ci starts bisection 2025-07-21 23:01:21.062613563 +0000 UTC m=+40462.309124849 bisecting cause commit starting from d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 building syzkaller on 7117feecc9626dc60b06fb3e91c0f7632d99d30b fetch other tags and check if the commit is present ensuring issue is reproducible on original commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 819c1b1758a1a970e8a10f8bf7098a9e9bbaa7e678b6266c4cb4ebf95f0b45e9 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [atomic_sleep memleak ubsan bug_or_warning kasan locking], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 277d0414833f92d90771ecc761f9adc25451ffc94494c0a286495f8f8e9ae9b9 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the bug reproduces without the instrumentation disabling configs for [bug_or_warning kasan locking atomic_sleep memleak ubsan], they are not needed kconfig minimization: base=4095 full=8526 leaves diff=2188 split chunks (needed=false): <2188> split chunk #0 of len 2188 into 5 parts testing without sub-chunk 1/5 disabling configs for [bug_or_warning kasan locking atomic_sleep memleak ubsan], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: d47dfdfd8b4a10b376f01a5f479d4bcf81ec79b9cb57e52e99f1799cf0faad31 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [bug_or_warning kasan locking atomic_sleep memleak ubsan], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 8e8854ed9ea98f35863a1f3c9e35036de03029c0d7a1d446b5c2a04ddf1c4c37 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 2f6f145554d937f2f8015e5575d285e8c3bf45b6c73201c71a08ef1e12e5cd4e all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep memleak], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 5021d260fc92f272a5b0e6d8a003d91c8aabde9ebb3bb969785e99628b378f61 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [kasan locking atomic_sleep memleak ubsan bug_or_warning], they are not needed testing commit d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 7944be777f7851b62f715722bd7f3b0a999892ae767ca01f9392d00161a8c634 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] the chunk can be dropped disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed picked [v6.15 v6.14 v6.13 v6.11 v6.9 v6.7 v6.5 v6.3 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 38 release tags testing release v6.15 testing commit 0ff41df1cb268fc69e703a08a57ee14ae967d0ca gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: ba19811956a462d3ace451e8b5a5e5e5acdb458dd2fb4eafbb74c3413b263e82 all runs: OK false negative chance: 0.000 # git bisect start d086c886ceb9f59dea6c3a9dae7eb89e780a20c9 0ff41df1cb268fc69e703a08a57ee14ae967d0ca Bisecting: 13414 revisions left to test after this (roughly 14 steps) [378ec25aec5a8444879f8696d580c94950a1f1df] Merge tag 'tty-6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 378ec25aec5a8444879f8696d580c94950a1f1df gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 4e0f1367656a3a5057fcc7c062adb1946397f57f9c0a5704258a664c29056b25 all runs: OK false negative chance: 0.000 # git bisect good 378ec25aec5a8444879f8696d580c94950a1f1df Bisecting: 6980 revisions left to test after this (roughly 13 steps) [a6e8f6c1c5d76f38113771aa6b33db2555911dc8] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git testing commit a6e8f6c1c5d76f38113771aa6b33db2555911dc8 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: fa3d343a9ac85f618abfdd107b390fd1755f10196d3049b4b9101ef20f7f61bd all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad a6e8f6c1c5d76f38113771aa6b33db2555911dc8 Bisecting: 3215 revisions left to test after this (roughly 12 steps) [c207b45f136f9cda874fdcfb00661d220fd52f51] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git testing commit c207b45f136f9cda874fdcfb00661d220fd52f51 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 825fc630e2e37ac09d93256e60dbb665e50c52c8ac11e0e75a0978d6391fcc20 all runs: OK false negative chance: 0.000 # git bisect good c207b45f136f9cda874fdcfb00661d220fd52f51 