 40.669759][ T6507] 1ffff000-1fffffff: ffff0000dd038640 [ 40.669788][ T6507] 20000000-207fffff: ffff0000dd038780 [ 40.669817][ T6507] 20800000-20ffffff: ffff0000ca3c0000 [ 40.669845][ T6507] 21000000-21000fff: ffff0000dd0388c0 [ 40.669874][ T6507] 21001000-aaaad5929fff: 0000000000000000 [ 40.669902][ T6507] aaaad592a000-aaaad594bfff: ffff0000dd038a00 [ 40.669930][ T6507] aaaad594c000-ffff92fbffff: 0000000000000000 [ 40.669959][ T6507] ffff92fc0000-ffff9304bfff: ffff0000dd038b40 [ 40.669988][ T6507] ffff9304c000-ffff93055fff: 0000000000000000 [ 40.670016][ T6507] ffff93056000-ffff93059fff: ffff0000dd038c80 [ 40.670045][ T6507] ffff9305a000-ffffffffffffffff: node ffff0000d5807400 depth 1 type 1 parent ffff0000d5807a0e contents: ffff0000dd038dc0 FFFF9305BFFF ffff0000ca5ff000 FFFF9305FFFF ffff0000ca5ff140 FFFF93062FFF ffff0000ca5ff280 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000ca5ff3c0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 40.670258][ T6507] ffff9305a000-ffff9305bfff: ffff0000dd038dc0 [ 40.670292][ T6507] ffff9305c000-ffff9305ffff: ffff0000ca5ff000 [ 40.670323][ T6507] ffff93060000-ffff93062fff: ffff0000ca5ff140 [ 40.670353][ T6507] ffff93063000-ffff93068fff: ffff0000ca5ff280 [ 40.670382][ T6507] ffff93069000-ffffd1a12fff: 0000000000000000 [ 40.670410][ T6507] ffffd1a13000-ffffd1a33fff: ffff0000ca5ff3c0 [ 40.670439][ T6507] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 40.670571][ T6507] ------------[ cut here ]------------ [ 40.670584][ T6507] WARNING: CPU: 0 PID: 6507 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 40.863877][ T6507] Modules linked in: [ 40.864949][ T6507] CPU: 0 UID: 0 PID: 6507 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.868578][ T6507] Tainted: [W]=WARN [ 40.869650][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.872457][ T6507] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.874570][ T6507] pc : vma_merge_existing_range+0x14a8/0x1964 [ 40.876197][ T6507] lr : vma_merge_existing_range+0x14a8/0x1964 [ 40.877874][ T6507] sp : ffff8000a0c57910 [ 40.879003][ T6507] x29: ffff8000a0c57990 x28: dfff800000000000 x27: 0000000000000001 [ 40.881135][ T6507] x26: 0000000020000000 x25: ffff8000a0c57a80 x24: 0000000020000000 [ 40.883347][ T6507] x23: 1ffff0001418af50 x22: ffff0000dd038780 x21: 0000000020800000 [ 40.885584][ T6507] x20: ffff0000dd038780 x19: ffff8000a0c57a60 x18: 0000000000000000 [ 40.887805][ T6507] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 40.890090][ T6507] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 40.892371][ T6507] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 40.894639][ T6507] x8 : ffff0000dd21bd00 x7 : 0000000000000001 x6 : 0000000000000001 [ 40.896879][ T6507] x5 : ffff8000a0c56ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 40.899246][ T6507] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 40.901435][ T6507] Call trace: [ 40.902320][ T6507] vma_merge_existing_range+0x14a8/0x1964 (P) [ 40.904069][ T6507] vma_modify+0x7c/0x424 [ 40.905296][ T6507] vma_modify_flags+0x18c/0x1dc [ 40.906637][ T6507] mlock_fixup+0x18c/0x2c4 [ 40.907860][ T6507] apply_mlockall_flags+0x290/0x344 [ 40.909308][ T6507] __arm64_sys_munlockall+0x11c/0x238 [ 40.910814][ T6507] invoke_syscall+0x98/0x2b8 [ 40.912073][ T6507] el0_svc_common+0x130/0x23c [ 40.913421][ T6507] do_el0_svc+0x48/0x58 [ 40.914633][ T6507] el0_svc+0x58/0x17c [ 40.915744][ T6507] el0t_64_sync_handler+0x78/0x108 [ 40.917161][ T6507] el0t_64_sync+0x198/0x19c [ 40.918363][ T6507] irq event stamp: 14324 [ 40.919557][ T6507] hardirqs last enabled at (14323): [] __console_unlock+0x70/0xc4 [ 40.922113][ T6507] hardirqs last disabled at (14324): [] el1_dbg+0x24/0x80 [ 40.924582][ T6507] softirqs last enabled at (11630): [] handle_softirqs+0xaf8/0xc88 [ 40.927243][ T6507] softirqs last disabled at (11279): [] __do_softirq+0x14/0x20 [ 40.929850][ T6507] ---[ end trace 0000000000000000 ]--- executing program [ 40.998975][ T6508] FAULT_INJECTION: forcing a failure. [ 40.998975][ T6508] name failslab, interval 1, probabil ** replaying previous printk message ** [ 40.998975][ T6508] FAULT_INJECTION: forcing a failure. [ 40.998975][ T6508] name failslab, interval 1, probability 0, space 0, times 0 [ 40.999046][ T6508] CPU: 0 UID: 0 PID: 6508 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 40.999063][ T6508] Tainted: [W]=WARN [ 40.999068][ T6508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.999074][ T6508] Call trace: [ 40.999078][ T6508] show_stack+0x2c/0x3c (C) [ 40.999095][ T6508] __dump_stack+0x30/0x40 [ 40.999107][ T6508] dump_stack_lvl+0xd8/0x12c [ 40.999117][ T6508] dump_stack+0x1c/0x28 [ 40.999126][ T6508] should_fail_ex+0x41c/0x594 [ 40.999138][ T6508] should_failslab+0xc0/0x128 [ 40.999152][ T6508] kmem_cache_alloc_noprof+0x80/0x3e8 [ 40.999166][ T6508] mas_alloc_nodes+0x268/0x788 [ 40.999180][ T6508] mas_preallocate+0x4b0/0x778 [ 40.999191][ T6508] commit_merge+0x1a4/0x5b0 [ 40.999204][ T6508] vma_merge_existing_range+0x1388/0x1964 [ 40.999218][ T6508] vma_modify+0x7c/0x424 [ 40.999230][ T6508] vma_modify_flags+0x18c/0x1dc [ 40.999243][ T6508] mlock_fixup+0x18c/0x2c4 [ 40.999255][ T6508] apply_mlockall_flags+0x290/0x344 [ 40.999266][ T6508] __arm64_sys_munlockall+0x11c/0x238 [ 40.999287][ T6508] invoke_syscall+0x98/0x2b8 [ 40.999298][ T6508] el0_svc_common+0x130/0x23c [ 40.999308][ T6508] do_el0_svc+0x48/0x58 [ 40.999318][ T6508] el0_svc+0x58/0x17c [ 40.999331][ T6508] el0t_64_sync_handler+0x78/0x108 [ 40.999344][ T6508] el0t_64_sync+0x198/0x19c [ 40.999526][ T6508] vmg ffff8000a0d67a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 40.999549][ T6508] vmg ffff8000a0d67a60 state: mm ffff0000ca5e4400 pgoff 20000 [ 40.999549][ T6508] vmi ffff8000a0d67c40 [20000000,20800000) [ 40.999549][ T6508] prev ffff0000ca5ff640 middle ffff0000ca5ff640 next 0000000000000000 target 0000000000000000 [ 40.999549][ T6508] start 20000000 end 20800000 flags 100077 [ 40.999549][ T6508] file 0000000000000000 anon_vma ffff0000ca9f3880 policy 0000000000000000 [ 40.999549][ T6508] uffd_ctx 0000000000000000 [ 40.999549][ T6508] anon_name 0000000000000000 [ 40.999549][ T6508] state 0 [ 40.999549][ T6508] just_expand 0 [ 40.999549][ T6508] __adjust_middle_start 0 __adjust_next_start 0 [ 40.999549][ T6508] __remove_middle 0 __remove_next 0 [ 40.999602][ T6508] vmg ffff8000a0d67a60 mm: [ 40.999620][ T6508] mm ffff0000ca5e4400 task_size 281474976710656 [ 40.999620][ T6508] mmap_base 281473148436480 mmap_legacy_base 0 [ 40.999620][ T6508] pgd ffff0000dd039000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 40.999620][ T6508] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 40.999620][ T6508] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 40.999620][ T6508] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 40.999620][ T6508] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 40.999620][ T6508] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 40.999620][ T6508] binfmt ffff80008f670700 flags 8000008d [ 40.999620][ T6508] ioctx_table 0000000000000000 [ 40.999620][ T6508] owner ffff0000dd21db80 exe_file ffff0000d4cb41c0 [ 40.999620][ T6508] notifier_subscriptions 0000000000000000 [ 40.999620][ T6508] numa_next_scan 4294941452 numa_scan_offset 0 numa_scan_seq 0 [ 40.999620][ T6508] tlb_flush_pending 0 [ 40.999620][ T6508] def_flags: 0x0() [ 40.999699][ T6508] vmg ffff8000a0d67a60 prev: [ 40.999717][ T6508] vma ffff0000ca5ff640 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e4400 [ 40.999717][ T6508] prot 20000000000fc3 anon_vma ffff0000ca9f3880 vm_ops 0000000000000000 [ 40.999717][ T6508] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.999717][ T6508] refcnt 1 [ 40.999717][ T6508] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.999756][ T6508] vmg ffff8000a0d67a60 middle: [ 40.999773][ T6508] vma ffff0000ca5ff640 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e4400 [ 40.999773][ T6508] prot 20000000000fc3 anon_vma ffff0000ca9f3880 vm_ops 0000000000000000 [ 40.999773][ T6508] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 40.999773][ T6508] refcnt 1 [ 40.999773][ T6508] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 40.999811][ T6508] vmg ffff8000a0d67a60 next: (NULL) [ 40.999829][ T6508] vmg ffff8000a0d67a60 vmi: [ 40.999846][ T6508] MAS: tree=ffff0000ca5e4440 enode=ffff0000c7baae0c [ 40.999859][ T6508] (ma_active) [ 40.999874][ T6508] Store Type: [ 40.999889][ T6508] node_store [ 40.999911][ T6508] [2/10] index=20000000 last=207fffff [ 40.999931][ T6508] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 40.999953][ T6508] maple_tree(ffff0000ca5e4440) flags 30B, height 2 root ffff0000d580601e [ 40.999975][ T6508] 0-ffffffffffffffff: node ffff0000d5806000 depth 0 type 3 parent ffff0000ca5e4441 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c7baae0c FFFF93059FFF ffff0000c7b8840c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 41.000225][ T6508] 0-ffff93059fff: node ffff0000c7baae00 depth 1 type 1 parent ffff0000d5806006 contents: 0000000000000000 1FFFEFFF ffff0000ca5ff500 1FFFFFFF ffff0000ca5ff640 207FFFFF ffff0000ca3c0280 20FFFFFF ffff0000ca5ff780 21000FFF 0000000000000000 AAAAD5929FFF ffff0000ca5ff8c0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000ca5ffa00 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000ca5ffb40 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 41.000449][ T6508] 0-1fffefff: 0000000000000000 [ 41.000480][ T6508] 1ffff000-1fffffff: ffff0000ca5ff500 [ 41.000509][ T6508] 20000000-207fffff: ffff0000ca5ff640 [ 41.000538][ T6508] 20800000-20ffffff: ffff0000ca3c0280 [ 41.000566][ T6508] 21000000-21000fff: ffff0000ca5ff780 [ 41.000595][ T6508] 21001000-aaaad5929fff: 0000000000000000 [ 41.000623][ T6508] aaaad592a000-aaaad594bfff: ffff0000ca5ff8c0 [ 41.000652][ T6508] aaaad594c000-ffff92fbffff: 0000000000000000 [ 41.000680][ T6508] ffff92fc0000-ffff9304bfff: ffff0000ca5ffa00 [ 41.000709][ T6508] ffff9304c000-ffff93055fff: 0000000000000000 [ 41.000737][ T6508] ffff93056000-ffff93059fff: ffff0000ca5ffb40 [ 41.000767][ T6508] ffff9305a000-ffffffffffffffff: node ffff0000c7b88400 depth 1 type 1 parent ffff0000d580600e contents: ffff0000ca5ffc80 FFFF9305BFFF ffff0000ca5ffdc0 FFFF9305FFFF ffff0000d8108000 FFFF93062FFF ffff0000d8108140 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000d8108280 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 41.000980][ T6508] ffff9305a000-ffff9305bfff: ffff0000ca5ffc80 [ 41.001009][ T6508] ffff9305c000-ffff9305ffff: ffff0000ca5ffdc0 [ 41.001038][ T6508] ffff93060000-ffff93062fff: ffff0000d8108000 [ 41.001067][ T6508] ffff93063000-ffff93068fff: ffff0000d8108140 [ 41.001096][ T6508] ffff93069000-ffffd1a12fff: 0000000000000000 [ 41.001867][ T6508] ffffd1a13000-ffffd1a33fff: ffff0000d8108280 [ 41.001897][ T6508] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 41.002024][ T6508] ------------[ cut here ]------------ [ 41.002037][ T6508] WARNING: CPU: 0 PID: 6508 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 41.196036][ T6508] Modules linked in: [ 41.197165][ T6508] CPU: 0 UID: 0 PID: 6508 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.200882][ T6508] Tainted: [W]=WARN [ 41.201972][ T6508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.204754][ T6508] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.206917][ T6508] pc : vma_merge_existing_range+0x14a8/0x1964 [ 41.208583][ T6508] lr : vma_merge_existing_range+0x14a8/0x1964 [ 41.210247][ T6508] sp : ffff8000a0d67910 [ 41.211414][ T6508] x29: ffff8000a0d67990 x28: dfff800000000000 x27: 0000000000000001 [ 41.213720][ T6508] x26: 0000000020000000 x25: ffff8000a0d67a80 x24: 0000000020000000 [ 41.215931][ T6508] x23: 1ffff000141acf50 x22: ffff0000ca5ff640 x21: 0000000020800000 [ 41.218264][ T6508] x20: ffff0000ca5ff640 x19: ffff8000a0d67a60 x18: 0000000000000000 [ 41.220599][ T6508] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 41.222875][ T6508] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 41.225313][ T6508] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 41.227729][ T6508] x8 : ffff0000dd21db80 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.230135][ T6508] x5 : ffff8000a0d66ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 41.232573][ T6508] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 41.234914][ T6508] Call trace: [ 41.235867][ T6508] vma_merge_existing_range+0x14a8/0x1964 (P) [ 41.237718][ T6508] vma_modify+0x7c/0x424 [ 41.238986][ T6508] vma_modify_flags+0x18c/0x1dc [ 41.240452][ T6508] mlock_fixup+0x18c/0x2c4 [ 41.241749][ T6508] apply_mlockall_flags+0x290/0x344 [ 41.243375][ T6508] __arm64_sys_munlockall+0x11c/0x238 [ 41.244940][ T6508] invoke_syscall+0x98/0x2b8 [ 41.246345][ T6508] el0_svc_common+0x130/0x23c [ 41.247746][ T6508] do_el0_svc+0x48/0x58 [ 41.249106][ T6508] el0_svc+0x58/0x17c [ 41.250241][ T6508] el0t_64_sync_handler+0x78/0x108 [ 41.251812][ T6508] el0t_64_sync+0x198/0x19c [ 41.253137][ T6508] irq event stamp: 14306 [ 41.254474][ T6508] hardirqs last enabled at (14305): [] __console_unlock+0x70/0xc4 [ 41.257414][ T6508] hardirqs last disabled at (14306): [] el1_dbg+0x24/0x80 [ 41.259971][ T6508] softirqs last enabled at (14260): [] handle_softirqs+0xaf8/0xc88 [ 41.262851][ T6508] softirqs last disabled at (14121): [] __do_softirq+0x14/0x20 [ 41.265580][ T6508] ---[ end trace 0000000000000000 ]--- executing program [ 41.335765][ T6509] FAULT_INJECTION: forcing a failure. [ 41.335765][ T6509] name failslab, interval 1, p ** replaying previous printk message ** [ 41.335765][ T6509] FAULT_INJECTION: forcing a failure. [ 41.335765][ T6509] name failslab, interval 1, probability 0, space 0, times 0 [ 41.335838][ T6509] CPU: 0 UID: 0 PID: 6509 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.335856][ T6509] Tainted: [W]=WARN [ 41.335860][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.335867][ T6509] Call trace: [ 41.335871][ T6509] show_stack+0x2c/0x3c (C) [ 41.335888][ T6509] __dump_stack+0x30/0x40 [ 41.335900][ T6509] dump_stack_lvl+0xd8/0x12c [ 41.335910][ T6509] dump_stack+0x1c/0x28 [ 41.335920][ T6509] should_fail_ex+0x41c/0x594 [ 41.335932][ T6509] should_failslab+0xc0/0x128 [ 41.335945][ T6509] kmem_cache_alloc_noprof+0x80/0x3e8 [ 41.335960][ T6509] mas_alloc_nodes+0x268/0x788 [ 41.335973][ T6509] mas_preallocate+0x4b0/0x778 [ 41.335985][ T6509] commit_merge+0x1a4/0x5b0 [ 41.335999][ T6509] vma_merge_existing_range+0x1388/0x1964 [ 41.336014][ T6509] vma_modify+0x7c/0x424 [ 41.336027][ T6509] vma_modify_flags+0x18c/0x1dc [ 41.336040][ T6509] mlock_fixup+0x18c/0x2c4 [ 41.336053][ T6509] apply_mlockall_flags+0x290/0x344 [ 41.336065][ T6509] __arm64_sys_munlockall+0x11c/0x238 [ 41.336077][ T6509] invoke_syscall+0x98/0x2b8 [ 41.336089][ T6509] el0_svc_common+0x130/0x23c [ 41.336100][ T6509] do_el0_svc+0x48/0x58 [ 41.336111][ T6509] el0_svc+0x58/0x17c [ 41.336124][ T6509] el0t_64_sync_handler+0x78/0x108 [ 41.336138][ T6509] el0t_64_sync+0x198/0x19c [ 41.336711][ T6509] vmg ffff8000a0c47a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 41.336738][ T6509] vmg ffff8000a0c47a60 state: mm ffff0000ca5e4c80 pgoff 20000 [ 41.336738][ T6509] vmi ffff8000a0c47c40 [20000000,20800000) [ 41.336738][ T6509] prev ffff0000d8108500 middle ffff0000d8108500 next 0000000000000000 target 0000000000000000 [ 41.336738][ T6509] start 20000000 end 20800000 flags 100077 [ 41.336738][ T6509] file 0000000000000000 anon_vma