------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017120
x29: ffff800080017240 x28: ffff0001ffbd2fff x27: ffff0001fec50fe8
x26: ffff0001ffbd3000 x25: dfff800000000000 x24: ffff0001ffbd2000
x23: ffff0001fea8ee90 x22: 0000000000000500 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 00000000ffffffff
x17: ffff800092f37000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb99e x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb99f x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017320 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000500 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 kfree_skbmem+0x14c/0x1dc net/core/skbuff.c:-1
 __kfree_skb net/core/skbuff.c:1177 [inline]
 consume_skb+0xb8/0x130 net/core/skbuff.c:1408
 ifb_xmit+0x174/0x53c drivers/net/ifb.c:346
 __netdev_start_xmit include/linux/netdevice.h:5203 [inline]
 netdev_start_xmit include/linux/netdevice.h:5212 [inline]
 xmit_one net/core/dev.c:3776 [inline]
 dev_hard_start_xmit+0x2b0/0x8ac net/core/dev.c:3792
 sch_direct_xmit+0x1fc/0x468 net/sched/sch_generic.c:343
 __dev_xmit_skb net/core/dev.c:4018 [inline]
 __dev_queue_xmit+0x13b4/0x31f0 net/core/dev.c:4595
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 lapbeth_data_transmit+0x1fc/0x2a8 drivers/net/wan/lapbether.c:260
 lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
 lapb_transmit_buffer+0x160/0x208 net/lapb/lapb_out.c:149
 lapb_send_control+0x21c/0x320 net/lapb/lapb_subr.c:251
 lapb_t1timer_expiry+0x490/0x864 net/lapb/lapb_timer.c:-1
 call_timer_fn+0x1b4/0x818 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x51c/0x76c kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xcc/0x194 kernel/time/timer.c:2445
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 181373
hardirqs last  enabled at (181372): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (181372): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (181373): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (181326): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (181326): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (181345): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017160
x29: ffff800080017280 x28: ffff0001ffbd6fff x27: ffff0001fec50fe8
x26: ffff0001ffbd7000 x25: dfff800000000000 x24: ffff0001ffbd6000
x23: ffff0001fea8eeb0 x22: 0000000000000500 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb99e x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb99f x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017360 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000500 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free_freelist_hook mm/slub.c:2394 [inline]
 slab_free_bulk mm/slub.c:4666 [inline]
 kmem_cache_free_bulk+0x490/0x51c mm/slub.c:5243
 kfree_skb_list_reason+0x3ac/0x418 net/core/skbuff.c:1264
 __dev_xmit_skb net/core/dev.c:4093 [inline]
 __dev_queue_xmit+0x1ac8/0x31f0 net/core/dev.c:4595
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 lapbeth_data_transmit+0x1fc/0x2a8 drivers/net/wan/lapbether.c:260
 lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
 lapb_transmit_buffer+0x160/0x208 net/lapb/lapb_out.c:149
 lapb_send_control+0x21c/0x320 net/lapb/lapb_subr.c:251
 lapb_t1timer_expiry+0x490/0x864 net/lapb/lapb_timer.c:-1
 call_timer_fn+0x1b4/0x818 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x51c/0x76c kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xcc/0x194 kernel/time/timer.c:2445
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 279817
hardirqs last  enabled at (279816): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (279816): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (279817): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (279790): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (279790): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (279797): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffbdafff x27: ffff0001fec50fe8
x26: ffff0001ffbdb000 x25: dfff800000000000 x24: ffff0001ffbda000
x23: ffff0001fea8eed0 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb98d x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb98e x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 281687