Bisecting: 1606 revisions left to test after this (roughly 11 steps) [fd4b9f6812e7c9fff721b71c3f96259ffeab9cf9] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git testing commit fd4b9f6812e7c9fff721b71c3f96259ffeab9cf9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: cfc372f498f58a5daf0e6401c896eff65d06b36e0b0d86b5219024e8c658061e all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad fd4b9f6812e7c9fff721b71c3f96259ffeab9cf9 Bisecting: 789 revisions left to test after this (roughly 10 steps) [7e16a5719930f7a3f27b39cd011c0fea4d3ba047] Merge branch 'perf-tools-next' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools-next.git testing commit 7e16a5719930f7a3f27b39cd011c0fea4d3ba047 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: b8ffb64888f57e8c14d8494e7e86d9dacc06b3186722ac6734b6d811b57dc4b2 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad 7e16a5719930f7a3f27b39cd011c0fea4d3ba047 Bisecting: 375 revisions left to test after this (roughly 9 steps) [8c8de4491a419cd47417964120946512df5aaefa] Merge branch 'mm-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 8c8de4491a419cd47417964120946512df5aaefa gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: af6f6988292e0e4d39a00e580082479e8fe969463af911eca7703211342e56be all runs: OK false negative chance: 0.000 # git bisect good 8c8de4491a419cd47417964120946512df5aaefa Bisecting: 207 revisions left to test after this (roughly 8 steps) [6e91ffde44df8ef006b9f7c4b326fb08bb2b672c] Merge branch 'mm-nonmm-unstable' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 6e91ffde44df8ef006b9f7c4b326fb08bb2b672c gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 99185007a03a8518cb1e9e5230a8795456a71146f087fc338a94bb84e52dbfc1 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad 6e91ffde44df8ef006b9f7c4b326fb08bb2b672c Bisecting: 83 revisions left to test after this (roughly 6 steps) [f4da434d0ce063c782e5fc07da6cd20aea45e676] mm/damon/sysfs: remove damon_sysfs_before_terminate() testing commit f4da434d0ce063c782e5fc07da6cd20aea45e676 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 71f6005a8cb88f11c500d173a52273b74ee8de0a025a2eda1976767f8022ab8d all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad f4da434d0ce063c782e5fc07da6cd20aea45e676 Bisecting: 41 revisions left to test after this (roughly 5 steps) [29fb6f8e7d5f38f037ecc1fbfcf1b4d54316ce9a] mm/vmscan: make __node_reclaim() more generic testing commit 29fb6f8e7d5f38f037ecc1fbfcf1b4d54316ce9a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 06a7153e4b6a2bb8e67d68f7327dff3a91673078378a797cdb8b7623d3f0efff all runs: OK false negative chance: 0.000 # git bisect good 29fb6f8e7d5f38f037ecc1fbfcf1b4d54316ce9a Bisecting: 20 revisions left to test after this (roughly 4 steps) [aa8d596473934b007dca03e55a0794ce9954a4d3] mm/mremap: address review comments testing commit aa8d596473934b007dca03e55a0794ce9954a4d3 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: a097cade7261e3f96c40c2809f3a12d84097fb5b2f07e3e7018c713c9319f6e6 all runs: OK false negative chance: 0.000 # git bisect good aa8d596473934b007dca03e55a0794ce9954a4d3 Bisecting: 10 revisions left to test after this (roughly 3 steps) [b7b1f0713e936557553b626d62a30f0f4e399fd3] mm/damon/reclaim: use damon_call() repeat mode instead of damon_callback testing commit b7b1f0713e936557553b626d62a30f0f4e399fd3 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 4ff7a3f32cd4200df38ecc05a2d61e23257f1b847953fa90e4cf259934cfedb6 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad b7b1f0713e936557553b626d62a30f0f4e399fd3 Bisecting: 4 revisions left to test after this (roughly 2 steps) [afbfacdef6fe1c0da69847877f657bc0c5aa2e1e] readahead: use folio_nr_pages() instead of shift operation testing commit afbfacdef6fe1c0da69847877f657bc0c5aa2e1e gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 94bb557df74466e70962f4a48014af02fa154851173842cd25a259c75cf4f8c5 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad afbfacdef6fe1c0da69847877f657bc0c5aa2e1e