ffff0000ca9f3aa0 policy 0000000000000000 [ 41.336738][ T6509] uffd_ctx 0000000000000000 [ 41.336738][ T6509] anon_name 0000000000000000 [ 41.336738][ T6509] state 0 [ 41.336738][ T6509] just_expand 0 [ 41.336738][ T6509] __adjust_middle_start 0 __adjust_next_start 0 [ 41.336738][ T6509] __remove_middle 0 __remove_next 0 [ 41.336813][ T6509] vmg ffff8000a0c47a60 mm: [ 41.336833][ T6509] mm ffff0000ca5e4c80 task_size 281474976710656 [ 41.336833][ T6509] mmap_base 281473148436480 mmap_legacy_base 0 [ 41.336833][ T6509] pgd ffff0000c8ad6000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 41.336833][ T6509] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 41.336833][ T6509] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 41.336833][ T6509] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 41.336833][ T6509] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 41.336833][ T6509] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 41.336833][ T6509] binfmt ffff80008f670700 flags 8000008d [ 41.336833][ T6509] ioctx_table 0000000000000000 [ 41.336833][ T6509] owner ffff0000cbf80000 exe_file ffff0000d4cb41c0 [ 41.336833][ T6509] notifier_subscriptions 0000000000000000 [ 41.336833][ T6509] numa_next_scan 4294941485 numa_scan_offset 0 numa_scan_seq 0 [ 41.336833][ T6509] tlb_flush_pending 0 [ 41.336833][ T6509] def_flags: 0x0() [ 41.336928][ T6509] vmg ffff8000a0c47a60 prev: [ 41.336950][ T6509] vma ffff0000d8108500 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e4c80 [ 41.336950][ T6509] prot 20000000000fc3 anon_vma ffff0000ca9f3aa0 vm_ops 0000000000000000 [ 41.336950][ T6509] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.336950][ T6509] refcnt 1 [ 41.336950][ T6509] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.336999][ T6509] vmg ffff8000a0c47a60 middle: [ 41.337021][ T6509] vma ffff0000d8108500 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e4c80 [ 41.337021][ T6509] prot 20000000000fc3 anon_vma ffff0000ca9f3aa0 vm_ops 0000000000000000 [ 41.337021][ T6509] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.337021][ T6509] refcnt 1 [ 41.337021][ T6509] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.337065][ T6509] vmg ffff8000a0c47a60 next: (NULL) [ 41.337086][ T6509] vmg ffff8000a0c47a60 vmi: [ 41.337108][ T6509] MAS: tree=ffff0000ca5e4cc0 enode=ffff0000c82f420c [ 41.337122][ T6509] (ma_active) [ 41.337142][ T6509] Store Type: [ 41.337161][ T6509] node_store [ 41.337188][ T6509] [2/10] index=20000000 last=207fffff [ 41.337213][ T6509] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 41.337239][ T6509] maple_tree(ffff0000ca5e4cc0) flags 30B, height 2 root ffff0000c7b8881e [ 41.337266][ T6509] 0-ffffffffffffffff: node ffff0000c7b88800 depth 0 type 3 parent ffff0000ca5e4cc1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c82f420c FFFF93059FFF ffff0000c9182c0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 41.337577][ T6509] 0-ffff93059fff: node ffff0000c82f4200 depth 1 type 1 parent ffff0000c7b88806 contents: 0000000000000000 1FFFEFFF ffff0000d81083c0 1FFFFFFF ffff0000d8108500 207FFFFF ffff0000ca3c0500 20FFFFFF ffff0000d8108640 21000FFF 0000000000000000 AAAAD5929FFF ffff0000d8108780 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000d81088c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000d8108a00 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 41.337823][ T6509] 0-1fffefff: 0000000000000000 [ 41.337851][ T6509] 1ffff000-1fffffff: ffff0000d81083c0 [ 41.337886][ T6509] 20000000-207fffff: ffff0000d8108500 [ 41.337915][ T6509] 20800000-20ffffff: ffff0000ca3c0500 [ 41.337947][ T6509] 21000000-21000fff: ffff0000d8108640 [ 41.337979][ T6509] 21001000-aaaad5929fff: 0000000000000000 [ 41.338010][ T6509] aaaad592a000-aaaad594bfff: ffff0000d8108780 [ 41.338039][ T6509] aaaad594c000-ffff92fbffff: 0000000000000000 [ 41.338068][ T6509] ffff92fc0000-ffff9304bfff: ffff0000d81088c0 [ 41.338100][ T6509] ffff9304c000-ffff93055fff: 0000000000000000 [ 41.338129][ T6509] ffff93056000-ffff93059fff: ffff0000d8108a00 [ 41.338159][ T6509] ffff9305a000-ffffffffffffffff: node ffff0000c9182c00 depth 1 type 1 parent ffff0000c7b8880e contents: ffff0000d8108b40 FFFF9305BFFF ffff0000d8108c80 FFFF9305FFFF ffff0000d8108dc0 FFFF93062FFF ffff0000cbbb6000 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cbbb6140 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 41.338401][ T6509] ffff9305a000-ffff9305bfff: ffff0000d8108b40 [ 41.338431][ T6509] ffff9305c000-ffff9305ffff: ffff0000d8108c80 [ 41.338460][ T6509] ffff93060000-ffff93062fff: ffff0000d8108dc0 [ 41.338489][ T6509] ffff93063000-ffff93068fff: ffff0000cbbb6000 [ 41.338518][ T6509] ffff93069000-ffffd1a12fff: 0000000000000000 [ 41.338547][ T6509] ffffd1a13000-ffffd1a33fff: ffff0000cbbb6140 [ 41.338579][ T6509] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 41.338706][ T6509] ------------[ cut here ]------------ [ 41.338719][ T6509] WARNING: CPU: 0 PID: 6509 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 41.537433][ T6509] Modules linked in: [ 41.538554][ T6509] CPU: 0 UID: 0 PID: 6509 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.542144][ T6509] Tainted: [W]=WARN [ 41.543184][ T6509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.545942][ T6509] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.548075][ T6509] pc : vma_merge_existing_range+0x14a8/0x1964 [ 41.549747][ T6509] lr : vma_merge_existing_range+0x14a8/0x1964 [ 41.551453][ T6509] sp : ffff8000a0c47910 [ 41.552568][ T6509] x29: ffff8000a0c47990 x28: dfff800000000000 x27: 0000000000000001 [ 41.554761][ T6509] x26: 0000000020000000 x25: ffff8000a0c47a80 x24: 0000000020000000 [ 41.557088][ T6509] x23: 1ffff00014188f50 x22: ffff0000d8108500 x21: 0000000020800000 [ 41.559312][ T6509] x20: ffff0000d8108500 x19: ffff8000a0c47a60 x18: 0000000000000000 [ 41.561626][ T6509] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 41.563890][ T6509] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 41.566042][ T6509] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 41.568305][ T6509] x8 : ffff0000cbf80000 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.570560][ T6509] x5 : ffff8000a0c46ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 41.572867][ T6509] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 41.575230][ T6509] Call trace: [ 41.576104][ T6509] vma_merge_existing_range+0x14a8/0x1964 (P) [ 41.577818][ T6509] vma_modify+0x7c/0x424 [ 41.579003][ T6509] vma_modify_flags+0x18c/0x1dc [ 41.580387][ T6509] mlock_fixup+0x18c/0x2c4 [ 41.581616][ T6509] apply_mlockall_flags+0x290/0x344 [ 41.583079][ T6509] __arm64_sys_munlockall+0x11c/0x238 [ 41.584600][ T6509] invoke_syscall+0x98/0x2b8 [ 41.585841][ T6509] el0_svc_common+0x130/0x23c [ 41.587150][ T6509] do_el0_svc+0x48/0x58 [ 41.588245][ T6509] el0_svc+0x58/0x17c [ 41.589354][ T6509] el0t_64_sync_handler+0x78/0x108 [ 41.590810][ T6509] el0t_64_sync+0x198/0x19c [ 41.592027][ T6509] irq event stamp: 13994 [ 41.593192][ T6509] hardirqs last enabled at (13993): [] __console_unlock+0x70/0xc4 [ 41.595852][ T6509] hardirqs last disabled at (13994): [] el1_dbg+0x24/0x80 [ 41.598184][ T6509] softirqs last enabled at (9102): [] handle_softirqs+0xaf8/0xc88 [ 41.600788][ T6509] softirqs last disabled at (9097): [] __do_softirq+0x14/0x20 [ 41.603389][ T6509] ---[ end trace 0000000000000000 ]--- executing program [ 41.674046][ T6510] FAULT_INJECTION: forcing a failure. [ 41.674046][ T6510] name fail ** replaying previous printk message ** [ 41.674046][ T6510] FAULT_INJECTION: forcing a failure. [ 41.674046][ T6510] name failslab, interval 1, probability 0, space 0, times 0 [ 41.674119][ T6510] CPU: 0 UID: 0 PID: 6510 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.674136][ T6510] Tainted: [W]=WARN [ 41.674141][ T6510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.674149][ T6510] Call trace: [ 41.674154][ T6510] show_stack+0x2c/0x3c (C) [ 41.674171][ T6510] __dump_stack+0x30/0x40 [ 41.674183][ T6510] dump_stack_lvl+0xd8/0x12c [ 41.674194][ T6510] dump_stack+0x1c/0x28 [ 41.674204][ T6510] should_fail_ex+0x41c/0x594 [ 41.674217][ T6510] should_failslab+0xc0/0x128 [ 41.674232][ T6510] kmem_cache_alloc_noprof+0x80/0x3e8 [ 41.674247][ T6510] mas_alloc_nodes+0x268/0x788 [ 41.674261][ T6510] mas_preallocate+0x4b0/0x778 [ 41.674283][ T6510] commit_merge+0x1a4/0x5b0 [ 41.674297][ T6510] vma_merge_existing_range+0x1388/0x1964 [ 41.674312][ T6510] vma_modify+0x7c/0x424 [ 41.674325][ T6510] vma_modify_flags+0x18c/0x1dc [ 41.674338][ T6510] mlock_fixup+0x18c/0x2c4 [ 41.674351][ T6510] apply_mlockall_flags+0x290/0x344 [ 41.674363][ T6510] __arm64_sys_munlockall+0x11c/0x238 [ 41.674375][ T6510] invoke_syscall+0x98/0x2b8 [ 41.674387][ T6510] el0_svc_common+0x130/0x23c [ 41.674398][ T6510] do_el0_svc+0x48/0x58 [ 41.674408][ T6510] el0_svc+0x58/0x17c [ 41.674422][ T6510] el0t_64_sync_handler+0x78/0x108 [ 41.674436][ T6510] el0t_64_sync+0x198/0x19c [ 41.674453][ T6510] vmg ffff8000a0c47a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 41.674658][ T6510] vmg ffff8000a0c47a60 state: mm ffff0000ca5e5500 pgoff 20000 [ 41.674658][ T6510] vmi ffff8000a0c47c40 [20000000,20800000) [ 41.674658][ T6510] prev ffff0000cbbb63c0 middle ffff0000cbbb63c0 next 0000000000000000 target 0000000000000000 [ 41.674658][ T6510] start 20000000 end 20800000 flags 100077 [ 41.674658][ T6510] file 0000000000000000 anon_vma ffff0000ca9f3cc0 policy 0000000000000000 [ 41.674658][ T6510] uffd_ctx 0000000000000000 [ 41.674658][ T6510] anon_name 0000000000000000 [ 41.674658][ T6510] state 0 [ 41.674658][ T6510] just_expand 0 [ 41.674658][ T6510] __adjust_middle_start 0 __adjust_next_start 0 [ 41.674658][ T6510] __remove_middle 0 __remove_next 0 [ 41.674716][ T6510] vmg ffff8000a0c47a60 mm: [ 41.674735][ T6510] mm ffff0000ca5e5500 task_size 281474976710656 [ 41.674735][ T6510] mmap_base 281473148436480 mmap_legacy_base 0 [ 41.674735][ T6510] pgd ffff0000cbe3d000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 41.674735][ T6510] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 41.674735][ T6510] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 41.674735][ T6510] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 41.674735][ T6510] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 41.674735][ T6510] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 41.674735][ T6510] binfmt ffff80008f670700 flags 8000008d [ 41.674735][ T6510] ioctx_table 0000000000000000 [ 41.674735][ T6510] owner ffff0000cbf81e80 exe_file ffff0000d4cb41c0 [ 41.674735][ T6510] notifier_subscriptions 0000000000000000 [ 41.674735][ T6510] numa_next_scan 4294941519 numa_scan_offset 0 numa_scan_seq 0 [ 41.674735][ T6510] tlb_flush_pending 0 [ 41.674735][ T6510] def_flags: 0x0() [ 41.674820][ T6510] vmg ffff8000a0c47a60 prev: [ 41.674839][ T6510] vma ffff0000cbbb63c0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e5500 [ 41.674839][ T6510] prot 20000000000fc3 anon_vma ffff0000ca9f3cc0 vm_ops 0000000000000000 [ 41.674839][ T6510] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.674839][ T6510] refcnt 1 [ 41.674839][ T6510] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.674882][ T6510] vmg ffff8000a0c47a60 middle: [ 41.674900][ T6510] vma ffff0000cbbb63c0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e5500 [ 41.674900][ T6510] prot 20000000000fc3 anon_vma ffff0000ca9f3cc0 vm_ops 0000000000000000 [ 41.674900][ T6510] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 41.674900][ T6510] refcnt 1 [ 41.674900][ T6510] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 41.674939][ T6510] vmg ffff8000a0c47a60 next: (NULL) [ 41.674957][ T6510] vmg ffff8000a0c47a60 vmi: [ 41.674974][ T6510] MAS: tree=ffff0000ca5e5540 enode=ffff0000cba5600c [ 41.674987][ T6510] (ma_active) [ 41.675002][ T6510] Store Type: [ 41.675018][ T6510] node_store [ 41.675040][ T6510] [2/10] index=20000000 last=207fffff [ 41.675060][ T6510] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 41.675082][ T6510] maple_tree(ffff0000ca5e5540) flags 30B, height 2 root ffff0000c918301e [ 41.675104][ T6510] 0-ffffffffffffffff: node ffff0000c9183000 depth 0 type 3 parent ffff0000ca5e5541 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cba5600c FFFF93059FFF ffff0000d597d00c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 41.675363][ T6510] 0-ffff93059fff: node ffff0000cba56000 depth 1 type 1 parent ffff0000c9183006 contents: 0000000000000000 1FFFEFFF ffff0000cbbb6280 1FFFFFFF ffff0000cbbb63c0 207FFFFF ffff0000ca3c0780 20FFFFFF ffff0000cbbb6500 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cbbb6640 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cbbb6780 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cbbb68c0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 41.675586][ T6510] 0-1fffefff: 0000000000000000 [ 41.675614][ T6510] 1ffff000-1fffffff: ffff0000cbbb6280 [ 41.675643][ T6510] 20000000-207fffff: ffff0000cbbb63c0 [ 41.675672][ T6510] 20800000-20ffffff: ffff0000ca3c0780 [ 41.675701][ T6510] 21000000-21000fff: ffff0000cbbb6500 [ 41.675730][ T6510] 21001000-aaaad5929fff: 0000000000000000 [ 41.675758][ T6510] aaaad592a000-aaaad594bfff: ffff0000cbbb6640 [ 41.675788][ T6510] aaaad594c000-ffff92fbffff: 0000000000000000 [ 41.675817][ T6510] ffff92fc0000-ffff9304bfff: ffff0000cbbb6780 [ 41.675846][ T6510] ffff9304c000-ffff93055fff: 0000000000000000 [ 41.675875][ T6510] ffff93056000-ffff93059fff: ffff0000cbbb68c0 [ 41.675904][ T6510] ffff9305a000-ffffffffffffffff: node ffff0000d597d000 depth 1 type 1 parent ffff0000c918300e contents: ffff0000cbbb6a00 FFFF9305BFFF ffff0000cbbb6b40 FFFF9305FFFF ffff0000cbbb6c80 FFFF93062FFF ffff0000cbbb6dc0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cba51000 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 41.676122][ T6510] ffff9305a000-ffff9305bfff: ffff0000cbbb6a00 [ 41.676152][ T6510] ffff9305c000-ffff9305ffff: ffff0000cbbb6b40 [ 41.676181][ T6510] ffff93060000-ffff93062fff: ffff0000cbbb6c80 [ 41.676211][ T6510] ffff93063000-ffff93068fff: ffff0000cbbb6dc0 [ 41.676240][ T6510] ffff93069000-ffffd1a12fff: 0000000000000000 [ 41.676268][ T6510] ffffd1a13000-ffffd1a33fff: ffff0000cba51000 [ 41.676302][ T6510] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 41.676429][ T6510] ------------[ cut here ]------------ [ 41.676441][ T6510] WARNING: CPU: 0 PID: 6510 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 41.870302][ T6510] Modules linked in: [ 41.871357][ T6510] CPU: 0 UID: 0 PID: 6510 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 41.874977][ T6510] Tainted: [W]=WARN [ 41.876043][ T6510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.878825][ T6510] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.881051][ T6510] pc : vma_merge_existing_range+0x14a8/0x1964 [ 41.882746][ T6510] lr : vma_merge_existing_range+0x14a8/0x1964 [ 41.884465][ T6510] sp : ffff8000a0c47910 [ 41.885622][ T6510] x29: ffff8000a0c47990 x28: dfff800000000000 x27: 0000000000000001 [ 41.887817][ T6510] x26: 0000000020000000 x25: ffff8000a0c47a80 x24: 0000000020000000 [ 41.890022][ T6510] x23: 1ffff00014188f50 x22: ffff0000cbbb63c0 x21: 0000000020800000 [ 41.892206][ T6510] x20: ffff0000cbbb63c0 x19: ffff8000a0c47a60 x18: 0000000000000000 [ 41.894405][ T6510] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 41.896561][ T6510] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 41.898794][ T6510] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 41.901011][ T6510] x8 : ffff0000cbf81e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.903307][ T6510] x5 : ffff8000a0c46ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 41.905551][ T6510] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 41.907883][ T6510] Call trace: [ 41.908802][ T6510] vma_merge_existing_range+0x14a8/0x1964 (P) [ 41.910546][ T6510] vma_modify+0x7c/0x424 [ 41.911647][ T6510] vma_modify_flags+0x18c/0x1dc [ 41.912968][ T6510] mlock_fixup+0x18c/0x2c4 [ 41.914169][ T6510] apply_mlockall_flags+0x290/0x344 [ 41.915614][ T6510] __arm64_sys_munlockall+0x11c/0x238 [ 41.917094][ T6510] invoke_syscall+0x98/0x2b8 [ 41.918334][ T6510] el0_svc_common+0x130/0x23c [ 41.919615][ T6510] do_el0_svc+0x48/0x58 [ 41.920748][ T6510] el0_svc+0x58/0x17c [ 41.921886][ T6510] el0t_64_sync_handler+0x78/0x108 [ 41.923301][ T6510] el0t_64_sync+0x198/0x19c [ 41.924570][ T6510] irq event stamp: 14046 [ 41.925705][ T6510] hardirqs last enabled at (14045): [] __console_unlock+0x70/0xc4 [ 41.928358][ T6510] hardirqs last disabled at (14046): [] el1_dbg+0x24/0x80 [ 41.930664][ T6510] softirqs last enabled at (12442): [] handle_softirqs+0xaf8/0xc88 [ 41.933361][ T6510] softirqs last disabled at (12427): [] __do_softirq+0x14/0x20 [ 41.935900][ T6510] ---[ end trace 0000000000000000 ]--- executing program [ 42.011386][ T6511] FAULT_INJECTION: forcing a failure. [ 42.011386][ T6511] name failslab, ** replaying previous printk message ** [ 42.011386][ T6511] FAULT_INJECTION: forcing a failure. [ 42.011386][ T6511] name failslab, interval 1, probability 0, space 0, times 0 [ 42.011458][ T6511] CPU: 0 UID: 0 PID: 6511 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.011476][ T6511] Tainted: [W]=WARN [ 42.011481][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.011488][ T6511] Call trace: [ 42.011493][ T6511] show_stack+0x2c/0x3c (C) [ 42.011518][ T6511] __dump_stack+0x30/0x40 [ 42.011531][ T6511] dump_stack_lvl+0xd8/0x12c [ 42.011542][ T6511] dump_stack+0x1c/0x28 [ 42.011552][ T6511] should_fail_ex+0x41c/0x594 [ 42.011565][ T6511] should_failslab+0xc0/0x128 [ 42.011579][ T6511] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.011595][ T6511] mas_alloc_nodes+0x268/0x788 [ 42.011609][ T6511] mas_preallocate+0x4b0/0x778 [ 42.011622][ T6511] commit_merge+0x1a4/0x5b0 [ 42.011635][ T6511] vma_merge_existing_range+0x1388/0x1964 [ 42.011650][ T6511] vma_modify+0x7c/0x424 [ 42.011663][ T6511] vma_modify_flags+0x18c/0x1dc [ 42.011677][ T6511] mlock_fixup+0x18c/0x2c4 [ 42.011690][ T6511] apply_mlockall_flags+0x290/0x344 [ 42.011702][ T6511] __arm64_sys_munlockall+0x11c/0x238 [ 42.011714][ T6511] invoke_syscall+0x98/0x2b8 [ 42.011726][ T6511] el0_svc_common+0x130/0x23c [ 42.011737][ T6511] do_el0_svc+0x48/0x58 [ 42.011748][ T6511] el0_svc+0x58/0x17c [ 42.011761][ T6511] el0t_64_sync_handler+0x78/0x108 [ 42.011775][ T6511] el0t_64_sync+0x198/0x19c [ 42.011793][ T6511] vmg ffff8000a0c37a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.011988][ T6511] vmg ffff8000a0c37a60 state: mm ffff0000ca5e5d80 pgoff 20000 [ 42.011988][ T6511] vmi ffff8000a0c37c40 [20000000,20800000) [ 42.011988][ T6511] prev ffff0000cba51280 middle ffff0000cba51280 next 0000000000000000 target 0000000000000000 [ 42.011988][ T6511] start 20000000 end 20800000 flags 100077 [ 42.011988][ T6511] file 0000000000000000 anon_vma ffff0000ca9f3ee0 policy 0000000000000000 [ 42.011988][ T6511] uffd_ctx 0000000000000000 [ 42.011988][ T6511] anon_name 0000000000000000 [ 42.011988][ T6511] state 0 [ 42.011988][ T6511] just_expand 0 [ 42.011988][ T6511] __adjust_middle_start 0 __adjust_next_start 0 [ 42.011988][ T6511] __remove_middle 0 __remove_next 0 [ 42.012046][ T6511] vmg ffff8000a0c37a60 mm: [ 42.012065][ T6511] mm ffff0000ca5e5d80 task_size 281474976710656 [ 42.012065][ T6511] mmap_base 281473148436480 mmap_legacy_base 0 [ 42.012065][ T6511] pgd ffff0000d817b000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 42.012065][ T6511] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.012065][ T6511] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.012065][ T6511] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 42.012065][ T6511] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 42.012065][ T6511] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 42.012065][ T6511] binfmt ffff80008f670700 flags 8000008d [ 42.012065][ T6511] ioctx_table 0000000000000000 [ 42.012065][ T6511] owner ffff0000cbf83d00 exe_file ffff0000d4cb41c0 [ 42.012065][ T6511] notifier_subscriptions 0000000000000000 [ 42.012065][ T6511] numa_next_scan 4294941553 numa_scan_offset 0 numa_scan_seq 0 [ 42.012065][ T6511] tlb_flush_pending 0 [ 42.012065][ T6511] def_flags: 0x0() [ 42.012151][ T6511] vmg ffff8000a0c37a60 prev: [ 42.012170][ T6511] vma ffff0000cba51280 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e5d80 [ 42.012170][ T6511] prot 20000000000fc3 anon_vma ffff0000ca9f3ee0 vm_ops 0000000000000000 [ 42.012170][ T6511] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.012170][ T6511] refcnt 1 [ 42.012170][ T6511] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.012212][ T6511] vmg ffff8000a0c37a60 middle: [ 42.012231][ T6511] vma ffff0000cba51280 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e5d80 [ 42.012231][ T6511] prot 20000000000fc3 anon_vma ffff0000ca9f3ee0 vm_ops 0000000000000000 [ 42.012231][ T6511] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.012231][ T6511] refcnt 1 [ 42.012231][ T6511] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.012272][ T6511] vmg ffff8000a0c37a60 next: (NULL) [ 42.012298][ T6511] vmg ffff8000a0c37a60 vmi: [ 42.012317][ T6511] MAS: tree=ffff0000ca5e5dc0 enode=ffff0000cba5680c [ 42.012331][ T6511] (ma_active) [ 42.012347][ T6511] Store Type: [ 42.012364][ T6511] node_store [ 42.012387][ T6511] [2/10] index=20000000 last=207fffff [ 42.012409][ T6511] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 42.012432][ T6511] maple_tree(ffff0000ca5e5dc0) flags 30B, height 2 root ffff0000d597d41e [ 42.012456][ T6511] 0-ffffffffffffffff: node ffff0000d597d400 depth 0 type 3 parent ffff0000ca5e5dc1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cba5680c FFFF93059FFF ffff0000d597c00c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.012728][ T6511] 0-ffff93059fff: node ffff0000cba56800 depth 1 type 1 parent ffff0000d597d406 contents: 0000000000000000 1FFFEFFF ffff0000cba51140 1FFFFFFF ffff0000cba51280 207FFFFF ffff0000ca3c0a00 20FFFFFF ffff0000cba513c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cba51500 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cba51640 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cba51780 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.012963][ T6511] 0-1fffefff: 0000000000000000 [ 42.012993][ T6511] 1ffff000-1fffffff: ffff0000cba51140 [ 42.013024][ T6511] 20000000-207fffff: ffff0000cba51280 [ 42.013054][ T6511] 20800000-20ffffff: ffff0000ca3c0a00 [ 42.013085][ T6511] 21000000-21000fff: ffff0000cba513c0 [ 42.013116][ T6511] 21001000-aaaad5929fff: 0000000000000000 [ 42.013146][ T6511] aaaad592a000-aaaad594bfff: ffff0000cba51500 [ 42.013177][ T6511] aaaad594c000-ffff92fbffff: 0000000000000000 [ 42.013208][ T6511] ffff92fc0000-ffff9304bfff: ffff0000cba51640 [ 42.013239][ T6511] ffff9304c000-ffff93055fff: 0000000000000000 [ 42.013270][ T6511] ffff93056000-ffff93059fff: ffff0000cba51780 [ 42.013306][ T6511] ffff9305a000-ffffffffffffffff: node ffff0000d597c000 depth 1 type 1 parent ffff0000d597d40e contents: ffff0000cba518c0 FFFF9305BFFF ffff0000cba51a00 FFFF9305FFFF ffff0000cba51b40 FFFF93062FFF ffff0000cba51c80 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cba51dc0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.013538][ T6511] ffff9305a000-ffff9305bfff: ffff0000cba518c0 [ 42.013568][ T6511] ffff9305c000-ffff9305ffff: ffff0000cba51a00 [ 42.013597][ T6511] ffff93060000-ffff93062fff: ffff0000cba51b40 [ 42.013627][ T6511] ffff93063000-ffff93068fff: ffff0000cba51c80 [ 42.013657][ T6511] ffff93069000-ffffd1a12fff: 0000000000000000 [ 42.013686][ T6511] ffffd1a13000-ffffd1a33fff: ffff0000cba51dc0 [ 42.013715][ T6511] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 42.013843][ T6511] ------------[ cut here ]------------ [ 42.013856][ T6511] WARNING: CPU: 0 PID: 6511 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.210718][ T6511] Modules linked in: [ 42.211775][ T6511] CPU: 0 UID: 0 PID: 6511 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.215325][ T6511] Tainted: [W]=WARN [ 42.216377][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.219141][ T6511] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.221346][ T6511] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.223081][ T6511] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.224779][ T6511] sp : ffff8000a0c37910 [ 42.225919][ T6511] x29: ffff8000a0c37990 x28: dfff800000000000 x27: 0000000000000001 [ 42.228194][ T6511] x26: 0000000020000000 x25: ffff8000a0c37a80 x24: 0000000020000000 [ 42.230376][ T6511] x23: 1ffff00014186f50 x22: ffff0000cba51280 x21: 0000000020800000 [ 42.232557][ T6511] x20: ffff0000cba51280 x19: ffff8000a0c37a60 x18: 0000000000000000 [ 42.234824][ T6511] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 42.237030][ T6511] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 42.239218][ T6511] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.241574][ T6511] x8 : ffff0000cbf83d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.243798][ T6511] x5 : ffff8000a0c36ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 42.246025][ T6511] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.248315][ T6511] Call trace: [ 42.249222][ T6511] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.250888][ T6511] vma_modify+0x7c/0x424 [ 42.252082][ T6511] vma_modify_flags+0x18c/0x1dc [ 42.253411][ T6511] mlock_fixup+0x18c/0x2c4 [ 42.254691][ T6511] apply_mlockall_flags+0x290/0x344 [ 42.256142][ T6511] __arm64_sys_munlockall+0x11c/0x238 [ 42.257653][ T6511] invoke_syscall+0x98/0x2b8 [ 42.258917][ T6511] el0_svc_common+0x130/0x23c [ 42.260292][ T6511] do_el0_svc+0x48/0x58 [ 42.261478][ T6511] el0_svc+0x58/0x17c [ 42.262598][ T6511] el0t_64_sync_handler+0x78/0x108 [ 42.264072][ T6511] el0t_64_sync+0x198/0x19c [ 42.265340][ T6511] irq event stamp: 14424 [ 42.266553][ T6511] hardirqs last enabled at (14423): [] __console_unlock+0x70/0xc4 [ 42.269167][ T6511] hardirqs last disabled at (14424): [] el1_dbg+0x24/0x80 [ 42.271581][ T6511] softirqs last enabled at (10864): [] handle_softirqs+0xaf8/0xc88 [ 42.274313][ T6511] softirqs last disabled at (10713): [] __do_softirq+0x14/0x20 [ 42.276931][ T6511] ---[ end trace 0000000000000000 ]--- executing program [ 42.347650][ T6512] FAULT_INJECTION: forcing a failure. [ 42.347650][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 42.347722][ T6512] CPU: 0 UID: 0 PID: 6512 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PRE ** replaying previous printk message ** [ 42.347722][ T6512] CPU: 0 UID: 0 PID: 6512 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.347740][ T6512] Tainted: [W]=WARN [ 42.347745][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.347752][ T6512] Call trace: [ 42.347756][ T6512] show_stack+0x2c/0x3c (C) [ 42.347773][ T6512] __dump_stack+0x30/0x40 [ 42.347784][ T6512] dump_stack_lvl+0xd8/0x12c [ 42.347794][ T6512] dump_stack+0x1c/0x28 [ 42.347804][ T6512] should_fail_ex+0x41c/0x594 [ 42.347816][ T6512] should_failslab+0xc0/0x128 [ 42.347829][ T6512] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.347844][ T6512] mas_alloc_nodes+0x268/0x788 [ 42.347857][ T6512] mas_preallocate+0x4b0/0x778 [ 42.347870][ T6512] commit_merge+0x1a4/0x5b0 [ 42.347883][ T6512] vma_merge_existing_range+0x1388/0x1964 [ 42.347897][ T6512] vma_modify+0x7c/0x424 [ 42.347909][ T6512] vma_modify_flags+0x18c/0x1dc [ 42.347922][ T6512] mlock_fixup+0x18c/0x2c4 [ 42.347934][ T6512] apply_mlockall_flags+0x290/0x344 [ 42.347945][ T6512] __arm64_sys_munlockall+0x11c/0x238 [ 42.347957][ T6512] invoke_syscall+0x98/0x2b8 [ 42.347967][ T6512] el0_svc_common+0x130/0x23c [ 42.347978][ T6512] do_el0_svc+0x48/0x58 [ 42.347987][ T6512] el0_svc+0x58/0x17c [ 42.348001][ T6512] el0t_64_sync_handler+0x78/0x108 [ 42.348014][ T6512] el0t_64_sync+0x198/0x19c [ 42.349794][ T6512] vmg ffff8000a0c37a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.349823][ T6512] vmg ffff8000a0c37a60 state: mm ffff0000ca5e6600 pgoff 20000 [ 42.349823][ T6512] vmi ffff8000a0c37c40 [20000000,20800000) [ 42.349823][ T6512] prev ffff0000cb028140 middle ffff0000cb028140 next 0000000000000000 target 0000000000000000 [ 42.349823][ T6512] start 20000000 end 20800000 flags 100077 [ 42.349823][ T6512] file 0000000000000000 anon_vma ffff0000d22be110 policy 0000000000000000 [ 42.349823][ T6512] uffd_ctx 0000000000000000 [ 42.349823][ T6512] anon_name 0000000000000000 [ 42.349823][ T6512] state 0 [ 42.349823][ T6512] just_expand 0 [ 42.349823][ T6512] __adjust_middle_start 0 __adjust_next_start 0 [ 42.349823][ T6512] __remove_middle 0 __remove_next 0 [ 42.349878][ T6512] vmg ffff8000a0c37a60 mm: [ 42.349897][ T6512] mm ffff0000ca5e6600 task_size 281474976710656 [ 42.349897][ T6512] mmap_base 281473148436480 mmap_legacy_base 0 [ 42.349897][ T6512] pgd ffff0000d817b000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 42.349897][ T6512] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.349897][ T6512] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.349897][ T6512] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 42.349897][ T6512] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 42.349897][ T6512] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 42.349897][ T6512] binfmt ffff80008f670700 flags 8000008d [ 42.349897][ T6512] ioctx_table 0000000000000000 [ 42.349897][ T6512] owner ffff0000cbf85b80 exe_file ffff0000d4cb41c0 [ 42.349897][ T6512] notifier_subscriptions 0000000000000000 [ 42.349897][ T6512] numa_next_scan 4294941586 numa_scan_offset 0 numa_scan_seq 0 [ 42.349897][ T6512] tlb_flush_pending 0 [ 42.349897][ T6512] def_flags: 0x0() [ 42.349977][ T6512] vmg ffff8000a0c37a60 prev: [ 42.349995][ T6512] vma ffff0000cb028140 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e6600 [ 42.349995][ T6512] prot 20000000000fc3 anon_vma ffff0000d22be110 vm_ops 0000000000000000 [ 42.349995][ T6512] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.349995][ T6512] refcnt 1 [ 42.349995][ T6512] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.350036][ T6512] vmg ffff8000a0c37a60 middle: [ 42.350053][ T6512] vma ffff0000cb028140 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e6600 [ 42.350053][ T6512] prot 20000000000fc3 anon_vma ffff0000d22be110 vm_ops 0000000000000000 [ 42.350053][ T6512] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.350053][ T6512] refcnt 1 [ 42.350053][ T6512] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.350092][ T6512] vmg ffff8000a0c37a60 next: (NULL) [ 42.350109][ T6512] vmg ffff8000a0c37a60 vmi: [ 42.350127][ T6512] MAS: tree=ffff0000ca5e6640 enode=ffff0000cba56e0c [ 42.350140][ T6512] (ma_active) [ 42.350155][ T6512] Store Type: [ 42.350171][ T6512] node_store [ 42.350193][ T6512] [2/10] index=20000000 last=207fffff [ 42.350213][ T6512] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 42.350235][ T6512] maple_tree(ffff0000ca5e6640) flags 30B, height 2 root