hardirqs last  enabled at (281686): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (281686): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (281687): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (281638): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (281638): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (281651): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffbeafff x27: ffff0001fec50fe8
x26: ffff0001ffbeb000 x25: dfff800000000000 x24: ffff0001ffbea000
x23: ffff0001fea8ef50 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb98d x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb98e x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 287103
hardirqs last  enabled at (287102): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (287102): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (287103): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (285874): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (285874): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (285881): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017120
x29: ffff800080017240 x28: ffff0001ffbf6fff x27: ffff0001fec50fe8
x26: ffff0001ffbf7000 x25: dfff800000000000 x24: ffff0001ffbf6000
x23: ffff0001fea8efb0 x22: 0000000000000500 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000a000ae x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb99e x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb99f x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017320 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000500 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 kfree_skbmem+0x14c/0x1dc net/core/skbuff.c:-1
 __kfree_skb net/core/skbuff.c:1177 [inline]
 consume_skb+0xb8/0x130 net/core/skbuff.c:1408
 ifb_xmit+0x174/0x53c drivers/net/ifb.c:346
 __netdev_start_xmit include/linux/netdevice.h:5203 [inline]
 netdev_start_xmit include/linux/netdevice.h:5212 [inline]
 xmit_one net/core/dev.c:3776 [inline]
 dev_hard_start_xmit+0x2b0/0x8ac net/core/dev.c:3792
 sch_direct_xmit+0x1fc/0x468 net/sched/sch_generic.c:343
 __dev_xmit_skb net/core/dev.c:4018 [inline]
 __dev_queue_xmit+0x13b4/0x31f0 net/core/dev.c:4595
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 lapbeth_data_transmit+0x1fc/0x2a8 drivers/net/wan/lapbether.c:260
 lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
 lapb_transmit_buffer+0x160/0x208 net/lapb/lapb_out.c:149
 lapb_send_control+0x21c/0x320 net/lapb/lapb_subr.c:251
 lapb_t1timer_expiry+0x490/0x864 net/lapb/lapb_timer.c:-1
 call_timer_fn+0x1b4/0x818 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x51c/0x76c kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xcc/0x194 kernel/time/timer.c:2445
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 preempt_count arch/arm64/include/asm/preempt.h:13 [inline] (P)
 check_kcov_mode kernel/kcov.c:183 [inline] (P)
 write_comp_data kernel/kcov.c:246 [inline] (P)
 __sanitizer_cov_trace_switch+0x68/0xe4 kernel/kcov.c:351 (P)
 vsnprintf+0xcc/0xd60 lib/vsprintf.c:2795
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 96525
hardirqs last  enabled at (96524): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (96524): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (96525): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (96044): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (96044): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (96501): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017160
x29: ffff800080017280 x28: ffff0001ffbfcfff x27: ffff0001fec50fe8
x26: ffff0001ffbfd000 x25: dfff800000000000 x24: ffff0001ffbfc000
x23: ffff0001fea8efe0 x22: 0000000000000500 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb99e x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb99f x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017360 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000500 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free_freelist_hook mm/slub.c:2394 [inline]
 slab_free_bulk mm/slub.c:4666 [inline]
 kmem_cache_free_bulk+0x490/0x51c mm/slub.c:5243
 kfree_skb_list_reason+0x3ac/0x418 net/core/skbuff.c:1264
 __dev_xmit_skb net/core/dev.c:4093 [inline]
 __dev_queue_xmit+0x1ac8/0x31f0 net/core/dev.c:4595
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 lapbeth_data_transmit+0x1fc/0x2a8 drivers/net/wan/lapbether.c:260
 lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
 lapb_transmit_buffer+0x160/0x208 net/lapb/lapb_out.c:149
 lapb_send_control+0x21c/0x320 net/lapb/lapb_subr.c:251
 lapb_t1timer_expiry+0x490/0x864 net/lapb/lapb_timer.c:-1