Bisecting: 2 revisions left to test after this (roughly 1 step) [f085d2600b8ee74456820b4e67c46a364e34f153] tools/testing/selftests: extend mremap_test to test multi-VMA mremap testing commit f085d2600b8ee74456820b4e67c46a364e34f153 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: b896ace6f83ce65a822774d970aaadb6d4f97b4d61a269e61f345424cc00cc19 all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad f085d2600b8ee74456820b4e67c46a364e34f153 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d22f1d61e7d950dccee81e3ed75ff2908aecd1a9] mm/mremap: reset VMI on unmap testing commit d22f1d61e7d950dccee81e3ed75ff2908aecd1a9 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 5462773b220af0fe4fa856ebc0f864badde0f6db5f500acffde6d667b898f88b all runs: crashed: INFO: task hung in exit_mm representative crash: INFO: task hung in exit_mm, types: [HANG] # git bisect bad d22f1d61e7d950dccee81e3ed75ff2908aecd1a9 d22f1d61e7d950dccee81e3ed75ff2908aecd1a9 is the first bad commit commit d22f1d61e7d950dccee81e3ed75ff2908aecd1a9 Author: Lorenzo Stoakes Date: Wed Jul 16 20:29:54 2025 +0100 mm/mremap: reset VMI on unmap Any separate VMA iterator may become invalidated when VMAs are unmapped at nodes in proximity to the current position of the iterator. Therefore, reset the iterator at each point where this occurs on a mremap move. Link: https://lkml.kernel.org/r/4fbf4271-6ab9-49c0-b30f-c8716bf19f09@lucifer.local Signed-off-by: Lorenzo Stoakes Cc: Al Viro Cc: Christian Brauner Cc: Jan Kara Cc: Jann Horn Cc: Liam Howlett Cc: Peter Xu Cc: Rik van Riel Cc: Vlastimil Babka Signed-off-by: Andrew Morton mm/mremap.c | 2 ++ 1 file changed, 2 insertions(+) accumulated error probability: 0.00 culprit signature: 5462773b220af0fe4fa856ebc0f864badde0f6db5f500acffde6d667b898f88b parent signature: a097cade7261e3f96c40c2809f3a12d84097fb5b2f07e3e7018c713c9319f6e6 revisions tested: 22, total time: 5h14m47.393930887s (build: 2h5m28.119882249s, test: 2h43m7.682587524s) first bad commit: d22f1d61e7d950dccee81e3ed75ff2908aecd1a9 mm/mremap: reset VMI on unmap recipients (to): ["Liam.Howlett@oracle.com" "akpm@linux-foundation.org" "akpm@linux-foundation.org" "linux-mm@kvack.org" "lorenzo.stoakes@oracle.com" "lorenzo.stoakes@oracle.com"] recipients (cc): ["jannh@google.com" "linux-kernel@vger.kernel.org" "pfalcato@suse.de" "vbabka@suse.cz"] crash: INFO: task hung in exit_mm INFO: task syz.3.16:2908 blocked for more than 143 seconds. Not tainted 6.16.0-rc5-syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.16 state:D stack:13584 pid:2908 tgid:2908 ppid:2454 task_flags:0x40004c flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5397 [inline] __schedule+0x76d/0xc30 kernel/sched/core.c:6786 __schedule_loop kernel/sched/core.c:6864 [inline] schedule+0xac/0x140 kernel/sched/core.c:6879 schedule_preempt_disabled+0x32/0x60 kernel/sched/core.c:6936 rwsem_down_read_slowpath+0x241/0x520 kernel/locking/rwsem.c:1084 __down_read_common kernel/locking/rwsem.c:1248 [inline] __down_read kernel/locking/rwsem.c:1261 [inline] down_read+0x86/0xf0 kernel/locking/rwsem.c:1526 mmap_read_lock include/linux/mmap_lock.h:412 [inline] exit_mm+0x3f/0x110 kernel/exit.c:557 do_exit+0x1c6/0x9a0 kernel/exit.c:952 do_group_exit+0x9f/0xa0 kernel/exit.c:1105 __do_sys_exit_group kernel/exit.c:1116 [inline] __se_sys_exit_group kernel/exit.c:1114 [inline] __x64_sys_exit_group+0x12/0x20 kernel/exit.c:1114 x64_sys_call+0x21ba/0x21c0 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f433077e9a9 RSP: 002b:00007fff91d11a48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f433077e9a9 RDX: 00007f433077e9a9 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000291d11b3f R09: 00007f4330970260 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f4330970260 R14: 0000000000000003 R15: 00007fff91d11b00 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffffffff8277aab0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8277aab0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8277aab0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x2e/0x100 