From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49815C28B30 for ; Thu, 20 Mar 2025 20:02:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F30EB280003; Thu, 20 Mar 2025 16:02:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EE14F280001; Thu, 20 Mar 2025 16:02:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D8E33280003; Thu, 20 Mar 2025 16:02:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id B586A280001 for ; Thu, 20 Mar 2025 16:02:40 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 070EE1CCEC2 for ; Thu, 20 Mar 2025 20:02:41 +0000 (UTC) X-FDA: 83243002122.26.37D2CE5 Received: from mail-il1-f205.google.com (mail-il1-f205.google.com [209.85.166.205]) by imf29.hostedemail.com (Postfix) with ESMTP id 20464120021 for ; Thu, 20 Mar 2025 20:02:38 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf29.hostedemail.com: domain of 3XnTcZwkbAP0x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=3XnTcZwkbAP0x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742500959; a=rsa-sha256; cv=none; b=RoR5JVkvAyG8B64XNo7ROrgMOQNDky3yb+a0Av1xEmztGw0kVBsTV8K6oy2f9G067POx58 rLQ4d5J14kSp16qB+lxyAh5OfGrHhwzd/gG0uviT4deN+IuSZ31W+K1FqPBkO9N3UR8TbC BHWJba9WQ7/FUXhXPTIYuumQ9B2iup0= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf29.hostedemail.com: domain of 3XnTcZwkbAP0x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=3XnTcZwkbAP0x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742500959; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references; bh=0Etq5TP2xoNJQvFgoQupyFkxy1Uppzb4mI/ZsT/Ut4k=; b=HerRhbub0xV++sfTG1XYrQclC+/Zjo7+22LSZC3OByTZrKN66bTwFPB8CnjU/zKWpzj6bW hknwNJoKvjoYSZAzjxqYSsA5ECQG3b+Ctqj8SHwXJZqnjBZSaVkm8ozbBvKz4GaTtbU2g6 874CiAlKOG38LciYJ+A411b/a6GDR5c= Received: by mail-il1-f205.google.com with SMTP id e9e14a558f8ab-3d44a3882a0so11537805ab.1 for ; Thu, 20 Mar 2025 13:02:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742500958; x=1743105758; h=cc:to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0Etq5TP2xoNJQvFgoQupyFkxy1Uppzb4mI/ZsT/Ut4k=; b=pbwSnnnw7j/6smWw7xL9iUNgEUXN0+FwaQYPoI9wSi7Dqx0ip8ZMPxlISno2wXPk1A V7g4AZiBH1YCZykzmzGmcBoonkbrLCOQHfSO4A0FMpbM2Dm/n+FJKWR9HF+rWEVIKY62 UFnSs80Rdw12A/PGLphjwEK8FeKUGobZ6uHBCFho/kzBmM1lbVXW55ZpVV4K2qJsqqhE EqipTJZyEZGtIYVv+wYV3hzPK4Z/2eoc/pRTSdlHvw8awxDrT8NMfyhJ2Uz5m5J26ZWH Av5QJXonl7iM3irVmfcIG12qUM6faUeYQWlkw7yjDr+BtYp8ZzaK6ndqW9R2FT1YcCrR 8IFQ== X-Forwarded-Encrypted: i=1; AJvYcCV64G/gTG3OCUnEmAbV5X/yLQxjSG0nVQW1ZaKrmfTixgjb7erOSmvbC9/H4aRTHbxQbgQ0dvCtDw==@kvack.org X-Gm-Message-State: AOJu0Yy40nuZVwElvuyR+GLOddGpuZcjeau17fYoAm2UvxyhmicaFoJb xwTXbnk6bL5bihjr2eaefuKrlJ87HyCEFVKGY4NH4bxzUluz4S7VE/tWkqDFzOkhCGnx3z8BZ6C wpgQGbyZ92JubUt3eLAD0AoNzx+6pJlY2W7zoJ1OtbNuWVa45hVaXLO4= X-Google-Smtp-Source: AGHT+IHLspIAzV44BAI8Ovzlbju+v6rgPBHVMr5AWSt7r4q9isy3D8BlOOJMZf1z0WPYpRsLkFiKSmOnbCnpdkAcgZEogl+xdZIN MIME-Version: 1.0 X-Received: by 2002:a05:6e02:12cb:b0:3d3:d344:2a1a with SMTP id e9e14a558f8ab-3d595dfea7amr12787455ab.0.1742500958149; Thu, 20 Mar 2025 13:02:38 -0700 (PDT) Date: Thu, 20 Mar 2025 13:02:38 -0700 In-Reply-To: X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <67dc745e.050a0220.25ae54.0023.GAE@google.com> Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in vma_merge_existing_range From: syzbot To: pfalcato@suse.de Cc: akpm@linux-foundation.org, jannh@google.com, liam.howlett@oracle.