 call_timer_fn+0x1b4/0x818 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x51c/0x76c kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xcc/0x194 kernel/time/timer.c:2445
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __sanitizer_cov_trace_const_cmp4+0x8/0xa0 kernel/kcov.c:313 (P)
 mas_state_walk lib/maple_tree.c:3598 [inline]
 mas_walk+0x6c/0x25c lib/maple_tree.c:4905
 lock_vma_under_rcu+0x18c/0x634 mm/memory.c:6553
 do_page_fault+0x3c4/0x1554 arch/arm64/mm/fault.c:619
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 112983
hardirqs last  enabled at (112982): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (112982): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (112983): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (112022): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (112022): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (112957): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa16fff x27: ffff0001fec50fe8
x26: ffff0001ffa17000 x25: dfff800000000000 x24: ffff0001ffa16000
x23: ffff0001fea8e0b0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335207
hardirqs last  enabled at (335206): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335206): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335207): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa18fff x27: ffff0001fec50fe8
x26: ffff0001ffa19000 x25: dfff800000000000 x24: ffff0001ffa18000
x23: ffff0001fea8e0c0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335223
hardirqs last  enabled at (335222): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335222): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335223): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa1afff x27: ffff0001fec50fe8
x26: ffff0001ffa1b000 x25: dfff800000000000 x24: ffff0001ffa1a000
x23: ffff0001fea8e0d0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335241
hardirqs last  enabled at (335240): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335240): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335241): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa1cfff x27: ffff0001fec50fe8
x26: ffff0001ffa1d000 x25: dfff800000000000 x24: ffff0001ffa1c000
x23: ffff0001fea8e0e0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335259
hardirqs last  enabled at (335258): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335258): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335259): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa1efff x27: ffff0001fec50fe8
x26: ffff0001ffa1f000 x25: dfff800000000000 x24: ffff0001ffa1e000
x23: ffff0001fea8e0f0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335275
hardirqs last  enabled at (335274): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335274): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335275): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa20fff x27: ffff0001fec50fe8
x26: ffff0001ffa21000 x25: dfff800000000000 x24: ffff0001ffa20000
x23: ffff0001fea8e100 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335293
hardirqs last  enabled at (335292): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335292): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335293): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6479 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6479 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffbf4fff x27: ffff0001fec50fe8
x26: ffff0001ffbf5000 x25: dfff800000000000 x24: ffff0001ffbf4000
x23: ffff0001fea8efa0 x22: 0000000000000100 x21: ffff0000c8e45b80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8e45b80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 vsnprintf+0x4b4/0xd60 lib/vsprintf.c:2839 (P)
 seq_vprintf fs/seq_file.c:391 [inline]
 seq_printf+0x148/0x22c fs/seq_file.c:406
 s_show+0x194/0x294 kernel/kallsyms.c:743
 seq_read_iter+0x85c/0xc2c fs/seq_file.c:272
 seq_read+0x238/0x33c fs/seq_file.c:162
 pde_read fs/proc/inode.c:308 [inline]
 proc_reg_read+0x17c/0x2d4 fs/proc/inode.c:320
 vfs_read+0x22c/0x898 fs/read_write.c:568
 ksys_read+0x120/0x210 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:720
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 335311
hardirqs last  enabled at (335310): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (335310): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (335311): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (334548): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (334548): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (335121): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffa30fff x27: ffff0001fec50fe8