kernel/locking/lockdep.c:6770 2 locks held by getty/857: #0: ffff888100a9f0a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x20/0x40 drivers/tty/tty_ldisc.c:243 #1: ffffc90001bdb2f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x1c3/0x6e0 drivers/tty/n_tty.c:2222 1 lock held by syz.3.16/2908: #0: ffff888101b542a0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888101b542a0 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.3.16/2909: 1 lock held by syz.4.17/3366: #0: ffff88810fab5520 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88810fab5520 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.4.17/3367: 1 lock held by syz.5.18/3824: #0: ffff88810fab1460 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88810fab1460 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.5.18/3826: 1 lock held by syz.6.19/4284: #0: ffff88810fab3960 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88810fab3960 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.6.19/4285: 1 lock held by syz.7.20/4743: #0: ffff888101b53960 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888101b53960 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.7.20/4744: 1 lock held by syz.8.21/5201: #0: ffff88810fab26e0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88810fab26e0 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.8.21/5203: 1 lock held by syz.9.22/5660: #0: ffff88810fab4be0 (&mm->mmap_lock){....}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88810fab4be0 (&mm->mmap_lock){....}-{3:3}, at: exit_mm+0x3f/0x110 kernel/exit.c:557 1 lock held by syz.9.22/5661: ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 nmi_cpu_backtrace+0x109/0x170 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x8e/0x140 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline] watchdog+0x604/0x630 kernel/hung_task.c:470 kthread+0x200/0x230 kernel/kthread.c:464 ret_from_fork+0x9d/0x170 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 4744 Comm: syz.7.20 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:arch_atomic_inc lib/maple_tree.c:7561 [inline] RIP: 0010:raw_atomic_inc include/linux/atomic/atomic-arch-fallback.h:992 [inline] RIP: 0010:atomic_inc include/linux/atomic/atomic-instrumented.h:436 [inline] RIP: 0010:mt_validate_nulls lib/maple_tree.c:7565 [inline] RIP: 0010:mt_validate+0x15a1/0x1750 lib/maple_tree.c:7615 Code: ff ff 48 8b 84 24 d8 00 00 00 48 89 44 24 10 45 31 f6 4c 89 e8 41 0f b6 d6 4c 8b 6c d5 00 4c 09 e8 74 6b f0 ff 05 7f d1 0a 05 ff 05 7c d1 0a 05 4c 89 f8 c1 e8 03 83 e0 0f 8d 48 ff 83 f9 02 RSP: 0018:ffffc90001b378f0 EFLAGS: 00000282 RAX: ffff88810c7fab00 RBX: ffff88810cb28800 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 000000000000000e RDI: ffffc90001b379a0 RBP: ffff88810cb28880 R08: ffff88810cb2880c R09: 00001ff9691befff R10: 000000000000000f R11: 0000000000000000 R12: ffffffffffffff00 R13: ffff88810c7fab00 R14: 0000000000000001 R15: ffff88810cb2880c FS: 00007fd5f9bf76c0(0000) GS:ffff8882b4d3b000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0b261a4e9c CR3: 000000011178c000 CR4: 00000000003506f0 Call Trace: validate_mm+0x81/0x260 mm/vma.c:651 vma_link+0x183/0x1c0 mm/vma.c:1801 copy_vma+0x2a8/0x390 mm/vma.c:1882 copy_vma_and_data mm/mremap.c:1184 [inline] move_vma+0x198/0x540 mm/mremap.c:1282 mremap_to+0x1b2/0x1e0 mm/mremap.c:1406 remap_move mm/mremap.c:1863 [inline] do_mremap mm/mremap.c:1906 [inline] __do_sys_mremap mm/mremap.c:1970 [inline] __se_sys_mremap+0x68d/0x7d0 mm/mremap.c:1938 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd5fa18e9a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd5f9bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007fd5fa3b5fa0 RCX: 00007fd5fa18e9a9 RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000200000000000 RBP: 00007fd5fa210d69 R08: 0000200000481000 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fd5fa3b5fa0 R15: 00007ffd965dd2d8