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, pfalcato@suse.de, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 20464120021 X-Stat-Signature: xib85oduijsnattzjn5x9ffpz54kfm8s X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1742500958-262462 X-HE-Meta: U2FsdGVkX1/toA7KffMSAtHLLI9z2ABFsk8y/f0EpFAx55qIZxWPFu/ak2C2jNfvNfDUYiBO5ug33CJVfmXeaEMuw3HfPzw6uPe4RCktd7Z5q010vNpuRF1i8PmT2fRtOk4z+78cDSPVr17VgOGYOkZ5OXV2rHsFlnlnqNCTmRoUcpgs+cb6pK/x0zumafGiMnIB5z4LOPxZSQkfEhmij/oBTgqHnVetbUo/LN+DDlYaORU47nUfgVG2Lu4QDao2dl45VpS8UOtRmZofW5wn3tZOOvEj3S0B/2WwnvWASw2tc6zg7k6qoPcdp6tEMx9fjxaqgyKVeVPcK5ZyLk5O1TGmDy1UPbiq5wpOEPVWZK3njvGjUcISfq1A3q3UiL4YeY7/wQULWvs0eS7/4pOhMuuo/zRPvOkhzik4ZEzJUPXNBqM5iXq6/S8q4M3vnNKrcBa+xM2nY+AnqoeVCwcJ/cZifO5Do4+vTn2UcFYOID7njticM4r9nmSACDwM/X3VQIrvAclTd2622aKwR3PJhz2H/teoNolhL32Ep0zbAHL54wpsyNiA19tWUoqjPxiHiKXGxa39ZRuDpGdDnYRfHmr6BeFTAml0/BoGn2h6F+rYZ20tpLg1Lcyvsem7LSszLLTcq7kMgwU3R85F5f3gB7pYZhtybs4JuKTbuv4bTQ7+zk11Y5nLrUxvQBrrJka9q1lUXde09AArD/SQLHRCZ3V+KUXE2TaGU7QDx8hp79zPJREt8cVjNYYYGSxSobEC8fcEnoeo/2SWpDsbr+dxljlfn0N7kWbp4pD0WR1PdqLCcspJoid9j125ygGbHzs2YflCE/EtAHgzMquyUG6vDvs6FC4m+HpiPZUwp+HJWXP051HLekRa+BGhrDV3e/TdvKwI2fDkyFx4+rpcEDh3LyO2qd6J5W0oaxwMh0avnCHprGdtzhgolFP8/7+/kZv5cgtzcLDmxe8cQVl4Dij zclsSLJn FFK8OVzXSvmqPInMSmSHFIINsGbpDHsgGUWqYRwkx8uLr08AX1HcWhGRJKTlzSWue5jUWmhdsND3+1S9SgpNUc4VLfPZL3eWTzSGyfdWMJ1okCzuGQj5nR1PQNYnWe/nChl+KYsBxXDxw8fyfZSTXSPOIT0N9jVW729RAbw7TZdjNHfzLWzVGL/RlqQDNQMigjSYsspk6SuIlFqa4fT9gHMJDcfkHvUpYTQ7v3Oa+LKIQ6DuVw+neHb7nECcVw8Csfpfr3H2Vz7zc0+N0cpwnvN6t6wqOFTp6gypTrRi5c6As77S9bZRR6NVHve1EwRy5PFjvEZIMklkYeY3hBSKTlboCjM8WOIzJY4UkTSQci0S+Pi8hPL1Ru1XfMrLJ1JeE/H6S8nh3ymHzkeFNFknPryNLY0+6CySMMFndp5t4Bfevo2FjkrfiJrC9lwCixBtUEUwg2XNO6Jr78uCbzoXt5wuSuB26MsZompFsUjoVc0BJsp5FgimNP4OM5bS0NhqMaad3b6iUaw37hcaQhxr/zK2yVeH1hMo8Lwtd7QhWCyM6ULJm7N2uOdxrnllrY2x402zd7Yr1g744RjcEHXAzfmvAZERmG7KJE/m06T+f0kurdvpJKgdwLp78Rf38Rh4mJejFi1Ey3AQmxwRupgJYih8z97NDTgfifJ+Ca8bNILGt2NwbezTlFua6Cts3eqCn0oeI58nrBtmot2yRwN4n1/2ICwIJ6LumH6lgZUNb3mQcSDN4A+fxDZOx2U1wprlkQ7/Ia/qfK9BhRGfs2ptRuKWlN9RyaOdD3RSc15hevlNivIJhH3hdlQNyyUI6y8laDwvXlO6n3GWZDKH5U16yyQG0cOz49W0YWzWVxiLyolnkA+0IP7CLKklHnsDBWdJnmL7uJCsFpt6XBcgIp7nTatTTJnkxr9U4l4XUK94gLU3YFKj6C+Aoh+dArZ1rjdXzE6K4auvKc7pUk7qEB0kK+8uoshSK vsxBsr6V cyVypbZDZsIYMqkkBjSSBvzC8dK7ggOnO7MrRteThQZ/Gwcx9OiZ/NVxBebpGmOr30EIVW2XlVecIYj0yDYkzTpSt3nkPqEcstNmrGT1nbZkL86YU1k9cvnQaHcgue1mjyUQAxuRwIaW5AlE5/X9fQNyQoNs3N+es9iDQbH4Y+kf8LESe3xKGDMLqDpMjtcu/d8PKh4lBPbk9KuGJf35UedKJpdk/nzh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > On Thu, Mar 20, 2025 at 12:09:36PM -0700, syzbot wrote: >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: eb88e6bfbc0a Merge tag 'fsnotify_for_v6.14-rc7' of git://g.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=11e6c83f980000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=77423669c2b8fa9 >> dashboard link: https://syzkaller.appspot.com/bug?extid=20ed41006cf9d842c2b5 >> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 >> userspace arch: i386 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> >> Downloadable assets: >> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-eb88e6bf.raw.xz >> vmlinux: https://storage.googleapis.com/syzbot-assets/ded0ce69669f/vmlinux-eb88e6bf.xz >> kernel image: https://storage.googleapis.com/syzbot-assets/6e6fa3c719e7/bzImage-eb88e6bf.