x26: ffff0001ffa31000 x25: dfff800000000000 x24: ffff0001ffa30000
x23: ffff0001fea8e180 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: 0000000000000001 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9d6 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9d7 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 288207
hardirqs last  enabled at (288206): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (288206): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (288207): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (288164): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (288164): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (288189): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6482 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6482 Comm: sh Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffa56fff x27: ffff0001fec50fe8
x26: ffff0001ffa57000 x25: dfff800000000000 x24: ffff0001ffa56000
x23: ffff0001fea8e2b0 x22: 0000000000000100 x21: ffff0000dd818000
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfba28 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfba29 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dd818000 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 validate_mm+0x1a8/0x41c mm/vma.c:624 (P)
 __split_vma+0x790/0x8d4 mm/vma.c:524
 split_vma mm/vma.c:553 [inline]
 vma_modify+0x2f0/0x424 mm/vma.c:1587
 vma_modify_flags+0x18c/0x1dc mm/vma.c:1605
 mprotect_fixup+0x254/0x750 mm/mprotect.c:658
 do_mprotect_pkey+0x864/0xb30 mm/mprotect.c:832
 __do_sys_mprotect mm/mprotect.c:853 [inline]
 __se_sys_mprotect mm/mprotect.c:850 [inline]
 __arm64_sys_mprotect+0x80/0x98 mm/mprotect.c:850
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 3859
hardirqs last  enabled at (3858): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (3858): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (3859): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1692): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (3845): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017140
x29: ffff800080017260 x28: ffff0001ffa58fff x27: ffff0001fec50fe8
x26: ffff0001ffa59000 x25: dfff800000000000 x24: ffff0001ffa58000
x23: ffff0001fea8e2c0 x22: 0000000000010000 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80008f31e000 x16: ffff80008adb82bc x15: ffff700010002e70
x14: 1ffff00010002e70 x13: 0000000000000004 x12: ffffffffffffffff
x11: 00000000c969eb7c x10: 0000000000ff0100 x9 : 0000000000010002
x8 : ffff0000c1a0db80 x7 : ffff800080c2c368 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017340 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_unprotect mm/kfence/core.c:252 [inline]
 kfence_guarded_alloc+0x2e8/0xb08 mm/kfence/core.c:459
 __kfence_alloc+0x394/0x45c mm/kfence/core.c:1138
 kfence_alloc include/linux/kfence.h:129 [inline]
 slab_alloc_node mm/slub.c:4180 [inline]
 __kmalloc_cache_noprof+0x358/0x3fc mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:905 [inline]
 slab_free_hook mm/slub.c:2332 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x168/0x550 mm/slub.c:4744
 mempool_free_slab+0x28/0x38 mm/mempool.c:566
 mempool_free+0xbc/0x2e8 mm/mempool.c:548
 bio_free+0x1fc/0x278 block/bio.c:237
 bio_put+0x1b8/0x934 block/bio.c:-1
 __read_end_io+0x2ec/0x358 fs/ext4/readpage.c:77
 mpage_end_io+0x80/0xf4 fs/ext4/readpage.c:171
 bio_endio+0x81c/0x858 block/bio.c:1551
 blk_complete_request block/blk-mq.c:885 [inline]
 blk_mq_end_request_batch+0x430/0x1014 block/blk-mq.c:1178
 nvme_complete_batch drivers/nvme/host/nvme.h:789 [inline]
 nvme_pci_complete_batch+0x4dc/0x500 drivers/nvme/host/pci.c:1077
 nvme_irq+0xa4/0x100 drivers/nvme/host/pci.c:1179
 __handle_irq_event_percpu+0x224/0x7cc kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0x9c/0x1d0 kernel/irq/handle.c:210
 handle_fasteoi_irq+0x3b0/0x8ec kernel/irq/chip.c:720
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:714 [inline]
 generic_handle_domain_irq+0xe0/0x140 kernel/irq/irqdesc.c:770
 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:874 [inline]
 __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:925 [inline]
 gic_handle_irq+0x6c/0x190 drivers/irqchip/irq-gic-v3.c:969
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:310