ffff0000d597cc1e [ 42.350257][ T6512] 0-ffffffffffffffff: node ffff0000d597cc00 depth 0 type 3 parent ffff0000ca5e6641 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cba56e0c FFFF93059FFF ffff0000d0eedc0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.350524][ T6512] 0-ffff93059fff: node ffff0000cba56e00 depth 1 type 1 parent ffff0000d597cc06 contents: 0000000000000000 1FFFEFFF ffff0000cb028000 1FFFFFFF ffff0000cb028140 207FFFFF ffff0000ca3c0c80 20FFFFFF ffff0000cb028280 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cb0283c0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cb028500 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cb028640 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.350745][ T6512] 0-1fffefff: 0000000000000000 [ 42.350774][ T6512] 1ffff000-1fffffff: ffff0000cb028000 [ 42.350803][ T6512] 20000000-207fffff: ffff0000cb028140 [ 42.350831][ T6512] 20800000-20ffffff: ffff0000ca3c0c80 [ 42.350860][ T6512] 21000000-21000fff: ffff0000cb028280 [ 42.350889][ T6512] 21001000-aaaad5929fff: 0000000000000000 [ 42.350918][ T6512] aaaad592a000-aaaad594bfff: ffff0000cb0283c0 [ 42.350947][ T6512] aaaad594c000-ffff92fbffff: 0000000000000000 [ 42.350976][ T6512] ffff92fc0000-ffff9304bfff: ffff0000cb028500 [ 42.351005][ T6512] ffff9304c000-ffff93055fff: 0000000000000000 [ 42.351034][ T6512] ffff93056000-ffff93059fff: ffff0000cb028640 [ 42.351063][ T6512] ffff9305a000-ffffffffffffffff: node ffff0000d0eedc00 depth 1 type 1 parent ffff0000d597cc0e contents: ffff0000cb028780 FFFF9305BFFF ffff0000cb0288c0 FFFF9305FFFF ffff0000cb028a00 FFFF93062FFF ffff0000cb028b40 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cb028c80 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.354684][ T6512] ffff9305a000-ffff9305bfff: ffff0000cb028780 [ 42.354715][ T6512] ffff9305c000-ffff9305ffff: ffff0000cb0288c0 [ 42.354745][ T6512] ffff93060000-ffff93062fff: ffff0000cb028a00 [ 42.354774][ T6512] ffff93063000-ffff93068fff: ffff0000cb028b40 [ 42.354803][ T6512] ffff93069000-ffffd1a12fff: 0000000000000000 [ 42.354832][ T6512] ffffd1a13000-ffffd1a33fff: ffff0000cb028c80 [ 42.354861][ T6512] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 42.354988][ T6512] ------------[ cut here ]------------ [ 42.355001][ T6512] WARNING: CPU: 0 PID: 6512 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.542951][ T6512] Modules linked in: [ 42.544037][ T6512] CPU: 0 UID: 0 PID: 6512 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.547533][ T6512] Tainted: [W]=WARN [ 42.548566][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.551313][ T6512] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.553470][ T6512] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.555161][ T6512] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.556846][ T6512] sp : ffff8000a0c37910 [ 42.557995][ T6512] x29: ffff8000a0c37990 x28: dfff800000000000 x27: 0000000000000001 [ 42.560232][ T6512] x26: 0000000020000000 x25: ffff8000a0c37a80 x24: 0000000020000000 [ 42.562599][ T6512] x23: 1ffff00014186f50 x22: ffff0000cb028140 x21: 0000000020800000 [ 42.564787][ T6512] x20: ffff0000cb028140 x19: ffff8000a0c37a60 x18: 0000000000000000 [ 42.567094][ T6512] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 42.569370][ T6512] x14: 1fffe0003386aae2 x13: 0000000000000000 x12: 0000000000000000 [ 42.571629][ T6512] x11: ffff60003386aae3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.573867][ T6512] x8 : ffff0000cbf85b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.576047][ T6512] x5 : ffff8000a0c36ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 42.578205][ T6512] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.580395][ T6512] Call trace: [ 42.581270][ T6512] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.582916][ T6512] vma_modify+0x7c/0x424 [ 42.584059][ T6512] vma_modify_flags+0x18c/0x1dc [ 42.585394][ T6512] mlock_fixup+0x18c/0x2c4 [ 42.586629][ T6512] apply_mlockall_flags+0x290/0x344 [ 42.588061][ T6512] __arm64_sys_munlockall+0x11c/0x238 [ 42.589550][ T6512] invoke_syscall+0x98/0x2b8 [ 42.590856][ T6512] el0_svc_common+0x130/0x23c [ 42.592158][ T6512] do_el0_svc+0x48/0x58 [ 42.593296][ T6512] el0_svc+0x58/0x17c [ 42.594388][ T6512] el0t_64_sync_handler+0x78/0x108 [ 42.595830][ T6512] el0t_64_sync+0x198/0x19c [ 42.597117][ T6512] irq event stamp: 13992 [ 42.598312][ T6512] hardirqs last enabled at (13991): [] __console_unlock+0x70/0xc4 [ 42.600897][ T6512] hardirqs last disabled at (13992): [] el1_dbg+0x24/0x80 [ 42.603356][ T6512] softirqs last enabled at (13792): [] handle_softirqs+0xaf8/0xc88 [ 42.605979][ T6512] softirqs last disabled at (13777): [] __do_softirq+0x14/0x20 [ 42.608532][ T6512] ---[ end trace 0000000000000000 ]--- executing program [ 42.679613][ T6513] FAULT_INJECTION: forcing a failure. [ 42.679613][ T6513] name failslab, interval 1, probability 0, space 0, times 0 [ 42.679684][ ** replaying previous printk message ** [ 42.679684][ T6513] CPU: 0 UID: 0 PID: 6513 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.679702][ T6513] Tainted: [W]=WARN [ 42.679707][ T6513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.679714][ T6513] Call trace: [ 42.679719][ T6513] show_stack+0x2c/0x3c (C) [ 42.679735][ T6513] __dump_stack+0x30/0x40 [ 42.679746][ T6513] dump_stack_lvl+0xd8/0x12c [ 42.679757][ T6513] dump_stack+0x1c/0x28 [ 42.679766][ T6513] should_fail_ex+0x41c/0x594 [ 42.679779][ T6513] should_failslab+0xc0/0x128 [ 42.679793][ T6513] kmem_cache_alloc_noprof+0x80/0x3e8 [ 42.679808][ T6513] mas_alloc_nodes+0x268/0x788 [ 42.679821][ T6513] mas_preallocate+0x4b0/0x778 [ 42.679833][ T6513] commit_merge+0x1a4/0x5b0 [ 42.679846][ T6513] vma_merge_existing_range+0x1388/0x1964 [ 42.679860][ T6513] vma_modify+0x7c/0x424 [ 42.679872][ T6513] vma_modify_flags+0x18c/0x1dc [ 42.679885][ T6513] mlock_fixup+0x18c/0x2c4 [ 42.679897][ T6513] apply_mlockall_flags+0x290/0x344 [ 42.679909][ T6513] __arm64_sys_munlockall+0x11c/0x238 [ 42.679920][ T6513] invoke_syscall+0x98/0x2b8 [ 42.679931][ T6513] el0_svc_common+0x130/0x23c [ 42.679941][ T6513] do_el0_svc+0x48/0x58 [ 42.679951][ T6513] el0_svc+0x58/0x17c [ 42.679964][ T6513] el0t_64_sync_handler+0x78/0x108 [ 42.679978][ T6513] el0t_64_sync+0x198/0x19c [ 42.681961][ T6513] vmg ffff8000a0c37a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 42.681993][ T6513] vmg ffff8000a0c37a60 state: mm ffff0000ca5e6e80 pgoff 20000 [ 42.681993][ T6513] vmi ffff8000a0c37c40 [20000000,20800000) [ 42.681993][ T6513] prev ffff0000d817c000 middle ffff0000d817c000 next 0000000000000000 target 0000000000000000 [ 42.681993][ T6513] start 20000000 end 20800000 flags 100077 [ 42.681993][ T6513] file 0000000000000000 anon_vma ffff0000d22be330 policy 0000000000000000 [ 42.681993][ T6513] uffd_ctx 0000000000000000 [ 42.681993][ T6513] anon_name 0000000000000000 [ 42.681993][ T6513] state 0 [ 42.681993][ T6513] just_expand 0 [ 42.681993][ T6513] __adjust_middle_start 0 __adjust_next_start 0 [ 42.681993][ T6513] __remove_middle 0 __remove_next 0 [ 42.682048][ T6513] vmg ffff8000a0c37a60 mm: [ 42.682066][ T6513] mm ffff0000ca5e6e80 task_size 281474976710656 [ 42.682066][ T6513] mmap_base 281473148436480 mmap_legacy_base 0 [ 42.682066][ T6513] pgd ffff0000d817b000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 42.682066][ T6513] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 42.682066][ T6513] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 42.682066][ T6513] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 42.682066][ T6513] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 42.682066][ T6513] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 42.682066][ T6513] binfmt ffff80008f670700 flags 8000008d [ 42.682066][ T6513] ioctx_table 0000000000000000 [ 42.682066][ T6513] owner ffff0000d8030000 exe_file ffff0000d4cb41c0 [ 42.682066][ T6513] notifier_subscriptions 0000000000000000 [ 42.682066][ T6513] numa_next_scan 4294941619 numa_scan_offset 0 numa_scan_seq 0 [ 42.682066][ T6513] tlb_flush_pending 0 [ 42.682066][ T6513] def_flags: 0x0() [ 42.682145][ T6513] vmg ffff8000a0c37a60 prev: [ 42.682162][ T6513] vma ffff0000d817c000 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e6e80 [ 42.682162][ T6513] prot 20000000000fc3 anon_vma ffff0000d22be330 vm_ops 0000000000000000 [ 42.682162][ T6513] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.682162][ T6513] refcnt 1 [ 42.682162][ T6513] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.682203][ T6513] vmg ffff8000a0c37a60 middle: [ 42.682220][ T6513] vma ffff0000d817c000 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e6e80 [ 42.682220][ T6513] prot 20000000000fc3 anon_vma ffff0000d22be330 vm_ops 0000000000000000 [ 42.682220][ T6513] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 42.682220][ T6513] refcnt 1 [ 42.682220][ T6513] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 42.682259][ T6513] vmg ffff8000a0c37a60 next: (NULL) [ 42.682286][ T6513] vmg ffff8000a0c37a60 vmi: [ 42.682304][ T6513] MAS: tree=ffff0000ca5e6ec0 enode=ffff0000cba5760c [ 42.682317][ T6513] (ma_active) [ 42.682333][ T6513] Store Type: [ 42.682348][ T6513] node_store [ 42.682370][ T6513] [2/10] index=20000000 last=207fffff [ 42.682390][ T6513] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 42.682412][ T6513] maple_tree(ffff0000ca5e6ec0) flags 30B, height 2 root ffff0000d3e6881e [ 42.682441][ T6513] 0-ffffffffffffffff: node ffff0000d3e68800 depth 0 type 3 parent ffff0000ca5e6ec1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cba5760c FFFF93059FFF ffff0000ca16620c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 42.682691][ T6513] 0-ffff93059fff: node ffff0000cba57600 depth 1 type 1 parent ffff0000d3e68806 contents: 0000000000000000 1FFFEFFF ffff0000cb028dc0 1FFFFFFF ffff0000d817c000 207FFFFF ffff0000cbe3a000 20FFFFFF ffff0000d817c140 21000FFF 0000000000000000 AAAAD5929FFF ffff0000d817c280 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000d817c3c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000d817c500 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 42.682910][ T6513] 0-1fffefff: 0000000000000000 [ 42.682938][ T6513] 1ffff000-1fffffff: ffff0000cb028dc0 [ 42.682967][ T6513] 20000000-207fffff: ffff0000d817c000 [ 42.682995][ T6513] 20800000-20ffffff: ffff0000cbe3a000 [ 42.683024][ T6513] 21000000-21000fff: ffff0000d817c140 [ 42.683052][ T6513] 21001000-aaaad5929fff: 0000000000000000 [ 42.683081][ T6513] aaaad592a000-aaaad594bfff: ffff0000d817c280 [ 42.683110][ T6513] aaaad594c000-ffff92fbffff: 0000000000000000 [ 42.683139][ T6513] ffff92fc0000-ffff9304bfff: ffff0000d817c3c0 [ 42.683168][ T6513] ffff9304c000-ffff93055fff: 0000000000000000 [ 42.683196][ T6513] ffff93056000-ffff93059fff: ffff0000d817c500 [ 42.683226][ T6513] ffff9305a000-ffffffffffffffff: node ffff0000ca166200 depth 1 type 1 parent ffff0000d3e6880e contents: ffff0000d817c640 FFFF9305BFFF ffff0000d817c780 FFFF9305FFFF ffff0000d817c8c0 FFFF93062FFF ffff0000d817ca00 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000d817cb40 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 42.683449][ T6513] ffff9305a000-ffff9305bfff: ffff0000d817c640 [ 42.683478][ T6513] ffff9305c000-ffff9305ffff: ffff0000d817c780 [ 42.683507][ T6513] ffff93060000-ffff93062fff: ffff0000d817c8c0 [ 42.683537][ T6513] ffff93063000-ffff93068fff: ffff0000d817ca00 [ 42.683566][ T6513] ffff93069000-ffffd1a12fff: 0000000000000000 [ 42.683594][ T6513] ffffd1a13000-ffffd1a33fff: ffff0000d817cb40 [ 42.683623][ T6513] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 42.683750][ T6513] ------------[ cut here ]------------ [ 42.683762][ T6513] WARNING: CPU: 0 PID: 6513 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 42.874599][ T6513] Modules linked in: [ 42.875711][ T6513] CPU: 0 UID: 0 PID: 6513 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 42.879297][ T6513] Tainted: [W]=WARN [ 42.880378][ T6513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.883108][ T6513] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.885252][ T6513] pc : vma_merge_existing_range+0x14a8/0x1964 [ 42.886948][ T6513] lr : vma_merge_existing_range+0x14a8/0x1964 [ 42.888599][ T6513] sp : ffff8000a0c37910 [ 42.889730][ T6513] x29: ffff8000a0c37990 x28: dfff800000000000 x27: 0000000000000001 [ 42.891930][ T6513] x26: 0000000020000000 x25: ffff8000a0c37a80 x24: 0000000020000000 [ 42.894096][ T6513] x23: 1ffff00014186f50 x22: ffff0000d817c000 x21: 0000000020800000 [ 42.896345][ T6513] x20: ffff0000d817c000 x19: ffff8000a0c37a60 x18: 0000000000000000 [ 42.898633][ T6513] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 42.900932][ T6513] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 42.903167][ T6513] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 42.905503][ T6513] x8 : ffff0000d8030000 x7 : 0000000000000001 x6 : 0000000000000001 [ 42.907750][ T6513] x5 : ffff8000a0c36ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 42.910025][ T6513] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 42.912284][ T6513] Call trace: [ 42.913159][ T6513] vma_merge_existing_range+0x14a8/0x1964 (P) [ 42.914861][ T6513] vma_modify+0x7c/0x424 [ 42.916097][ T6513] vma_modify_flags+0x18c/0x1dc [ 42.917506][ T6513] mlock_fixup+0x18c/0x2c4 [ 42.918677][ T6513] apply_mlockall_flags+0x290/0x344 [ 42.920091][ T6513] __arm64_sys_munlockall+0x11c/0x238 [ 42.921604][ T6513] invoke_syscall+0x98/0x2b8 [ 42.922928][ T6513] el0_svc_common+0x130/0x23c [ 42.924243][ T6513] do_el0_svc+0x48/0x58 [ 42.925436][ T6513] el0_svc+0x58/0x17c [ 42.926522][ T6513] el0t_64_sync_handler+0x78/0x108 [ 42.927947][ T6513] el0t_64_sync+0x198/0x19c [ 42.929240][ T6513] irq event stamp: 13960 [ 42.930380][ T6513] hardirqs last enabled at (13959): [] __console_unlock+0x70/0xc4 [ 42.933027][ T6513] hardirqs last disabled at (13960): [] el1_dbg+0x24/0x80 [ 42.935496][ T6513] softirqs last enabled at (8174): [] handle_softirqs+0xaf8/0xc88 [ 42.938215][ T6513] softirqs last disabled at (8165): [] __do_softirq+0x14/0x20 [ 42.940758][ T6513] ---[ end trace 0000000000000000 ]--- executing program [ 43.010496][ T6514] FAULT_INJECTION: forcing a failure. [ 43.010496][ T6514] name ** replaying previous printk message ** [ 43.010496][ T6514] FAULT_INJECTION: forcing a failure. [ 43.010496][ T6514] name failslab, interval 1, probability 0, space 0, times 0 [ 43.010568][ T6514] CPU: 0 UID: 0 PID: 6514 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.010586][ T6514] Tainted: [W]=WARN [ 43.010591][ T6514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.010598][ T6514] Call trace: [ 43.010602][ T6514] show_stack+0x2c/0x3c (C) [ 43.010619][ T6514] __dump_stack+0x30/0x40 [ 43.010630][ T6514] dump_stack_lvl+0xd8/0x12c [ 43.010640][ T6514] dump_stack+0x1c/0x28 [ 43.010650][ T6514] should_fail_ex+0x41c/0x594 [ 43.010662][ T6514] should_failslab+0xc0/0x128 [ 43.010676][ T6514] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.010691][ T6514] mas_alloc_nodes+0x268/0x788 [ 43.010704][ T6514] mas_preallocate+0x4b0/0x778 [ 43.010716][ T6514] commit_merge+0x1a4/0x5b0 [ 43.010729][ T6514] vma_merge_existing_range+0x1388/0x1964 [ 43.010743][ T6514] vma_modify+0x7c/0x424 [ 43.010756][ T6514] vma_modify_flags+0x18c/0x1dc [ 43.010768][ T6514] mlock_fixup+0x18c/0x2c4 [ 43.010780][ T6514] apply_mlockall_flags+0x290/0x344 [ 43.010791][ T6514] __arm64_sys_munlockall+0x11c/0x238 [ 43.010803][ T6514] invoke_syscall+0x98/0x2b8 [ 43.010814][ T6514] el0_svc_common+0x130/0x23c [ 43.010824][ T6514] do_el0_svc+0x48/0x58 [ 43.010834][ T6514] el0_svc+0x58/0x17c [ 43.010847][ T6514] el0t_64_sync_handler+0x78/0x108 [ 43.010861][ T6514] el0t_64_sync+0x198/0x19c [ 43.011029][ T6514] vmg ffff8000a0c27a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.011051][ T6514] vmg ffff8000a0c27a60 state: mm ffff0000ca5e7700 pgoff 20000 [ 43.011051][ T6514] vmi ffff8000a0c27c40 [20000000,20800000) [ 43.011051][ T6514] prev ffff0000d817cdc0 middle ffff0000d817cdc0 next 0000000000000000 target 0000000000000000 [ 43.011051][ T6514] start 20000000 end 20800000 flags 100077 [ 43.011051][ T6514] file 0000000000000000 anon_vma ffff0000d22be550 policy 0000000000000000 [ 43.011051][ T6514] uffd_ctx 0000000000000000 [ 43.011051][ T6514] anon_name 0000000000000000 [ 43.011051][ T6514] state 0 [ 43.011051][ T6514] just_expand 0 [ 43.011051][ T6514] __adjust_middle_start 0 __adjust_next_start 0 [ 43.011051][ T6514] __remove_middle 0 __remove_next 0 [ 43.011142][ T6514] vmg ffff8000a0c27a60 mm: [ 43.011161][ T6514] mm ffff0000ca5e7700 task_size 281474976710656 [ 43.011161][ T6514] mmap_base 281473148436480 mmap_legacy_base 0 [ 43.011161][ T6514] pgd ffff0000ca0a9000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 43.011161][ T6514] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.011161][ T6514] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.011161][ T6514] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 43.011161][ T6514] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 43.011161][ T6514] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 43.011161][ T6514] binfmt ffff80008f670700 flags 8000008d [ 43.011161][ T6514] ioctx_table 0000000000000000 [ 43.011161][ T6514] owner ffff0000d8031e80 exe_file ffff0000d4cb41c0 [ 43.011161][ T6514] notifier_subscriptions 0000000000000000 [ 43.011161][ T6514] numa_next_scan 4294941653 numa_scan_offset 0 numa_scan_seq 0 [ 43.011161][ T6514] tlb_flush_pending 0 [ 43.011161][ T6514] def_flags: 0x0() [ 43.011241][ T6514] vmg ffff8000a0c27a60 prev: [ 43.011259][ T6514] vma ffff0000d817cdc0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e7700 [ 43.011259][ T6514] prot 20000000000fc3 anon_vma ffff0000d22be550 vm_ops 0000000000000000 [ 43.011259][ T6514] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.011259][ T6514] refcnt 1 [ 43.011259][ T6514] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.011308][ T6514] vmg ffff8000a0c27a60 middle: [ 43.011326][ T6514] vma ffff0000d817cdc0 start 0000000020000000 end 0000000020800000 mm ffff0000ca5e7700 [ 43.011326][ T6514] prot 20000000000fc3 anon_vma ffff0000d22be550 vm_ops 0000000000000000 [ 43.011326][ T6514] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.011326][ T6514] refcnt 1 [ 43.011326][ T6514] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.011365][ T6514] vmg ffff8000a0c27a60 next: (NULL) [ 43.011383][ T6514] vmg ffff8000a0c27a60 vmi: [ 43.011400][ T6514] MAS: tree=ffff0000ca5e7740 enode=ffff0000cba57e0c [ 43.011413][ T6514] (ma_active) [ 43.011429][ T6514] Store Type: [ 43.011444][ T6514] node_store [ 43.011472][ T6514] [2/10] index=20000000 last=207fffff [ 43.011492][ T6514] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 43.011515][ T6514] maple_tree(ffff0000ca5e7740) flags 30B, height 2 root ffff0000ca16641e [ 43.011537][ T6514] 0-ffffffffffffffff: node ffff0000ca166400 depth 0 type 3 parent ffff0000ca5e7741 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000cba57e0c FFFF93059FFF ffff0000ca16680c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.011789][ T6514] 0-ffff93059fff: node ffff0000cba57e00 depth 1 type 1 parent ffff0000ca166406 contents: 0000000000000000 1FFFEFFF ffff0000d817cc80 1FFFFFFF ffff0000d817cdc0 207FFFFF ffff0000cbe3a280 20FFFFFF ffff0000c91dc000 21000FFF 0000000000000000 AAAAD5929FFF ffff0000c91dc140 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000c91dc280 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000c91dc3c0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.012008][ T6514] 0-1fffefff: 0000000000000000 [ 43.012036][ T6514] 1ffff000-1fffffff: ffff0000d817cc80 [ 43.012065][ T6514] 20000000-207fffff: ffff0000d817cdc0 [ 43.012094][ T6514] 20800000-20ffffff: ffff0000cbe3a280 [ 43.012122][ T6514] 21000000-21000fff: ffff0000c91dc000 [ 43.012151][ T6514] 21001000-aaaad5929fff: 0000000000000000 [ 43.012179][ T6514] aaaad592a000-aaaad594bfff: ffff0000c91dc140 [ 43.012209][ T6514] aaaad594c000-ffff92fbffff: 0000000000000000 [ 43.012238][ T6514] ffff92fc0000-ffff9304bfff: ffff0000c91dc280 [ 43.012267][ T6514] ffff9304c000-ffff93055fff: 0000000000000000 [ 43.012300][ T6514] ffff93056000-ffff93059fff: ffff0000c91dc3c0 [ 43.012330][ T6514] ffff9305a000-ffffffffffffffff: node ffff0000ca166800 depth 1 type 1 parent ffff0000ca16640e contents: ffff0000c91dc500 FFFF9305BFFF ffff0000c91dc640 FFFF9305FFFF ffff0000c91dc780 FFFF93062FFF ffff0000c91dc8c0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000c91dca00 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.012550][ T6514] ffff9305a000-ffff9305bfff: ffff0000c91dc500 [ 43.012580][ T6514] ffff9305c000-ffff9305ffff: ffff0000c91dc640 [ 43.012609][ T6514] ffff93060000-ffff93062fff: ffff0000c91dc780 [ 43.012638][ T6514] ffff93063000-ffff93068fff: ffff0000c91dc8c0 [ 43.012667][ T6514] ffff93069000-ffffd1a12fff: 0000000000000000 [ 43.012696][ T6514] ffffd1a13000-ffffd1a33fff: ffff0000c91dca00 [ 43.012725][ T6514] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 43.012852][ T6514] ------------[ cut here ]------------ [ 43.012864][ T6514] WARNING: CPU: 0 PID: 6514 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.206290][ T6514] Modules linked in: [ 43.207356][ T6514] CPU: 0 UID: 0 PID: 6514 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.210830][ T6514] Tainted: [W]=WARN [ 43.211866][ T6514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.214542][ T6514] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.216691][ T6514] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.218357][ T6514] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.219974][ T6514] sp : ffff8000a0c27910 [ 43.221105][ T6514] x29: ffff8000a0c27990 x28: dfff800000000000 x27: 0000000000000001 [ 43.223298][ T6514] x26: 0000000020000000 x25: ffff8000a0c27a80 x24: 0000000020000000 [ 43.225580][ T6514] x23: 1ffff00014184f50 x22: ffff0000d817cdc0 x21: 0000000020800000 [ 43.227778][ T6514] x20: ffff0000d817cdc0 x19: ffff8000a0c27a60 x18: 0000000000000000 [ 43.229988][ T6514] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 43.232235][ T6514] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 43.234385][ T6514] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.236635][ T6514] x8 : ffff0000d8031e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.238883][ T6514] x5 : ffff8000a0c26ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 43.241072][ T6514] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.243234][ T6514] Call trace: [ 43.244191][ T6514] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.245860][ T6514] vma_modify+0x7c/0x424 [ 43.246999][ T6514] vma_modify_flags+0x18c/0x1dc [ 43.248352][ T6514] mlock_fixup+0x18c/0x2c4 [ 43.249572][ T6514] apply_mlockall_flags+0x290/0x344 [ 43.251036][ T6514] __arm64_sys_munlockall+0x11c/0x238 [ 43.252532][ T6514] invoke_syscall+0x98/0x2b8 [ 43.253772][ T6514] el0_svc_common+0x130/0x23c [ 43.255127][ T6514] do_el0_svc+0x48/0x58 [ 43.256300][ T6514] el0_svc+0x58/0x17c [ 43.257446][ T6514] el0t_64_sync_handler+0x78/0x108 [ 43.258935][ T6514] el0t_64_sync+0x198/0x19c [ 43.260194][ T6514] irq event stamp: 14154 [ 43.261456][ T6514] hardirqs last enabled at (14153): [] __console_unlock+0x70/0xc4 [ 43.264173][ T6514] hardirqs last disabled at (14154): [] el1_dbg+0x24/0x80 [ 43.266683][ T6514] softirqs last enabled at (10696): [] handle_softirqs+0xaf8/0xc88 [ 43.269344][ T6514] softirqs last disabled at (10687): [] __do_softirq+0x14/0x20 [ 43.271872][ T6514] ---[ end trace 0000000000000000 ]--- executing program [ 43.340951][ T6515] FAULT_INJECTION: forcing a failure. [ 43.340951][ T6515] name failslab, interval 1, probabil ** replaying previous printk message ** [ 43.340951][ T6515] FAULT_INJECTION: forcing a failure. [ 43.340951][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 43.341024][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.341042][ T6515] Tainted: [W]=WARN [ 43.341047][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.341054][ T6515] Call trace: [ 43.341058][ T6515] show_stack+0x2c/0x3c (C) [ 43.341075][ T6515] __dump_stack+0x30/0x40 [ 43.341087][ T6515] dump_stack_lvl+0xd8/0x12c [ 43.341097][ T6515] dump_stack+0x1c/0x28 [ 43.341110][ T6515] should_fail_ex+0x41c/0x594 [ 43.341122][ T6515] should_failslab+0xc0/0x128 [ 43.341135][ T6515] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.341150][ T6515] mas_alloc_nodes+0x268/0x788 [ 43.341163][ T6515] mas_preallocate+0x4b0/0x778 [ 43.341175][ T6515] commit_merge+0x1a4/0x5b0 [ 43.341188][ T6515] vma_merge_existing_range+0x1388/0x1964 [ 43.341202][ T6515] vma_modify+0x7c/0x424 [ 43.341214][ T6515] vma_modify_flags+0x18c/0x1dc [ 43.341227][ T6515] mlock_fixup+0x18c/0x2c4 [ 43.341239][ T6515] apply_mlockall_flags+0x290/0x344 [ 43.341250][ T6515] __arm64_sys_munlockall+0x11c/0x238 [ 43.341262][ T6515] invoke_syscall+0x98/0x2b8 [ 43.341280][ T6515] el0_svc_common+0x130/0x23c [ 43.341291][ T6515] do_el0_svc+0x48/0x58 [ 43.341301][ T6515] el0_svc+0x58/0x17c [ 43.341314][ T6515] el0t_64_sync_handler+0x78/0x108 [ 43.341328][ T6515] el0t_64_sync+0x198/0x19c [ 43.342066][ T6515] vmg ffff8000a0c17a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.342092][ T6515] vmg ffff8000a0c17a60 state: mm ffff0000cbee8000 pgoff 20000 [ 43.342092][ T6515] vmi ffff8000a0c17c40 [20000000,20800000) [ 43.342092][ T6515] prev ffff0000c91dcc80 middle ffff0000c91dcc80 next 0000000000000000 target 0000000000000000 [ 43.342092][ T6515] start 20000000 end 20800000 flags 100077 [ 43.342092][ T6515] file 0000000000000000 anon_vma ffff0000d22be770 policy 0000000000000000 [ 43.342092][ T6515] uffd_ctx 0000000000000000 [ 43.342092][ T6515] anon_name 0000000000000000 [ 43.342092][ T6515] state 0 [ 43.342092][ T6515] just_expand 0 [ 43.342092][ T6515] __adjust_middle_start 0 __adjust_next_start 0 [ 43.342092][ T6515] __remove_middle 0 __remove_next 0 [ 43.342147][ T6515] vmg ffff8000a0c17a60 mm: [ 43.342165][ T6515] mm ffff0000cbee8000 task_size 281474976710656 [ 43.342165][ T6515] mmap_base 281473148436480 mmap_legacy_base 0 [ 43.342165][ T6515] pgd ffff0000dd0b0000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 43.342165][ T6515] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.342165][ T6515] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.342165][ T6515] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 43.342165][ T6515] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 43.342165][ T6515] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 43.342165][ T6515] binfmt ffff80008f670700 flags 8000008d [ 43.342165][ T6515] ioctx_table 0000000000000000 [ 43.342165][ T6515] owner ffff0000d8033d00 exe_file ffff0000d4cb41c0 [ 43.342165][ T6515] notifier_subscriptions 0000000000000000 [ 43.342165][ T6515] numa_next_scan 4294941686 numa_scan_offset 0 numa_scan_seq 0 [ 43.342165][ T6515] tlb_flush_pending 0 [ 43.342165][ T6515] def_flags: 0x0() [ 43.342245][ T6515] vmg ffff8000a0c17a60 prev: [ 43.342263][ T6515] vma ffff0000c91dcc80 start 0000000020000000 end 0000000020800000 mm ffff0000cbee8000 [ 43.342263][ T6515] prot 20000000000fc3 anon_vma ffff0000d22be770 vm_ops 0000000000000000 [ 43.342263][ T6515] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.342263][ T6515] refcnt 1 [ 43.342263][ T6515] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.342315][ T6515] vmg ffff8000a0c17a60 middle: [ 43.342332][ T6515] vma ffff0000c91dcc80 start 0000000020000000 end 0000000020800000 mm ffff0000cbee8000 [ 43.342332][ T6515] prot 20000000000fc3 anon_vma ffff0000d22be770 vm_ops 0000000000000000 [ 43.342332][ T6515] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.342332][ T6515] refcnt 1 [ 43.342332][ T6515] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.342371][ T6515] vmg ffff8000a0c17a60 next: (NULL) [ 43.342389][ T6515] vmg ffff8000a0c17a60 vmi: [ 43.342406][ T6515] MAS: tree=ffff0000cbee8040 enode=ffff0000c7babc0c [ 43.342419][ T6515] (ma_active) [ 43.342435][ T6515] Store Type: [ 43.342450][ T6515] node_store [ 43.342472][ T6515] [2/10] index=20000000 last=207fffff [ 43.342498][ T6515] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 43.342520][ T6515] maple_tree(ffff0000cbee8040) flags 30B, height 2 root ffff0000ca166a1e [ 43.342543][ T6515] 0-ffffffffffffffff: node ffff0000ca166a00 depth 0 type 3 parent ffff0000cbee8041 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c7babc0c FFFF93059FFF ffff0000ca166e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.342800][ T6515] 0-ffff93059fff: node ffff0000c7babc00 depth 1 type 1 parent ffff0000ca166a06 contents: 0000000000000000 1FFFEFFF ffff0000c91dcb40 1FFFFFFF ffff0000c91dcc80 207FFFFF ffff0000cbe3a500 20FFFFFF ffff0000c91dcdc0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000dd0b1000 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000dd0b1140 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000dd0b1280 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.343030][ T6515] 0-1fffefff: 0000000000000000 [ 43.343060][ T6515] 1ffff000-1fffffff: ffff0000c91dcb40 [ 43.343090][ T6515] 20000000-207fffff: ffff0000c91dcc80 [ 43.343121][ T6515] 20800000-20ffffff: ffff0000cbe3a500 [ 43.343152][ T6515] 21000000-21000fff: ffff0000c91dcdc0 [ 43.343182][ T6515] 21001000-aaaad5929fff: 0000000000000000 [ 43.343212][ T6515] aaaad592a000-aaaad594bfff: ffff0000dd0b1000 [ 43.343243][ T6515] aaaad594c000-ffff92fbffff: 0000000000000000 [ 43.343279][ T6515] ffff92fc0000-ffff9304bfff: ffff0000dd0b1140 [ 43.343310][ T6515] ffff9304c000-ffff93055fff: 0000000000000000 [ 43.343340][ T6515] ffff93056000-ffff93059fff: ffff0000dd0b1280 [ 43.343372][ T6515] ffff9305a000-ffffffffffffffff: node ffff0000ca166e00 depth 1 type 1 parent ffff0000ca166a0e contents: ffff0000dd0b13c0 FFFF9305BFFF ffff0000dd0b1500 FFFF9305FFFF ffff0000dd0b1640 FFFF93062FFF ffff0000dd0b1780 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000dd0b18c0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.343602][ T6515] ffff9305a000-ffff9305bfff: ffff0000dd0b13c0 [ 43.343633][ T6515] ffff9305c000-ffff9305ffff: ffff0000dd0b1500 [ 43.343664][ T6515] ffff93060000-ffff93062fff: ffff0000dd0b1640 [ 43.343695][ T6515] ffff93063000-ffff93068fff: ffff0000dd0b1780 [ 43.343726][ T6515] ffff93069000-ffffd1a12fff: 0000000000000000 [ 43.343756][ T6515] ffffd1a13000-ffffd1a33fff: ffff0000dd0b18c0 [ 43.343787][ T6515] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 43.343922][ T6515] ------------[ cut here ]------------ [ 43.343935][ T6515] WARNING: CPU: 0 PID: 6515 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.540075][ T6515] Modules linked in: [ 43.541195][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.545005][ T6515] Tainted: [W]=WARN [ 43.546105][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.548980][ T6515] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.551182][ T6515] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.552977][ T6515] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.554677][ T6515] sp : ffff8000a0c17910 [ 43.555895][ T6515] x29: ffff8000a0c17990 x28: dfff800000000000 x27: 0000000000000001 [ 43.558203][ T6515] x26: 0000000020000000 x25: ffff8000a0c17a80 x24: 0000000020000000 [ 43.560432][ T6515] x23: 1ffff00014182f50 x22: ffff0000c91dcc80 x21: 0000000020800000 [ 43.562681][ T6515] x20: ffff0000c91dcc80 x19: ffff8000a0c17a60 x18: 0000000000000000 [ 43.565229][ T6515] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 43.567463][ T6515] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 43.569761][ T6515] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.572030][ T6515] x8 : ffff0000d8033d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.574234][ T6515] x5 : ffff8000a0c16ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 43.576556][ T6515] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.578835][ T6515] Call trace: [ 43.579772][ T6515] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.581525][ T6515] vma_modify+0x7c/0x424 [ 43.582817][ T6515] vma_modify_flags+0x18c/0x1dc [ 43.584173][ T6515] mlock_fixup+0x18c/0x2c4 [ 43.585473][ T6515] apply_mlockall_flags+0x290/0x344 [ 43.586990][ T6515] __arm64_sys_munlockall+0x11c/0x238 [ 43.588533][ T6515] invoke_syscall+0x98/0x2b8 [ 43.589774][ T6515] el0_svc_common+0x130/0x23c [ 43.591041][ T6515] do_el0_svc+0x48/0x58 [ 43.592247][ T6515] el0_svc+0x58/0x17c [ 43.593391][ T6515] el0t_64_sync_handler+0x78/0x108 [ 43.594908][ T6515] el0t_64_sync+0x198/0x19c [ 43.596177][ T6515] irq event stamp: 14480 [ 43.597333][ T6515] hardirqs last enabled at (14479): [] __console_unlock+0x70/0xc4 [ 43.600008][ T6515] hardirqs last disabled at (14480): [] el1_dbg+0x24/0x80 [ 43.602457][ T6515] softirqs last enabled at (13708): [] handle_softirqs+0xaf8/0xc88 [ 43.605136][ T6515] softirqs last disabled at (13587): [] __do_softirq+0x14/0x20 [ 43.607726][ T6515] ---[ end trace 0000000000000000 ]--- executing program [ 43.686876][ T6516] FAULT_INJECTION: forcing a failure. [ 43.686876][ T6516] name failslab, interval 1, ** replaying previous printk message ** [ 43.686876][ T6516] FAULT_INJECTION: forcing a failure. [ 43.686876][ T6516] name failslab, interval 1, probability 0, space 0, times 0 [ 43.686953][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.686972][ T6516] Tainted: [W]=WARN [ 43.686977][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.686985][ T6516] Call trace: [ 43.686989][ T6516] show_stack+0x2c/0x3c (C) [ 43.687007][ T6516] __dump_stack+0x30/0x40 [ 43.687019][ T6516] dump_stack_lvl+0xd8/0x12c [ 43.687030][ T6516] dump_stack+0x1c/0x28 [ 43.687040][ T6516] should_fail_ex+0x41c/0x594 [ 43.687054][ T6516] should_failslab+0xc0/0x128 [ 43.687068][ T6516] kmem_cache_alloc_noprof+0x80/0x3e8 [ 43.687083][ T6516] mas_alloc_nodes+0x268/0x788 [ 43.687098][ T6516] mas_preallocate+0x4b0/0x778 [ 43.687111][ T6516] commit_merge+0x1a4/0x5b0 [ 43.687124][ T6516] vma_merge_existing_range+0x1388/0x1964 [ 43.687139][ T6516] vma_modify+0x7c/0x424 [ 43.687152][ T6516] vma_modify_flags+0x18c/0x1dc [ 43.687166][ T6516] mlock_fixup+0x18c/0x2c4 [ 43.687179][ T6516] apply_mlockall_flags+0x290/0x344 [ 43.687191][ T6516] __arm64_sys_munlockall+0x11c/0x238 [ 43.687204][ T6516] invoke_syscall+0x98/0x2b8 [ 43.687215][ T6516] el0_svc_common+0x130/0x23c [ 43.687226][ T6516] do_el0_svc+0x48/0x58 [ 43.687237][ T6516] el0_svc+0x58/0x17c [ 43.687251][ T6516] el0t_64_sync_handler+0x78/0x108 [ 43.687265][ T6516] el0t_64_sync+0x198/0x19c [ 43.687851][ T6516] vmg ffff8000a0c07a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 43.687877][ T6516] vmg ffff8000a0c07a60 state: mm ffff0000cbee8880 pgoff 20000 [ 43.687877][ T6516] vmi ffff8000a0c07c40 [20000000,20800000) [ 43.687877][ T6516] prev ffff0000dd0b1b40 middle ffff0000dd0b1b40 next 0000000000000000 target 0000000000000000 [ 43.687877][ T6516] start 20000000 end 20800000 flags 100077 [ 43.687877][ T6516] file 0000000000000000 anon_vma ffff0000d22be990 policy 0000000000000000 [ 43.687877][ T6516] uffd_ctx 0000000000000000 [ 43.687877][ T6516] anon_name 0000000000000000 [ 43.687877][ T6516] state 0 [ 43.687877][ T6516] just_expand 0 [ 43.687877][ T6516] __adjust_middle_start 0 __adjust_next_start 0 [ 43.687877][ T6516] __remove_middle 0 __remove_next 0 [ 43.687936][ T6516] vmg ffff8000a0c07a60 mm: [ 43.687955][ T6516] mm ffff0000cbee8880 task_size 281474976710656 [ 43.687955][ T6516] mmap_base 281473148436480 mmap_legacy_base 0 [ 43.687955][ T6516] pgd ffff0000d8eed000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 43.687955][ T6516] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 43.687955][ T6516] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 43.687955][ T6516] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 43.687955][ T6516] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 43.687955][ T6516] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 43.687955][ T6516] binfmt ffff80008f670700 flags 8000008d [ 43.687955][ T6516] ioctx_table 0000000000000000 [ 43.687955][ T6516] owner ffff0000d8035b80 exe_file ffff0000d4cb41c0 [ 43.687955][ T6516] notifier_subscriptions 0000000000000000 [ 43.687955][ T6516] numa_next_scan 4294941719 numa_scan_offset 0 numa_scan_seq 0 [ 43.687955][ T6516] tlb_flush_pending 0 [ 43.687955][ T6516] def_flags: 0x0() [ 43.688041][ T6516] vmg ffff8000a0c07a60 prev: [ 43.688060][ T6516] vma ffff0000dd0b1b40 start 0000000020000000 end 0000000020800000 mm ffff0000cbee8880 [ 43.688060][ T6516] prot 20000000000fc3 anon_vma ffff0000d22be990 vm_ops 0000000000000000 [ 43.688060][ T6516] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.688060][ T6516] refcnt 1 [ 43.688060][ T6516] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.688102][ T6516] vmg ffff8000a0c07a60 middle: [ 43.688121][ T6516] vma ffff0000dd0b1b40 start 0000000020000000 end 0000000020800000 mm ffff0000cbee8880 [ 43.688121][ T6516] prot 20000000000fc3 anon_vma ffff0000d22be990 vm_ops 0000000000000000 [ 43.688121][ T6516] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 43.688121][ T6516] refcnt 1 [ 43.688121][ T6516] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 43.688162][ T6516] vmg ffff8000a0c07a60 next: (NULL) [ 43.688181][ T6516] vmg ffff8000a0c07a60 vmi: [ 43.688199][ T6516] MAS: tree=ffff0000cbee88c0 enode=ffff0000c1c2120c [ 43.688213][ T6516] (ma_active) [ 43.688229][ T6516] Store Type: [ 43.688246][ T6516] node_store [ 43.688269][ T6516] [2/10] index=20000000 last=207fffff [ 43.688300][ T6516] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 43.688329][ T6516] maple_tree(ffff0000cbee88c0) flags 30B, height 2 root ffff0000ca16701e [ 43.688352][ T6516] 0-ffffffffffffffff: node ffff0000ca167000 depth 0 type 3 parent ffff0000cbee88c1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c1c2120c FFFF93059FFF ffff0000ca16740c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 43.688619][ T6516] 0-ffff93059fff: node ffff0000c1c21200 depth 1 type 1 parent ffff0000ca167006 contents: 0000000000000000 1FFFEFFF ffff0000dd0b1a00 1FFFFFFF ffff0000dd0b1b40 207FFFFF ffff0000cbe3a780 20FFFFFF ffff0000dd0b1c80 21000FFF 0000000000000000 AAAAD5929FFF ffff0000dd0b1dc0 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cbf31000 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cbf31140 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 43.688851][ T6516] 0-1fffefff: 0000000000000000 [ 43.688881][ T6516] 1ffff000-1fffffff: ffff0000dd0b1a00 [ 43.688912][ T6516] 20000000-207fffff: ffff0000dd0b1b40 [ 43.688942][ T6516] 20800000-20ffffff: ffff0000cbe3a780 [ 43.688973][ T6516] 21000000-21000fff: ffff0000dd0b1c80 [ 43.689003][ T6516] 21001000-aaaad5929fff: 0000000000000000 [ 43.689033][ T6516] aaaad592a000-aaaad594bfff: ffff0000dd0b1dc0 [ 43.689064][ T6516] aaaad594c000-ffff92fbffff: 0000000000000000 [ 43.689095][ T6516] ffff92fc0000-ffff9304bfff: ffff0000cbf31000 [ 43.689127][ T6516] ffff9304c000-ffff93055fff: 0000000000000000 [ 43.689157][ T6516] ffff93056000-ffff93059fff: ffff0000cbf31140 [ 43.689188][ T6516] ffff9305a000-ffffffffffffffff: node ffff0000ca167400 depth 1 type 1 parent ffff0000ca16700e contents: ffff0000cbf31280 FFFF9305BFFF ffff0000cbf313c0 FFFF9305FFFF ffff0000cbf31500 FFFF93062FFF ffff0000cbf31640 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cbf31780 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 43.689427][ T6516] ffff9305a000-ffff9305bfff: ffff0000cbf31280 [ 43.689458][ T6516] ffff9305c000-ffff9305ffff: ffff0000cbf313c0 [ 43.689489][ T6516] ffff93060000-ffff93062fff: ffff0000cbf31500 [ 43.689520][ T6516] ffff93063000-ffff93068fff: ffff0000cbf31640 [ 43.689551][ T6516] ffff93069000-ffffd1a12fff: 0000000000000000 [ 43.689581][ T6516] ffffd1a13000-ffffd1a33fff: ffff0000cbf31780 [ 43.689612][ T6516] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 43.689748][ T6516] ------------[ cut here ]------------ [ 43.689761][ T6516] WARNING: CPU: 0 PID: 6516 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 43.886093][ T6516] Modules linked in: [ 43.887147][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 43.890729][ T6516] Tainted: [W]=WARN [ 43.891791][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.894584][ T6516] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.896813][ T6516] pc : vma_merge_existing_range+0x14a8/0x1964 [ 43.898612][ T6516] lr : vma_merge_existing_range+0x14a8/0x1964 [ 43.900386][ T6516] sp : ffff8000a0c07910 [ 43.901497][ T6516] x29: ffff8000a0c07990 x28: dfff800000000000 x27: 0000000000000001 [ 43.903861][ T6516] x26: 0000000020000000 x25: ffff8000a0c07a80 x24: 0000000020000000 [ 43.906220][ T6516] x23: 1ffff00014180f50 x22: ffff0000dd0b1b40 x21: 0000000020800000 [ 43.908674][ T6516] x20: ffff0000dd0b1b40 x19: ffff8000a0c07a60 x18: 0000000000000000 [ 43.910938][ T6516] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 43.913174][ T6516] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 43.915439][ T6516] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.917609][ T6516] x8 : ffff0000d8035b80 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.919831][ T6516] x5 : ffff8000a0c06ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 43.922038][ T6516] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 43.924332][ T6516] Call trace: [ 43.925257][ T6516] vma_merge_existing_range+0x14a8/0x1964 (P) [ 43.926967][ T6516] vma_modify+0x7c/0x424 [ 43.928142][ T6516] vma_modify_flags+0x18c/0x1dc [ 43.929590][ T6516] mlock_fixup+0x18c/0x2c4 [ 43.930811][ T6516] apply_mlockall_flags+0x290/0x344 [ 43.932214][ T6516] __arm64_sys_munlockall+0x11c/0x238 [ 43.933676][ T6516] invoke_syscall+0x98/0x2b8 [ 43.934912][ T6516] el0_svc_common+0x130/0x23c [ 43.936318][ T6516] do_el0_svc+0x48/0x58 [ 43.937487][ T6516] el0_svc+0x58/0x17c [ 43.938643][ T6516] el0t_64_sync_handler+0x78/0x108 [ 43.940073][ T6516] el0t_64_sync+0x198/0x19c [ 43.941417][ T6516] irq event stamp: 14252 [ 43.942581][ T6516] hardirqs last enabled at (14251): [] __console_unlock+0x70/0xc4 [ 43.945175][ T6516] hardirqs last disabled at (14252): [] el1_dbg+0x24/0x80 [ 43.947581][ T6516] softirqs last enabled at (12140): [] handle_softirqs+0xaf8/0xc88 [ 43.950178][ T6516] softirqs last disabled at (12127): [] __do_softirq+0x14/0x20 [ 43.952786][ T6516] ---[ end trace 0000000000000000 ]--- executing program [ 44.023039][ T6517] FAULT_INJECTION: forcing a failure. [ 44.023039][ T6517] name failslab, interval 1 ** replaying previous printk message ** [ 44.023039][ T6517] FAULT_INJECTION: forcing a failure. [ 44.023039][ T6517] name failslab, interval 1, probability 0, space 0, times 0 [ 44.023107][ T6517] CPU: 0 UID: 0 PID: 6517 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.023125][ T6517] Tainted: [W]=WARN [ 44.023130][ T6517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.023138][ T6517] Call trace: [ 44.023142][ T6517] show_stack+0x2c/0x3c (C) [ 44.023159][ T6517] __dump_stack+0x30/0x40 [ 44.023172][ T6517] dump_stack_lvl+0xd8/0x12c [ 44.023183][ T6517] dump_stack+0x1c/0x28 [ 44.023193][ T6517] should_fail_ex+0x41c/0x594 [ 44.023206][ T6517] should_failslab+0xc0/0x128 [ 44.023220][ T6517] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.023235][ T6517] mas_alloc_nodes+0x268/0x788 [ 44.023249][ T6517] mas_preallocate+0x4b0/0x778 [ 44.023262][ T6517] commit_merge+0x1a4/0x5b0 [ 44.023284][ T6517] vma_merge_existing_range+0x1388/0x1964 [ 44.023299][ T6517] vma_modify+0x7c/0x424 [ 44.023312][ T6517] vma_modify_flags+0x18c/0x1dc [ 44.023325][ T6517] mlock_fixup+0x18c/0x2c4 [ 44.023338][ T6517] apply_mlockall_flags+0x290/0x344 [ 44.023350][ T6517] __arm64_sys_munlockall+0x11c/0x238 [ 44.023368][ T6517] invoke_syscall+0x98/0x2b8 [ 44.023379][ T6517] el0_svc_common+0x130/0x23c [ 44.023390][ T6517] do_el0_svc+0x48/0x58 [ 44.023400][ T6517] el0_svc+0x58/0x17c [ 44.023414][ T6517] el0t_64_sync_handler+0x78/0x108 [ 44.023427][ T6517] el0t_64_sync+0x198/0x19c [ 44.023992][ T6517] vmg ffff8000a0bf7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.024018][ T6517] vmg ffff8000a0bf7a60 state: mm ffff0000cbee9100 pgoff 20000 [ 44.024018][ T6517] vmi ffff8000a0bf7c40 [20000000,20800000) [ 44.024018][ T6517] prev ffff0000cbf31a00 middle ffff0000cbf31a00 next 0000000000000000 target 0000000000000000 [ 44.024018][ T6517] start 20000000 end 20800000 flags 100077 [ 44.024018][ T6517] file 0000000000000000 anon_vma ffff0000d22bebb0 policy 0000000000000000 [ 44.024018][ T6517] uffd_ctx 0000000000000000 [ 44.024018][ T6517] anon_name 0000000000000000 [ 44.024018][ T6517] state 0 [ 44.024018][ T6517] just_expand 0 [ 44.024018][ T6517] __adjust_middle_start 0 __adjust_next_start 0 [ 44.024018][ T6517] __remove_middle 0 __remove_next 0 [ 44.024077][ T6517] vmg ffff8000a0bf7a60 mm: [ 44.024095][ T6517] mm ffff0000cbee9100 task_size 281474976710656 [ 44.024095][ T6517] mmap_base 281473148436480 mmap_legacy_base 0 [ 44.024095][ T6517] pgd ffff0000cc25c000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 44.024095][ T6517] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.024095][ T6517] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.024095][ T6517] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 44.024095][ T6517] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 44.024095][ T6517] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 44.024095][ T6517] binfmt ffff80008f670700 flags 8000008d [ 44.024095][ T6517] ioctx_table 0000000000000000 [ 44.024095][ T6517] owner ffff0000cc400000 exe_file ffff0000d4cb41c0 [ 44.024095][ T6517] notifier_subscriptions 0000000000000000 [ 44.024095][ T6517] numa_next_scan 4294941754 numa_scan_offset 0 numa_scan_seq 0 [ 44.024095][ T6517] tlb_flush_pending 0 [ 44.024095][ T6517] def_flags: 0x0() [ 44.024181][ T6517] vmg ffff8000a0bf7a60 prev: [ 44.024199][ T6517] vma ffff0000cbf31a00 start 0000000020000000 end 0000000020800000 mm ffff0000cbee9100 [ 44.024199][ T6517] prot 20000000000fc3 anon_vma ffff0000d22bebb0 vm_ops 0000000000000000 [ 44.024199][ T6517] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.024199][ T6517] refcnt 1 [ 44.024199][ T6517] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.024242][ T6517] vmg ffff8000a0bf7a60 middle: [ 44.024260][ T6517] vma ffff0000cbf31a00 start 0000000020000000 end 0000000020800000 mm ffff0000cbee9100 [ 44.024260][ T6517] prot 20000000000fc3 anon_vma ffff0000d22bebb0 vm_ops 0000000000000000 [ 44.024260][ T6517] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.024260][ T6517] refcnt 1 [ 44.024260][ T6517] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.024312][ T6517] vmg ffff8000a0bf7a60 next: (NULL) [ 44.024331][ T6517] vmg ffff8000a0bf7a60 vmi: [ 44.024349][ T6517] MAS: tree=ffff0000cbee9140 enode=ffff0000c1c21a0c [ 44.024368][ T6517] (ma_active) [ 44.024384][ T6517] Store Type: [ 44.024400][ T6517] node_store [ 44.024430][ T6517] [2/10] index=20000000 last=207fffff [ 44.024451][ T6517] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 44.024474][ T6517] maple_tree(ffff0000cbee9140) flags 30B, height 2 root ffff0000ca16761e [ 44.024498][ T6517] 0-ffffffffffffffff: node ffff0000ca167600 depth 0 type 3 parent ffff0000cbee9141 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c1c21a0c FFFF93059FFF ffff0000ca167a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.024768][ T6517] 0-ffff93059fff: node ffff0000c1c21a00 depth 1 type 1 parent ffff0000ca167606 contents: 0000000000000000 1FFFEFFF ffff0000cbf318c0 1FFFFFFF ffff0000cbf31a00 207FFFFF ffff0000cbe3aa00 20FFFFFF ffff0000cbf31b40 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cbf31c80 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cbf31dc0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cc580000 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.024999][ T6517] 0-1fffefff: 0000000000000000 [ 44.025029][ T6517] 1ffff000-1fffffff: ffff0000cbf318c0 [ 44.025060][ T6517] 20000000-207fffff: ffff0000cbf31a00 [ 44.025090][ T6517] 20800000-20ffffff: ffff0000cbe3aa00 [ 44.025121][ T6517] 21000000-21000fff: ffff0000cbf31b40 [ 44.025151][ T6517] 21001000-aaaad5929fff: 0000000000000000 [ 44.025181][ T6517] aaaad592a000-aaaad594bfff: ffff0000cbf31c80 [ 44.025212][ T6517] aaaad594c000-ffff92fbffff: 0000000000000000 [ 44.025241][ T6517] ffff92fc0000-ffff9304bfff: ffff0000cbf31dc0 [ 44.025270][ T6517] ffff9304c000-ffff93055fff: 0000000000000000 [ 44.025304][ T6517] ffff93056000-ffff93059fff: ffff0000cc580000 [ 44.025334][ T6517] ffff9305a000-ffffffffffffffff: node ffff0000ca167a00 depth 1 type 1 parent ffff0000ca16760e contents: ffff0000cc580140 FFFF9305BFFF ffff0000cc580280 FFFF9305FFFF ffff0000cc5803c0 FFFF93062FFF ffff0000cc580500 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cc580640 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.025554][ T6517] ffff9305a000-ffff9305bfff: ffff0000cc580140 [ 44.025583][ T6517] ffff9305c000-ffff9305ffff: ffff0000cc580280 [ 44.025613][ T6517] ffff93060000-ffff93062fff: ffff0000cc5803c0 [ 44.025642][ T6517] ffff93063000-ffff93068fff: ffff0000cc580500 [ 44.025671][ T6517] ffff93069000-ffffd1a12fff: 0000000000000000 [ 44.025700][ T6517] ffffd1a13000-ffffd1a33fff: ffff0000cc580640 [ 44.025729][ T6517] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 44.025857][ T6517] ------------[ cut here ]------------ [ 44.025869][ T6517] WARNING: CPU: 0 PID: 6517 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.219210][ T6517] Modules linked in: [ 44.220297][ T6517] CPU: 0 UID: 0 PID: 6517 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.223819][ T6517] Tainted: [W]=WARN [ 44.224828][ T6517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.227527][ T6517] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.229478][ T6517] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.231005][ T6517] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.232762][ T6517] sp : ffff8000a0bf7910 [ 44.233918][ T6517] x29: ffff8000a0bf7990 x28: dfff800000000000 x27: 0000000000000001 [ 44.236174][ T6517] x26: 0000000020000000 x25: ffff8000a0bf7a80 x24: 0000000020000000 [ 44.238369][ T6517] x23: 1ffff0001417ef50 x22: ffff0000cbf31a00 x21: 0000000020800000 [ 44.240601][ T6517] x20: ffff0000cbf31a00 x19: ffff8000a0bf7a60 x18: 0000000000000000 [ 44.242812][ T6517] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 44.245067][ T6517] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 44.247244][ T6517] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.249459][ T6517] x8 : ffff0000cc400000 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.251580][ T6517] x5 : ffff8000a0bf6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 44.253845][ T6517] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.256154][ T6517] Call trace: [ 44.257140][ T6517] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.258887][ T6517] vma_modify+0x7c/0x424 [ 44.260047][ T6517] vma_modify_flags+0x18c/0x1dc [ 44.261421][ T6517] mlock_fixup+0x18c/0x2c4 [ 44.262993][ T6517] apply_mlockall_flags+0x290/0x344 [ 44.264500][ T6517] __arm64_sys_munlockall+0x11c/0x238 [ 44.266013][ T6517] invoke_syscall+0x98/0x2b8 [ 44.267305][ T6517] el0_svc_common+0x130/0x23c [ 44.268575][ T6517] do_el0_svc+0x48/0x58 [ 44.269716][ T6517] el0_svc+0x58/0x17c [ 44.270844][ T6517] el0t_64_sync_handler+0x78/0x108 [ 44.272358][ T6517] el0t_64_sync+0x198/0x19c [ 44.273637][ T6517] irq event stamp: 14012 [ 44.274824][ T6517] hardirqs last enabled at (14011): [] __console_unlock+0x70/0xc4 [ 44.277428][ T6517] hardirqs last disabled at (14012): [] el1_dbg+0x24/0x80 [ 44.279806][ T6517] softirqs last enabled at (12716): [] handle_softirqs+0xaf8/0xc88 [ 44.282452][ T6517] softirqs last disabled at (12707): [] __do_softirq+0x14/0x20 [ 44.285014][ T6517] ---[ end trace 0000000000000000 ]--- executing program [ 44.355178][ T6518] FAULT_INJECTION: forcing a failure. [ 44.355178][ T6518] ** replaying previous printk message ** [ 44.355178][ T6518] FAULT_INJECTION: forcing a failure. [ 44.355178][ T6518] name failslab, interval 1, probability 0, space 0, times 0 [ 44.355253][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.355272][ T6518] Tainted: [W]=WARN [ 44.355286][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.355293][ T6518] Call trace: [ 44.355297][ T6518] show_stack+0x2c/0x3c (C) [ 44.355314][ T6518] __dump_stack+0x30/0x40 [ 44.355327][ T6518] dump_stack_lvl+0xd8/0x12c [ 44.355337][ T6518] dump_stack+0x1c/0x28 [ 44.355347][ T6518] should_fail_ex+0x41c/0x594 [ 44.355359][ T6518] should_failslab+0xc0/0x128 [ 44.355372][ T6518] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.355388][ T6518] mas_alloc_nodes+0x268/0x788 [ 44.355401][ T6518] mas_preallocate+0x4b0/0x778 [ 44.355413][ T6518] commit_merge+0x1a4/0x5b0 [ 44.355426][ T6518] vma_merge_existing_range+0x1388/0x1964 [ 44.355440][ T6518] vma_modify+0x7c/0x424 [ 44.355452][ T6518] vma_modify_flags+0x18c/0x1dc [ 44.355465][ T6518] mlock_fixup+0x18c/0x2c4 [ 44.355477][ T6518] apply_mlockall_flags+0x290/0x344 [ 44.355489][ T6518] __arm64_sys_munlockall+0x11c/0x238 [ 44.355500][ T6518] invoke_syscall+0x98/0x2b8 [ 44.355511][ T6518] el0_svc_common+0x130/0x23c [ 44.355521][ T6518] do_el0_svc+0x48/0x58 [ 44.355531][ T6518] el0_svc+0x58/0x17c [ 44.355544][ T6518] el0t_64_sync_handler+0x78/0x108 [ 44.355557][ T6518] el0t_64_sync+0x198/0x19c [ 44.355729][ T6518] vmg ffff8000a0be7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.355752][ T6518] vmg ffff8000a0be7a60 state: mm ffff0000cbee9980 pgoff 20000 [ 44.355752][ T6518] vmi ffff8000a0be7c40 [20000000,20800000) [ 44.355752][ T6518] prev ffff0000cc5808c0 middle ffff0000cc5808c0 next 0000000000000000 target 0000000000000000 [ 44.355752][ T6518] start 20000000 end 20800000 flags 100077 [ 44.355752][ T6518] file 0000000000000000 anon_vma ffff0000d22bedd0 policy 0000000000000000 [ 44.355752][ T6518] uffd_ctx 0000000000000000 [ 44.355752][ T6518] anon_name 0000000000000000 [ 44.355752][ T6518] state 0 [ 44.355752][ T6518] just_expand 0 [ 44.355752][ T6518] __adjust_middle_start 0 __adjust_next_start 0 [ 44.355752][ T6518] __remove_middle 0 __remove_next 0 [ 44.355812][ T6518] vmg ffff8000a0be7a60 mm: [ 44.355831][ T6518] mm ffff0000cbee9980 task_size 281474976710656 [ 44.355831][ T6518] mmap_base 281473148436480 mmap_legacy_base 0 [ 44.355831][ T6518] pgd ffff0000cbbb9000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 44.355831][ T6518] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.355831][ T6518] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.355831][ T6518] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 44.355831][ T6518] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 44.355831][ T6518] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 44.355831][ T6518] binfmt ffff80008f670700 flags 8000008d [ 44.355831][ T6518] ioctx_table 0000000000000000 [ 44.355831][ T6518] owner ffff0000cc401e80 exe_file ffff0000d4cb41c0 [ 44.355831][ T6518] notifier_subscriptions 0000000000000000 [ 44.355831][ T6518] numa_next_scan 4294941787 numa_scan_offset 0 numa_scan_seq 0 [ 44.355831][ T6518] tlb_flush_pending 0 [ 44.355831][ T6518] def_flags: 0x0() [ 44.355911][ T6518] vmg ffff8000a0be7a60 prev: [ 44.355928][ T6518] vma ffff0000cc5808c0 start 0000000020000000 end 0000000020800000 mm ffff0000cbee9980 [ 44.355928][ T6518] prot 20000000000fc3 anon_vma ffff0000d22bedd0 vm_ops 0000000000000000 [ 44.355928][ T6518] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.355928][ T6518] refcnt 1 [ 44.355928][ T6518] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.355975][ T6518] vmg ffff8000a0be7a60 middle: [ 44.355992][ T6518] vma ffff0000cc5808c0 start 0000000020000000 end 0000000020800000 mm ffff0000cbee9980 [ 44.355992][ T6518] prot 20000000000fc3 anon_vma ffff0000d22bedd0 vm_ops 0000000000000000 [ 44.355992][ T6518] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.355992][ T6518] refcnt 1 [ 44.355992][ T6518] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.356031][ T6518] vmg ffff8000a0be7a60 next: (NULL) [ 44.356048][ T6518] vmg ffff8000a0be7a60 vmi: [ 44.356065][ T6518] MAS: tree=ffff0000cbee99c0 enode=ffff0000c1c2000c [ 44.356078][ T6518] (ma_active) [ 44.356094][ T6518] Store Type: [ 44.356109][ T6518] node_store [ 44.356131][ T6518] [2/10] index=20000000 last=207fffff [ 44.356151][ T6518] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 44.356173][ T6518] maple_tree(ffff0000cbee99c0) flags 30B, height 2 root ffff0000ca167c1e [ 44.356195][ T6518] 0-ffffffffffffffff: node ffff0000ca167c00 depth 0 type 3 parent ffff0000cbee99c1 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000c1c2000c FFFF93059FFF ffff0000d6ec160c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.356451][ T6518] 0-ffff93059fff: node ffff0000c1c20000 depth 1 type 1 parent ffff0000ca167c06 contents: 0000000000000000 1FFFEFFF ffff0000cc580780 1FFFFFFF ffff0000cc5808c0 207FFFFF ffff0000cbe3ac80 20FFFFFF ffff0000cc580a00 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cc580b40 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cc580c80 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cc580dc0 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.356668][ T6518] 0-1fffefff: 0000000000000000 [ 44.356696][ T6518] 1ffff000-1fffffff: ffff0000cc580780 [ 44.356725][ T6518] 20000000-207fffff: ffff0000cc5808c0 [ 44.356754][ T6518] 20800000-20ffffff: ffff0000cbe3ac80 [ 44.356782][ T6518] 21000000-21000fff: ffff0000cc580a00 [ 44.356811][ T6518] 21001000-aaaad5929fff: 0000000000000000 [ 44.356839][ T6518] aaaad592a000-aaaad594bfff: ffff0000cc580b40 [ 44.356868][ T6518] aaaad594c000-ffff92fbffff: 0000000000000000 [ 44.356897][ T6518] ffff92fc0000-ffff9304bfff: ffff0000cc580c80 [ 44.356926][ T6518] ffff9304c000-ffff93055fff: 0000000000000000 [ 44.356955][ T6518] ffff93056000-ffff93059fff: ffff0000cc580dc0 [ 44.356988][ T6518] ffff9305a000-ffffffffffffffff: node ffff0000d6ec1600 depth 1 type 1 parent ffff0000ca167c0e contents: ffff0000cbbc9000 FFFF9305BFFF ffff0000cbbc9140 FFFF9305FFFF ffff0000cbbc9280 FFFF93062FFF ffff0000cbbc93c0 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cbbc9500 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.357203][ T6518] ffff9305a000-ffff9305bfff: ffff0000cbbc9000 [ 44.357232][ T6518] ffff9305c000-ffff9305ffff: ffff0000cbbc9140 [ 44.357262][ T6518] ffff93060000-ffff93062fff: ffff0000cbbc9280 [ 44.357296][ T6518] ffff93063000-ffff93068fff: ffff0000cbbc93c0 [ 44.357325][ T6518] ffff93069000-ffffd1a12fff: 0000000000000000 [ 44.357353][ T6518] ffffd1a13000-ffffd1a33fff: ffff0000cbbc9500 [ 44.357383][ T6518] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 44.357509][ T6518] ------------[ cut here ]------------ [ 44.357521][ T6518] WARNING: CPU: 0 PID: 6518 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.552312][ T6518] Modules linked in: [ 44.553432][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.557027][ T6518] Tainted: [W]=WARN [ 44.558127][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.560982][ T6518] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.563167][ T6518] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.564908][ T6518] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.566648][ T6518] sp : ffff8000a0be7910 [ 44.567826][ T6518] x29: ffff8000a0be7990 x28: dfff800000000000 x27: 0000000000000001 [ 44.570151][ T6518] x26: 0000000020000000 x25: ffff8000a0be7a80 x24: 0000000020000000 [ 44.572437][ T6518] x23: 1ffff0001417cf50 x22: ffff0000cc5808c0 x21: 0000000020800000 [ 44.574565][ T6518] x20: ffff0000cc5808c0 x19: ffff8000a0be7a60 x18: 0000000000000000 [ 44.576804][ T6518] x17: 0000000000000000 x16: ffff80008ad27e48 x15: ffff700011e740c0 [ 44.579029][ T6518] x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff [ 44.581232][ T6518] x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.583398][ T6518] x8 : ffff0000cc401e80 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.585576][ T6518] x5 : ffff8000a0be6ef8 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 [ 44.587783][ T6518] x2 : 0000000000000000 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.590072][ T6518] Call trace: [ 44.591029][ T6518] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.592748][ T6518] vma_modify+0x7c/0x424 [ 44.593966][ T6518] vma_modify_flags+0x18c/0x1dc [ 44.595326][ T6518] mlock_fixup+0x18c/0x2c4 [ 44.596542][ T6518] apply_mlockall_flags+0x290/0x344 [ 44.597987][ T6518] __arm64_sys_munlockall+0x11c/0x238 [ 44.599488][ T6518] invoke_syscall+0x98/0x2b8 [ 44.600801][ T6518] el0_svc_common+0x130/0x23c [ 44.602129][ T6518] do_el0_svc+0x48/0x58 [ 44.603283][ T6518] el0_svc+0x58/0x17c [ 44.604407][ T6518] el0t_64_sync_handler+0x78/0x108 [ 44.605899][ T6518] el0t_64_sync+0x198/0x19c [ 44.607139][ T6518] irq event stamp: 13986 [ 44.608361][ T6518] hardirqs last enabled at (13985): [] __console_unlock+0x70/0xc4 [ 44.611046][ T6518] hardirqs last disabled at (13986): [] el1_dbg+0x24/0x80 [ 44.613472][ T6518] softirqs last enabled at (9294): [] handle_softirqs+0xaf8/0xc88 [ 44.616133][ T6518] softirqs last disabled at (9279): [] __do_softirq+0x14/0x20 [ 44.618568][ T6518] ---[ end trace 0000000000000000 ]--- executing program [ 44.688838][ T6519] FAULT_INJECTION: forcing a failure. [ 44.688838][ T6519] name fails ** replaying previous printk message ** [ 44.688838][ T6519] FAULT_INJECTION: forcing a failure. [ 44.688838][ T6519] name failslab, interval 1, probability 0, space 0, times 0 [ 44.688914][ T6519] CPU: 1 UID: 0 PID: 6519 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.688930][ T6519] Tainted: [W]=WARN [ 44.688935][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.688942][ T6519] Call trace: [ 44.688946][ T6519] show_stack+0x2c/0x3c (C) [ 44.688963][ T6519] __dump_stack+0x30/0x40 [ 44.688975][ T6519] dump_stack_lvl+0xd8/0x12c [ 44.688986][ T6519] dump_stack+0x1c/0x28 [ 