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+20ed41006cf9d842c2b5@syzkaller.appspotmail.com >> >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 >> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 >> >> BUG: unable to handle page fault for address: fffffffffffffff4 >> #PF: supervisor read access in kernel mode >> #PF: error_code(0x0000) - not-present page >> PGD df84067 P4D df84067 PUD df86067 PMD 0 >> Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI >> CPU: 1 UID: 0 PID: 17805 Comm: syz.8.3237 Not tainted 6.14.0-rc6-syzkaller-00212-geb88e6bfbc0a #0 >> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 >> RIP: 0010:vma_merge_existing_range+0x266/0x2070 mm/vma.c:734 >> Code: e8 5f 25 ad ff 48 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1c 19 00 00 48 8b 04 24 48 8b 74 24 08 <4c> 8b 38 4c 89 ff e8 9f 1f ad ff 48 8b 44 24 08 49 39 c7 0f 83 db >> RSP: 0000:ffffc9000319f988 EFLAGS: 00010246 >> RAX: fffffffffffffff4 RBX: ffffc9000319fae8 RCX: ffffffff820cd3e5 >> RDX: 1ffffffffffffffe RSI: 0000000080c2a000 RDI: 0000000000000005 >> RBP: 0000000080ce2000 R08: 0000000000000005 R09: 0000000000000000 >> R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 >> R13: ffffc9000319fb08 R14: ffff888025eddc98 R15: ffff88804eec0a00 >> FS: 0000000000000000(0000) GS:ffff88802b500000(0063) knlGS:00000000f5106b40 >> CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 >> CR2: fffffffffffffff4 CR3: 00000000614d6000 CR4: 0000000000352ef0 >> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 >> Call Trace: >> >> vma_modify.constprop.0+0x87/0x410 mm/vma.c:1517 >> vma_modify_flags_uffd+0x241/0x2e0 mm/vma.c:1598 >> userfaultfd_clear_vma+0x91/0x130 mm/userfaultfd.c:1906 >> userfaultfd_release_all+0x2ae/0x4c0 mm/userfaultfd.c:2024 >> userfaultfd_release+0xf4/0x1c0 fs/userfaultfd.c:865 >> __fput+0x3ff/0xb70 fs/file_table.c:464 >> task_work_run+0x14e/0x250 kernel/task_work.c:227 >> resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:114 [inline] >> exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] >> __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] >> syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218 >> __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:390 >> do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:412 >> entry_SYSENTER_compat_after_hwframe+0x84/0x8e >> RIP: 0023:0xf7fe6579 >> Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 >> RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000135 >> RAX: 0000000000000001 RBX: 0000000080000180 RCX: 0000000000000001 >> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 >> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 >> >> Modules linked in: >> CR2: fffffffffffffff4 >> ---[ end trace 0000000000000000 ]--- >> RIP: 0010:vma_merge_existing_range+0x266/0x2070 mm/vma.c:734 >> Code: e8 5f 25 ad ff 48 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1c 19 00 00 48 8b 04 24 48 8b 74 24 08 <4c> 8b 38 4c 89 ff e8 9f 1f ad ff 48 8b 44 24 08 49 39 c7 0f 83 db >> RSP: 0000:ffffc9000319f988 EFLAGS: 00010246 >> RAX: fffffffffffffff4 RBX: ffffc9000319fae8 RCX: ffffffff820cd3e5 >> RDX: 1ffffffffffffffe RSI: 0000000080c2a000 RDI: 0000000000000005 >> RBP: 0000000080ce2000 R08: 0000000000000005 R09: 0000000000000000 >> R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 >> R13: ffffc9000319fb08 R14: ffff888025eddc98 R15: ffff88804eec0a00 >> FS: 0000000000000000(0000) GS:ffff88802b500000(0063) knlGS:00000000f5106b40 >> CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 >> CR2: fffffffffffffff4 CR3: 00000000614d6000 CR4: 0000000000352ef0 >> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 >> ---------------- >> Code disassembly (best guess): >> 0: e8 5f 25 ad ff call 0xffad2564 >> 5: 48 8b 14 24 mov (%rsp),%rdx >> 9: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax >> 10: fc ff df >> 13: 48 c1 ea 03 shr $0x3,%rdx >> 17: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) >> 1b: 0f 85 1c 19 00 00 jne 0x193d >> 21: 48 8b 04 24 mov (%rsp),%rax >> 25: 48 8b 74 24 08 mov 0x8(%rsp),%rsi >> * 2a: 4c 8b 38 mov (%rax),%r15 <-- trapping instruction >> 2d: 4c 89 ff mov %r15,%rdi >> 30: e8 9f 1f ad ff call 0xffad1fd4 >> 35: 48 8b 44 24 08 mov 0x8(%rsp),%rax >> 3a: 49 39 c7 cmp %rax,%r15 >> 3d: 0f .byte 0xf >> 3e: 83 .byte 0x83 >> 3f: db .byte 0xdb > > Ahh, fun bug. This *seems* to be the bug: > > First, in vma_modify: > > merged = vma_merge_existing_range(vmg); > if (merged) > return merged; > if (vmg_nomem(vmg)) > return ERR_PTR(-ENOMEM); > > then, all the way up to userfaultfd_release_all (the return value propagates > vma_modify -> vma_modify_flags_uffd -> userfaultfd_clear_vma): > > prev = NULL; > for_each_vma(vmi, vma) { > cond_resched(); > BUG_ON(!!vma->vm_userfaultfd_ctx.ctx ^ > !!(vma->vm_flags & __VM_UFFD_FLAGS)); > if (vma->vm_userfaultfd_ctx.ctx != ctx) { > prev = vma; > continue; > } > > vma = userfaultfd_clear_vma(&vmi, prev, vma, > vma->vm_start, vma->vm_end); > prev = vma; > } > > So, if uffd gets an IS_ERR(vma), it keeps going and takes that vma as the prev value, > which leads to that ERR_PTR(-ENOMEM) deref crash (-12 = -ENOMEM = 0xffffff4). > This situation is kind of awkward because ->release() errors don't mean a thing. > So, I have another idea (pasting for syzbot) which might just be cromulent. > Untested, but thoughts? > > #syz test This crash does not have a reproducer. I cannot test it. > > diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c > index d06453fa8aba..fb835d82eb84 100644 > --- a/mm/userfaultfd.c > +++ b/mm/userfaultfd.c > @@ -2023,6 +2023,8 @@ void userfaultfd_release_all(struct mm_struct *mm, > > vma = userfaultfd_clear_vma(&vmi, prev, vma, > vma->vm_start, vma->vm_end); > + if (WARN_ON(IS_ERR(vma))) > + break; > prev = vma; > } > mmap_write_unlock(mm); > diff --git a/mm/vma.c b/mm/vma.c > index 71ca012c616c..b2167b7dc27d 100644 > --- a/mm/vma.c > +++ b/mm/vma.c > @@ -1517,8 +1517,16 @@ static struct vm_area_struct *vma_modify(struct vma_merge_struct *vmg) > merged = vma_merge_existing_range(vmg); > if (merged) > return merged; > - if (vmg_nomem(vmg)) > + if (vmg_nomem(vmg)) { > + /* If we can avoid failing the whole modification > + * due to a merge OOM and validly keep going > + * (we're modifying the whole VMA), return vma intact. > + * It won't get merged, but such is life - we're avoiding > + * OOM conditions in other parts of mm/ this way */ > + if (start <= vma->vm_start && end >= vma->vm_end) > + return vma; > return ERR_PTR(-ENOMEM); > + } > > /* Split any preceding portion of the VMA. */ > if (vma->vm_start < start) { > > -- > Pedro