 __el1_irq arch/arm64/kernel/entry-common.c:583 [inline]
 el1_interrupt+0x34/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 291512
hardirqs last  enabled at (291511): [<ffff80008adb9c48>] default_idle_call+0xcc/0xfc kernel/sched/idle.c:124
hardirqs last disabled at (291512): [<ffff80008adb3770>] __el1_irq arch/arm64/kernel/entry-common.c:580 [inline]
hardirqs last disabled at (291512): [<ffff80008adb3770>] el1_interrupt+0x24/0x54 arch/arm64/kernel/entry-common.c:598
softirqs last  enabled at (291488): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (291488): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (291269): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:67 queue_pte_barriers arch/arm64/include/asm/pgtable.h:67 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:67 __set_pte_complete arch/arm64/include/asm/pgtable.h:387 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:67 __set_pte arch/arm64/include/asm/pgtable.h:393 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:67 change_page_range+0x188/0x1cc arch/arm64/mm/pageattr.c:48
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : queue_pte_barriers arch/arm64/include/asm/pgtable.h:67 [inline]
pc : __set_pte_complete arch/arm64/include/asm/pgtable.h:387 [inline]
pc : __set_pte arch/arm64/include/asm/pgtable.h:393 [inline]
pc : change_page_range+0x188/0x1cc arch/arm64/mm/pageattr.c:48
lr : queue_pte_barriers arch/arm64/include/asm/pgtable.h:67 [inline]
lr : __set_pte_complete arch/arm64/include/asm/pgtable.h:387 [inline]
lr : __set_pte arch/arm64/include/asm/pgtable.h:393 [inline]
lr : change_page_range+0x188/0x1cc arch/arm64/mm/pageattr.c:48
sp : ffff800080017100
x29: ffff800080017100 x28: ffff0001ffa58fff x27: ffff0001fec50fe8
x26: ffff0001ffa59000 x25: ffff0001ffa58000 x24: ffff0001ffa58000
x23: 006800023fa58707 x22: 0040000000000001 x21: dfff800000000000
x20: 0000000000010000 x19: ffff0000c1a0db80 x18: 1fffe0003386f276
x17: ffff80008f31e000 x16: ffff80008adb82bc x15: 0000000000000001
x14: 1fffe00018341b70 x13: 0000000000000000 x12: 0000000000000000
x11: ffff600018341b71 x10: 0000000000ff0100 x9 : 0000000000010002
x8 : ffff0000c1a0db80 x7 : ffff800080c2c368 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017340 x3 : ffff800080ac62d0
x2 : ffff800080017340 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
 queue_pte_barriers arch/arm64/include/asm/pgtable.h:67 [inline] (P)
 __set_pte_complete arch/arm64/include/asm/pgtable.h:387 [inline] (P)
 __set_pte arch/arm64/include/asm/pgtable.h:393 [inline] (P)
 change_page_range+0x188/0x1cc arch/arm64/mm/pageattr.c:48 (P)
 apply_to_pte_range mm/memory.c:2941 [inline]
 apply_to_pmd_range mm/memory.c:2985 [inline]
 apply_to_pud_range mm/memory.c:3021 [inline]
 apply_to_p4d_range mm/memory.c:3057 [inline]
 __apply_to_page_range+0xd58/0x13e4 mm/memory.c:3093
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_unprotect mm/kfence/core.c:252 [inline]
 kfence_guarded_alloc+0x2e8/0xb08 mm/kfence/core.c:459
 __kfence_alloc+0x394/0x45c mm/kfence/core.c:1138
 kfence_alloc include/linux/kfence.h:129 [inline]
 slab_alloc_node mm/slub.c:4180 [inline]
 __kmalloc_cache_noprof+0x358/0x3fc mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:905 [inline]
 slab_free_hook mm/slub.c:2332 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x168/0x550 mm/slub.c:4744
 mempool_free_slab+0x28/0x38 mm/mempool.c:566
 mempool_free+0xbc/0x2e8 mm/mempool.c:548
 bio_free+0x1fc/0x278 block/bio.c:237
 bio_put+0x1b8/0x934 block/bio.c:-1
 __read_end_io+0x2ec/0x358 fs/ext4/readpage.c:77
 mpage_end_io+0x80/0xf4 fs/ext4/readpage.c:171
 bio_endio+0x81c/0x858 block/bio.c:1551
 blk_complete_request block/blk-mq.c:885 [inline]
 blk_mq_end_request_batch+0x430/0x1014 block/blk-mq.c:1178
 nvme_complete_batch drivers/nvme/host/nvme.h:789 [inline]
 nvme_pci_complete_batch+0x4dc/0x500 drivers/nvme/host/pci.c:1077
 nvme_irq+0xa4/0x100 drivers/nvme/host/pci.c:1179
 __handle_irq_event_percpu+0x224/0x7cc kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0x9c/0x1d0 kernel/irq/handle.c:210
 handle_fasteoi_irq+0x3b0/0x8ec kernel/irq/chip.c:720
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq_desc kernel/irq/irqdesc.c:714 [inline]
 generic_handle_domain_irq+0xe0/0x140 kernel/irq/irqdesc.c:770
 __gic_handle_irq drivers/irqchip/irq-gic-v3.c:874 [inline]
 __gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:925 [inline]
 gic_handle_irq+0x6c/0x190 drivers/irqchip/irq-gic-v3.c:969