44.688996][ T6519] should_fail_ex+0x41c/0x594 [ 44.689008][ T6519] should_failslab+0xc0/0x128 [ 44.689022][ T6519] kmem_cache_alloc_noprof+0x80/0x3e8 [ 44.689037][ T6519] mas_alloc_nodes+0x268/0x788 [ 44.689050][ T6519] mas_preallocate+0x4b0/0x778 [ 44.689062][ T6519] commit_merge+0x1a4/0x5b0 [ 44.689076][ T6519] vma_merge_existing_range+0x1388/0x1964 [ 44.689090][ T6519] vma_modify+0x7c/0x424 [ 44.689102][ T6519] vma_modify_flags+0x18c/0x1dc [ 44.689115][ T6519] mlock_fixup+0x18c/0x2c4 [ 44.689128][ T6519] apply_mlockall_flags+0x290/0x344 [ 44.689139][ T6519] __arm64_sys_munlockall+0x11c/0x238 [ 44.689151][ T6519] invoke_syscall+0x98/0x2b8 [ 44.689161][ T6519] el0_svc_common+0x130/0x23c [ 44.689172][ T6519] do_el0_svc+0x48/0x58 [ 44.689182][ T6519] el0_svc+0x58/0x17c [ 44.689195][ T6519] el0t_64_sync_handler+0x78/0x108 [ 44.689208][ T6519] el0t_64_sync+0x198/0x19c [ 44.689225][ T6519] vmg ffff8000a0bd7a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 44.689425][ T6519] vmg ffff8000a0bd7a60 state: mm ffff0000cbeea200 pgoff 20000 [ 44.689425][ T6519] vmi ffff8000a0bd7c40 [20000000,20800000) [ 44.689425][ T6519] prev ffff0000cbbc9780 middle ffff0000cbbc9780 next 0000000000000000 target 0000000000000000 [ 44.689425][ T6519] start 20000000 end 20800000 flags 100077 [ 44.689425][ T6519] file 0000000000000000 anon_vma ffff0000cbbca880 policy 0000000000000000 [ 44.689425][ T6519] uffd_ctx 0000000000000000 [ 44.689425][ T6519] anon_name 0000000000000000 [ 44.689425][ T6519] state 0 [ 44.689425][ T6519] just_expand 0 [ 44.689425][ T6519] __adjust_middle_start 0 __adjust_next_start 0 [ 44.689425][ T6519] __remove_middle 0 __remove_next 0 [ 44.689480][ T6519] vmg ffff8000a0bd7a60 mm: [ 44.689498][ T6519] mm ffff0000cbeea200 task_size 281474976710656 [ 44.689498][ T6519] mmap_base 281473148436480 mmap_legacy_base 0 [ 44.689498][ T6519] pgd ffff0000cbf52000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 44.689498][ T6519] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 44.689498][ T6519] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 44.689498][ T6519] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 44.689498][ T6519] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 44.689498][ T6519] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 44.689498][ T6519] binfmt ffff80008f670700 flags 8000008d [ 44.689498][ T6519] ioctx_table 0000000000000000 [ 44.689498][ T6519] owner ffff0000cc403d00 exe_file ffff0000d4cb41c0 [ 44.689498][ T6519] notifier_subscriptions 0000000000000000 [ 44.689498][ T6519] numa_next_scan 4294941820 numa_scan_offset 0 numa_scan_seq 0 [ 44.689498][ T6519] tlb_flush_pending 0 [ 44.689498][ T6519] def_flags: 0x0() [ 44.689579][ T6519] vmg ffff8000a0bd7a60 prev: [ 44.689597][ T6519] vma ffff0000cbbc9780 start 0000000020000000 end 0000000020800000 mm ffff0000cbeea200 [ 44.689597][ T6519] prot 20000000000fc3 anon_vma ffff0000cbbca880 vm_ops 0000000000000000 [ 44.689597][ T6519] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.689597][ T6519] refcnt 1 [ 44.689597][ T6519] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.689638][ T6519] vmg ffff8000a0bd7a60 middle: [ 44.689655][ T6519] vma ffff0000cbbc9780 start 0000000020000000 end 0000000020800000 mm ffff0000cbeea200 [ 44.689655][ T6519] prot 20000000000fc3 anon_vma ffff0000cbbca880 vm_ops 0000000000000000 [ 44.689655][ T6519] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 44.689655][ T6519] refcnt 1 [ 44.689655][ T6519] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 44.689694][ T6519] vmg ffff8000a0bd7a60 next: (NULL) [ 44.689711][ T6519] vmg ffff8000a0bd7a60 vmi: [ 44.689728][ T6519] MAS: tree=ffff0000cbeea240 enode=ffff0000d1bc0c0c [ 44.689741][ T6519] (ma_active) [ 44.689757][ T6519] Store Type: [ 44.689773][ T6519] node_store [ 44.689794][ T6519] [2/10] index=20000000 last=207fffff [ 44.689815][ T6519] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 44.689837][ T6519] maple_tree(ffff0000cbeea240) flags 30B, height 2 root ffff0000d6ec1c1e [ 44.689858][ T6519] 0-ffffffffffffffff: node ffff0000d6ec1c00 depth 0 type 3 parent ffff0000cbeea241 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d1bc0c0c FFFF93059FFF ffff0000d6ec0e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 44.690112][ T6519] 0-ffff93059fff: node ffff0000d1bc0c00 depth 1 type 1 parent ffff0000d6ec1c06 contents: 0000000000000000 1FFFEFFF ffff0000cbbc9640 1FFFFFFF ffff0000cbbc9780 207FFFFF ffff0000cbc09640 20FFFFFF ffff0000cbbc98c0 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cbbc9a00 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cbbc9b40 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cbbc9c80 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 44.690343][ T6519] 0-1fffefff: 0000000000000000 [ 44.690371][ T6519] 1ffff000-1fffffff: ffff0000cbbc9640 [ 44.690400][ T6519] 20000000-207fffff: ffff0000cbbc9780 [ 44.690429][ T6519] 20800000-20ffffff: ffff0000cbc09640 [ 44.690458][ T6519] 21000000-21000fff: ffff0000cbbc98c0 [ 44.690487][ T6519] 21001000-aaaad5929fff: 0000000000000000 [ 44.690516][ T6519] aaaad592a000-aaaad594bfff: ffff0000cbbc9a00 [ 44.690545][ T6519] aaaad594c000-ffff92fbffff: 0000000000000000 [ 44.690574][ T6519] ffff92fc0000-ffff9304bfff: ffff0000cbbc9b40 [ 44.690604][ T6519] ffff9304c000-ffff93055fff: 0000000000000000 [ 44.690633][ T6519] ffff93056000-ffff93059fff: ffff0000cbbc9c80 [ 44.690663][ T6519] ffff9305a000-ffffffffffffffff: node ffff0000d6ec0e00 depth 1 type 1 parent ffff0000d6ec1c0e contents: ffff0000cbbc9dc0 FFFF9305BFFF ffff0000cbc09000 FFFF9305FFFF ffff0000cbc09140 FFFF93062FFF ffff0000cbc09280 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cbc093c0 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006 [ 44.690881][ T6519] ffff9305a000-ffff9305bfff: ffff0000cbbc9dc0 [ 44.690911][ T6519] ffff9305c000-ffff9305ffff: ffff0000cbc09000 [ 44.690940][ T6519] ffff93060000-ffff93062fff: ffff0000cbc09140 [ 44.690969][ T6519] ffff93063000-ffff93068fff: ffff0000cbc09280 [ 44.690999][ T6519] ffff93069000-ffffd1a12fff: 0000000000000000 [ 44.691028][ T6519] ffffd1a13000-ffffd1a33fff: ffff0000cbc093c0 [ 44.691057][ T6519] ffffd1a34000-ffffffffffffffff: 0000000000000000 [ 44.691187][ T6519] ------------[ cut here ]------------ [ 44.691200][ T6519] WARNING: CPU: 1 PID: 6519 at mm/vma.c:768 vma_merge_existing_range+0x14a8/0x1964 [ 44.885888][ T6519] Modules linked in: [ 44.886970][ T6519] CPU: 1 UID: 0 PID: 6519 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 44.890544][ T6519] Tainted: [W]=WARN [ 44.891596][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.894417][ T6519] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 44.896581][ T6519] pc : vma_merge_existing_range+0x14a8/0x1964 [ 44.898225][ T6519] lr : vma_merge_existing_range+0x14a8/0x1964 [ 44.899843][ T6519] sp : ffff8000a0bd7910 [ 44.900947][ T6519] x29: ffff8000a0bd7990 x28: dfff800000000000 x27: 0000000000000001 [ 44.903089][ T6519] x26: 0000000020000000 x25: ffff8000a0bd7a80 x24: 0000000020000000 [ 44.905259][ T6519] x23: 1ffff0001417af50 x22: ffff0000cbbc9780 x21: 0000000020800000 [ 44.907459][ T6519] x20: ffff0000cbbc9780 x19: ffff8000a0bd7a60 x18: 0000000000000000 [ 44.909766][ T6519] x17: 0000000000000000 x16: ffff80008adbe9e4 x15: 0000000000000001 [ 44.911929][ T6519] x14: 1fffe0003386f2e2 x13: 0000000000000000 x12: 0000000000000000 [ 44.914080][ T6519] x11: ffff60003386f2e3 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.916184][ T6519] x8 : ffff0000cc403d00 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.918394][ T6519] x5 : ffff8000a0bd6ef8 x4 : ffff80008f415ba0 x3 : ffff8000807b4b68 [ 44.920573][ T6519] x2 : 0000000000000001 x1 : ffffffffffffffff x0 : ffffffffffffffff [ 44.922702][ T6519] Call trace: [ 44.923545][ T6519] vma_merge_existing_range+0x14a8/0x1964 (P) [ 44.925173][ T6519] vma_modify+0x7c/0x424 [ 44.926308][ T6519] vma_modify_flags+0x18c/0x1dc [ 44.927656][ T6519] mlock_fixup+0x18c/0x2c4 [ 44.928823][ T6519] apply_mlockall_flags+0x290/0x344 [ 44.930195][ T6519] __arm64_sys_munlockall+0x11c/0x238 [ 44.931640][ T6519] invoke_syscall+0x98/0x2b8 [ 44.932863][ T6519] el0_svc_common+0x130/0x23c [ 44.934103][ T6519] do_el0_svc+0x48/0x58 [ 44.935204][ T6519] el0_svc+0x58/0x17c [ 44.936263][ T6519] el0t_64_sync_handler+0x78/0x108 [ 44.937668][ T6519] el0t_64_sync+0x198/0x19c [ 44.938888][ T6519] irq event stamp: 14144 [ 44.940064][ T6519] hardirqs last enabled at (14143): [] __console_unlock+0x70/0xc4 [ 44.942605][ T6519] hardirqs last disabled at (14144): [] el1_dbg+0x24/0x80 [ 44.944931][ T6519] softirqs last enabled at (8458): [] handle_softirqs+0xaf8/0xc88 [ 44.947427][ T6519] softirqs last disabled at (8243): [] __do_softirq+0x14/0x20 [ 44.949812][ T6519] ---[ end trace 0000000000000000 ]--- executing program [ 45.028695][ T6520] FAULT_INJECTION: forcing a failure. [ 45.028695][ T6520] name failslab, interval 1, probability 0, space 0, times 0 [ 45.028768][ T6520] CPU: 1 UID: 0 PID: 6520 Comm: syz-executor371 Tainted: G W ** replaying previous printk message ** [ 45.028768][ T6520] CPU: 1 UID: 0 PID: 6520 Comm: syz-executor371 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 45.028786][ T6520] Tainted: [W]=WARN [ 45.028791][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.028798][ T6520] Call trace: [ 45.028802][ T6520] show_stack+0x2c/0x3c (C) [ 45.028819][ T6520] __dump_stack+0x30/0x40 [ 45.028831][ T6520] dump_stack_lvl+0xd8/0x12c [ 45.028841][ T6520] dump_stack+0x1c/0x28 [ 45.028850][ T6520] should_fail_ex+0x41c/0x594 [ 45.028863][ T6520] should_failslab+0xc0/0x128 [ 45.028876][ T6520] kmem_cache_alloc_noprof+0x80/0x3e8 [ 45.028891][ T6520] mas_alloc_nodes+0x268/0x788 [ 45.028904][ T6520] mas_preallocate+0x4b0/0x778 [ 45.028916][ T6520] commit_merge+0x1a4/0x5b0 [ 45.028929][ T6520] vma_merge_existing_range+0x1388/0x1964 [ 45.028943][ T6520] vma_modify+0x7c/0x424 [ 45.028955][ T6520] vma_modify_flags+0x18c/0x1dc [ 45.028967][ T6520] mlock_fixup+0x18c/0x2c4 [ 45.028979][ T6520] apply_mlockall_flags+0x290/0x344 [ 45.028991][ T6520] __arm64_sys_munlockall+0x11c/0x238 [ 45.029002][ T6520] invoke_syscall+0x98/0x2b8 [ 45.029013][ T6520] el0_svc_common+0x130/0x23c [ 45.029023][ T6520] do_el0_svc+0x48/0x58 [ 45.029033][ T6520] el0_svc+0x58/0x17c [ 45.029047][ T6520] el0t_64_sync_handler+0x78/0x108 [ 45.029060][ T6520] el0t_64_sync+0x198/0x19c [ 45.029493][ T6520] vmg ffff8000a4217a60 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 45.029518][ T6520] vmg ffff8000a4217a60 state: mm ffff0000c9ebb300 pgoff 20000 [ 45.029518][ T6520] vmi ffff8000a4217c40 [20000000,20800000) [ 45.029518][ T6520] prev ffff0000cbbbe000 middle ffff0000cbbbe000 next 0000000000000000 target 0000000000000000 [ 45.029518][ T6520] start 20000000 end 20800000 flags 100077 [ 45.029518][ T6520] file 0000000000000000 anon_vma ffff0000cbbcaaa0 policy 0000000000000000 [ 45.029518][ T6520] uffd_ctx 0000000000000000 [ 45.029518][ T6520] anon_name 0000000000000000 [ 45.029518][ T6520] state 0 [ 45.029518][ T6520] just_expand 0 [ 45.029518][ T6520] __adjust_middle_start 0 __adjust_next_start 0 [ 45.029518][ T6520] __remove_middle 0 __remove_next 0 [ 45.029572][ T6520] vmg ffff8000a4217a60 mm: [ 45.029590][ T6520] mm ffff0000c9ebb300 task_size 281474976710656 [ 45.029590][ T6520] mmap_base 281473148436480 mmap_legacy_base 0 [ 45.029590][ T6520] pgd ffff0000cbf52000 mm_users 1 mm_count 1 pgtables_bytes 61440 map_count 12 [ 45.029590][ T6520] hiwater_rss 60 hiwater_vm 94e4 total_vm 10e4 locked_vm 800 [ 45.029590][ T6520] pinned_vm 0 data_vm 102b exec_vm 8e stack_vm 21 [ 45.029590][ T6520] start_code ffff92fc0000 end_code ffff9304ba28 start_data ffff9305c5c0 end_data ffff930620e8 [ 45.029590][ T6520] start_brk aaaad592a000 brk aaaad594c000 start_stack ffffd1a32ec0 [ 45.029590][ T6520] arg_start ffffd1a33efa arg_end ffffd1a33f13 env_start ffffd1a33f13 env_end ffffd1a33fdf [ 45.029590][ T6520] binfmt ffff80008f670700 flags 8000008d [ 45.029590][ T6520] ioctx_table 0000000000000000 [ 45.029590][ T6520] owner ffff0000dd275b80 exe_file ffff0000d4cb41c0 [ 45.029590][ T6520] notifier_subscriptions 0000000000000000 [ 45.029590][ T6520] numa_next_scan 4294941854 numa_scan_offset 0 numa_scan_seq 0 [ 45.029590][ T6520] tlb_flush_pending 0 [ 45.029590][ T6520] def_flags: 0x0() [ 45.029670][ T6520] vmg ffff8000a4217a60 prev: [ 45.029687][ T6520] vma ffff0000cbbbe000 start 0000000020000000 end 0000000020800000 mm ffff0000c9ebb300 [ 45.029687][ T6520] prot 20000000000fc3 anon_vma ffff0000cbbcaaa0 vm_ops 0000000000000000 [ 45.029687][ T6520] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.029687][ T6520] refcnt 1 [ 45.029687][ T6520] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.029727][ T6520] vmg ffff8000a4217a60 middle: [ 45.029744][ T6520] vma ffff0000cbbbe000 start 0000000020000000 end 0000000020800000 mm ffff0000c9ebb300 [ 45.029744][ T6520] prot 20000000000fc3 anon_vma ffff0000cbbcaaa0 vm_ops 0000000000000000 [ 45.029744][ T6520] pgoff 20000 file 0000000000000000 private_data 0000000000000000 [ 45.029744][ T6520] refcnt 1 [ 45.029744][ T6520] flags: 0x102077(read|write|exec|mayread|maywrite|mayexec|locked|account) [ 45.029783][ T6520] vmg ffff8000a4217a60 next: (NULL) [ 45.029800][ T6520] vmg ffff8000a4217a60 vmi: [ 45.029817][ T6520] MAS: tree=ffff0000c9ebb340 enode=ffff0000d1bc180c [ 45.029830][ T6520] (ma_active) [ 45.029845][ T6520] Store Type: [ 45.029861][ T6520] node_store [ 45.029883][ T6520] [2/10] index=20000000 last=207fffff [ 45.029903][ T6520] min=0 max=ffff93059fff alloc=0000000000000000, depth=1, flags=0 [ 45.029924][ T6520] maple_tree(ffff0000c9ebb340) flags 30B, height 2 root ffff0000c7b8921e [ 45.029947][ T6520] 0-ffffffffffffffff: node ffff0000c7b89200 depth 0 type 3 parent ffff0000c9ebb341 contents: aaaab4929000 ffff00002e5cc000 0 0 0 0 0 0 0 0 | 01 01| ffff0000d1bc180c FFFF93059FFF ffff0000c7b88e0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 45.030197][ T6520] 0-ffff93059fff: node ffff0000d1bc1800 depth 1 type 1 parent ffff0000c7b89206 contents: 0000000000000000 1FFFEFFF ffff0000cbe3adc0 1FFFFFFF ffff0000cbbbe000 207FFFFF ffff0000cbc098c0 20FFFFFF ffff0000cbbbe140 21000FFF 0000000000000000 AAAAD5929FFF ffff0000cbbbe280 AAAAD594BFFF 0000000000000000 FFFF92FBFFFF ffff0000cbbbe3c0 FFFF9304BFFF 0000000000000000 FFFF93055FFF ffff0000cbbbe500 FFFF93059FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 45.030424][ T6520] 0-1fffefff: 0000000000000000 [ 45.030452][ T6520] 1ffff000-1fffffff: ffff0000cbe3adc0 [ 45.030486][ T6520] 20000000-207fffff: ffff0000cbbbe000 [ 45.030515][ T6520] 20800000-20ffffff: ffff0000cbc098c0 [ 45.030543][ T6520] 21000000-21000fff: ffff0000cbbbe140 [ 45.030572][ T6520] 21001000-aaaad5929fff: 0000000000000000 [ 45.030600][ T6520] aaaad592a000-aaaad594bfff: ffff0000cbbbe280 [ 45.030630][ T6520] aaaad594c000-ffff92fbffff: 0000000000000000 [ 45.030658][ T6520] ffff92fc0000-ffff9304bfff: ffff0000cbbbe3c0 [ 45.030688][ T6520] ffff9304c000-ffff93055fff: 0000000000000000 [ 45.030716][ T6520] ffff93056000-ffff93059fff: ffff0000cbbbe500 [ 45.030745][ T6520] ffff9305a000-ffffffffffffffff: node ffff0000c7b88e00 depth 1 type 1 parent ffff0000c7b8920e contents: ffff0000cbbbe640 FFFF9305BFFF ffff0000cbbbe780 FFFF9305FFFF ffff0000cbbbe8c0 FFFF93062FFF ffff0000cbbbea00 FFFF93068FFF 0000000000000000 FFFFD1A12FFF ffff0000cbbbeb40 FFFFD1A33FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000006