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_interrupt_handler+0xd4/0x138 arch/arm64/kernel/entry-common.c:310
 __el1_irq arch/arm64/kernel/entry-common.c:583 [inline]
 el1_interrupt+0x34/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 291512
hardirqs last  enabled at (291511): [<ffff80008adb9c48>] default_idle_call+0xcc/0xfc kernel/sched/idle.c:124
hardirqs last disabled at (291512): [<ffff80008adb3770>] __el1_irq arch/arm64/kernel/entry-common.c:580 [inline]
hardirqs last disabled at (291512): [<ffff80008adb3770>] el1_interrupt+0x24/0x54 arch/arm64/kernel/entry-common.c:598
softirqs last  enabled at (291488): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (291488): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (291269): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffa58fff x27: ffff0001fec50fe8
x26: ffff0001ffa59000 x25: dfff800000000000 x24: ffff0001ffa58000
x23: ffff0001fea8e2c0 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: 0000000000000000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb964 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb965 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 291635
hardirqs last  enabled at (291634): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (291634): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (291635): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (291606): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (291606): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (291619): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa5cfff x27: ffff0001fec50fe8
x26: ffff0001ffa5d000 x25: dfff800000000000 x24: ffff0001ffa5c000
x23: ffff0001fea8e2e0 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 292545
hardirqs last  enabled at (292544): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (292544): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (292545): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (292520): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (292520): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (292527): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 0 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa5efff x27: ffff0001fec50fe8
x26: ffff0001ffa5f000 x25: dfff800000000000 x24: ffff0001ffa5e000
x23: ffff0001fea8e2f0 x22: 0000000000000100 x21: ffff0000c1a0db80
x20: 100000023ea8e403 x19: 0000000000000001 x18: 1fffe0003386f276
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a0db80 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1d8/0x454 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 secondary_start_kernel+0x1b8/0x1e0 arch/arm64/kernel/smp.c:279
 __secondary_switched+0xc0/0xc4 arch/arm64/kernel/head.S:401
irq event stamp: 292641
hardirqs last  enabled at (292640): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (292640): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (292641): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (292520): [<ffff8000803ce71c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (292520): [<ffff8000803ce71c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (292527): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6486 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa2afff x27: ffff0001fec50fe8
x26: ffff0001ffa2b000 x25: dfff800000000000 x24: ffff0001ffa2a000
x23: ffff0001fea8e150 x22: 0000000000000100 x21: ffff0000dd81bd00
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dd81bd00 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 copy_page+0x30/0xc4 arch/arm64/lib/copy_page.S:38 (P)
 copy_user_highpage+0x28/0x40 arch/arm64/mm/copypage.c:66
 copy_mc_user_highpage include/linux/highmem.h:383 [inline]
 do_cow_fault mm/memory.c:5554 [inline]
 do_fault mm/memory.c:5654 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1808/0x4cf0 mm/memory.c:6309
 do_page_fault+0x428/0x1554 arch/arm64/mm/fault.c:647
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 2253
hardirqs last  enabled at (2252): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (2252): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (2253): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1794): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2225): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6486 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa2cfff x27: ffff0001fec50fe8
x26: ffff0001ffa2d000 x25: dfff800000000000 x24: ffff0001ffa2c000
x23: ffff0001fea8e160 x22: 0000000000000100 x21: ffff0000dd81bd00
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dd81bd00 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 copy_page+0x30/0xc4 arch/arm64/lib/copy_page.S:38 (P)
 copy_user_highpage+0x28/0x40 arch/arm64/mm/copypage.c:66
 copy_mc_user_highpage include/linux/highmem.h:383 [inline]
 do_cow_fault mm/memory.c:5554 [inline]
 do_fault mm/memory.c:5654 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1808/0x4cf0 mm/memory.c:6309
 do_page_fault+0x428/0x1554 arch/arm64/mm/fault.c:647
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 2341
hardirqs last  enabled at (2340): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (2340): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (2341): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1794): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2225): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6486 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffa3cfff x27: ffff0001fec50fe8
x26: ffff0001ffa3d000 x25: dfff800000000000 x24: ffff0001ffa3c000
x23: ffff0001fea8e1e0 x22: 0000000000000100 x21: ffff0000dd81bd00
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dd81bd00 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 copy_page+0x30/0xc4 arch/arm64/lib/copy_page.S:38 (P)
 copy_user_highpage+0x28/0x40 arch/arm64/mm/copypage.c:66
 copy_mc_user_highpage include/linux/highmem.h:383 [inline]
 do_cow_fault mm/memory.c:5554 [inline]
 do_fault mm/memory.c:5654 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1808/0x4cf0 mm/memory.c:6309
 do_page_fault+0x428/0x1554 arch/arm64/mm/fault.c:647
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 2407
hardirqs last  enabled at (2406): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (2406): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (2407): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1794): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2225): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6486 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6486 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff8000800178a0
x29: ffff8000800179c0 x28: ffff0001ffbfefff x27: ffff0001fec50fe8
x26: ffff0001ffbff000 x25: dfff800000000000 x24: ffff0001ffbfe000
x23: ffff0001fea8eff0 x22: 0000000000000100 x21: ffff0000dd81bd00
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9e9 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9ea x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000dd81bd00 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017aa0 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kmem_cache_free+0x250/0x550 mm/slub.c:4744
 ptlock_free+0x54/0x6c mm/memory.c:7364
 pagetable_dtor include/linux/mm.h:3109 [inline]
 pagetable_dtor_free include/linux/mm.h:3116 [inline]
 __tlb_remove_table+0x30/0x274 include/asm-generic/tlb.h:215
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x8c/0x19c mm/mmu_gather.c:290
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 copy_page+0x30/0xc4 arch/arm64/lib/copy_page.S:38 (P)
 copy_user_highpage+0x28/0x40 arch/arm64/mm/copypage.c:66
 copy_mc_user_highpage include/linux/highmem.h:383 [inline]
 do_cow_fault mm/memory.c:5554 [inline]
 do_fault mm/memory.c:5654 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1808/0x4cf0 mm/memory.c:6309
 do_page_fault+0x428/0x1554 arch/arm64/mm/fault.c:647
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 2425
hardirqs last  enabled at (2424): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (2424): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (2425): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1794): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2225): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pte_range mm/memory.c:2936 [inline]
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pmd_range mm/memory.c:2985 [inline]
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_pud_range mm/memory.c:3021 [inline]
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 apply_to_p4d_range mm/memory.c:3057 [inline]
WARNING: CPU: 1 PID: 6489 at ./arch/arm64/include/asm/pgtable.h:82 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
Modules linked in:
CPU: 1 UID: 0 PID: 6489 Comm: syz-executor Tainted: G        W           6.15.0-rc5-syzkaller-gac57c6b0f09c #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
pc : apply_to_pte_range mm/memory.c:2936 [inline]
pc : apply_to_pmd_range mm/memory.c:2985 [inline]
pc : apply_to_pud_range mm/memory.c:3021 [inline]
pc : apply_to_p4d_range mm/memory.c:3057 [inline]
pc : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
lr : arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline]
lr : apply_to_pte_range mm/memory.c:2936 [inline]
lr : apply_to_pmd_range mm/memory.c:2985 [inline]
lr : apply_to_pud_range mm/memory.c:3021 [inline]
lr : apply_to_p4d_range mm/memory.c:3057 [inline]
lr : __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093
sp : ffff800080017900
x29: ffff800080017a20 x28: ffff0001ffa74fff x27: ffff0001fec50fe8
x26: ffff0001ffa75000 x25: dfff800000000000 x24: ffff0001ffa74000
x23: ffff0001fea8e3a0 x22: 0000000000000100 x21: ffff0000cbd58000
x20: 100000023ea8e403 x19: 0000000000000001 x18: 0000000000000000
x17: ffff80010d10c000 x16: ffff80008051bab8 x15: 0000000000000001
x14: 1ffff00012dfb9d6 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012dfb9d7 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000cbd58000 x7 : ffff800080c2b0a4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff800080017b00 x3 : ffff8000802595f4
x2 : 0000000000001000 x1 : 0000000000000100 x0 : 0000000000000000
Call trace:
 arch_enter_lazy_mmu_mode arch/arm64/include/asm/pgtable.h:82 [inline] (P)
 apply_to_pte_range mm/memory.c:2936 [inline] (P)
 apply_to_pmd_range mm/memory.c:2985 [inline] (P)
 apply_to_pud_range mm/memory.c:3021 [inline] (P)
 apply_to_p4d_range mm/memory.c:3057 [inline] (P)
 __apply_to_page_range+0xdb4/0x13e4 mm/memory.c:3093 (P)
 apply_to_page_range+0x4c/0x64 mm/memory.c:3112
 __change_memory_common+0xac/0x3f8 arch/arm64/mm/pageattr.c:64
 set_memory_valid+0x68/0x7c arch/arm64/mm/pageattr.c:-1
 kfence_protect_page arch/arm64/include/asm/kfence.h:17 [inline]
 kfence_protect mm/kfence/core.c:247 [inline]
 kfence_guarded_free+0x278/0x5a8 mm/kfence/core.c:565
 __kfence_free+0x104/0x198 mm/kfence/core.c:1187
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2318 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x268/0x474 mm/slub.c:4841
 slab_free_after_rcu_debug+0x78/0x2f4 mm/slub.c:4679
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x848/0x17a4 kernel/rcu/tree.c:2824
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2841
 handle_softirqs+0x328/0xc88 kernel/softirq.c:579
 __do_softirq+0x14/0x20 kernel/softirq.c:613
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x30 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:460 [inline]
 __irq_exit_rcu+0x1b0/0x478 kernel/softirq.c:680
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:696
 __el1_irq arch/arm64/kernel/entry-common.c:584 [inline]
 el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:598
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:603
 el1h_64_irq+0x6c/0x70 arch/arm64/kernel/entry.S:596
 preempt_count arch/arm64/include/asm/preempt.h:13 [inline] (P)
 check_kcov_mode kernel/kcov.c:183 [inline] (P)
 write_comp_data kernel/kcov.c:246 [inline] (P)
 __sanitizer_cov_trace_const_cmp8+0x14/0x98 kernel/kcov.c:321 (P)
 folio_add_lru+0xc4/0x154 mm/swap.c:505
 folio_add_lru_vma+0xc4/0x118 mm/swap.c:524
 set_pte_range+0x1f8/0x434 mm/memory.c:5254
 finish_fault+0x908/0xcf0 mm/memory.c:5382
 do_cow_fault mm/memory.c:5560 [inline]
 do_fault mm/memory.c:5654 [inline]
 do_pte_missing mm/memory.c:4160 [inline]
 handle_pte_fault mm/memory.c:5997 [inline]
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1864/0x4cf0 mm/memory.c:6309
 do_page_fault+0x428/0x1554 arch/arm64/mm/fault.c:647
 do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783
 do_mem_abort+0x70/0x194 arch/arm64/mm/fault.c:919
 el0_da+0x64/0x160 arch/arm64/kernel/entry-common.c:627
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:789
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
irq event stamp: 4719
hardirqs last  enabled at (4718): [<ffff80008add91e8>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (4718): [<ffff80008add91e8>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (4719): [<ffff80008adb3680>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (4212): [<ffff8000801fbf10>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (4703): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---