ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/u4:5:23104 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:5 D26048 23104 2 0x80000000 Workqueue: netns cleanup_net Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 flush_workqueue+0x40b/0x13e0 kernel/workqueue.c:2713 rxrpc_release_sock net/rxrpc/af_rxrpc.c:906 [inline] rxrpc_release+0x25b/0x530 net/rxrpc/af_rxrpc.c:936 __sock_release net/socket.c:599 [inline] sock_release+0x87/0x1d0 net/socket.c:619 afs_close_socket+0x1c7/0x320 fs/afs/rxrpc.c:119 afs_net_exit+0x1c1/0x310 fs/afs/main.c:155 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:554 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Showing all locks held in the system: 1 lock held by khungtaskd/1570: #0: 000000004fccdf4d (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 2 locks held by ksmd/1576: #0: 00000000d2bade69 (ksm_thread_mutex){+.+.}, at: ksm_scan_thread+0x100/0x45f0 mm/ksm.c:2407 #1: 00000000f925c29e (lock#6){+.+.}, at: lru_add_drain_all+0x5a/0x4d0 mm/swap.c:681 3 locks held by kworker/u4:4/2889: 1 lock held by in:imklog/7823: 3 locks held by kworker/u4:9/23410: 3 locks held by kworker/u4:5/23104: #0: 000000007f87194c ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000002cd6efbf (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000029820cea (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 2 locks held by kworker/0:2/7479: 1 lock held by syz-executor.0/21830: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21838: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21841: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007e8d9cfc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007e8d9cfc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007e8d9cfc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007e8d9cfc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008f7d7535 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008f7d7535 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008f7d7535 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008f7d7535 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21845: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21847: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21848: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21852: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a2aa719f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a2aa719f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a2aa719f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a2aa719f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000035d80d5d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000035d80d5d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000035d80d5d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000035d80d5d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21853: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21855: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a7f19cf1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a7f19cf1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a7f19cf1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a7f19cf1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bffc0279 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bffc0279 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bffc0279 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bffc0279 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21856: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21857: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21859: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21873: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e5008911 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e5008911 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e5008911 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e5008911 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000056bcfec8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000056bcfec8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000056bcfec8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000056bcfec8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21874: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006738445a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006738445a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006738445a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006738445a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c0d0ebc4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c0d0ebc4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c0d0ebc4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c0d0ebc4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21877: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21879: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e0ddb6b4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e0ddb6b4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e0ddb6b4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e0ddb6b4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000058f4f4a1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000058f4f4a1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000058f4f4a1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000058f4f4a1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21880: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b07b9844 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b07b9844 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b07b9844 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b07b9844 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e3cbdcbb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e3cbdcbb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e3cbdcbb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e3cbdcbb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21882: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21883: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21884: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006fc24e8a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006fc24e8a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006fc24e8a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006fc24e8a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fca18257 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fca18257 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fca18257 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fca18257 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21888: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000026a1016c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000026a1016c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000026a1016c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000026a1016c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000165aa02e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000165aa02e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000165aa02e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000165aa02e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21890: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21891: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002267585b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002267585b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002267585b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002267585b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009405ad8a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009405ad8a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009405ad8a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009405ad8a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21892: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000454e5580 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000454e5580 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000454e5580 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000454e5580 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ad78a8f8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ad78a8f8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ad78a8f8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ad78a8f8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21896: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21897: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f0c1cb55 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f0c1cb55 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f0c1cb55 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f0c1cb55 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f5ab4f9b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f5ab4f9b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f5ab4f9b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f5ab4f9b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21898: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000020a66b26 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000020a66b26 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000020a66b26 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000020a66b26 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009484970e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009484970e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009484970e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009484970e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21899: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21901: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a1cd58f1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a1cd58f1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a1cd58f1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a1cd58f1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d5650463 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d5650463 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d5650463 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d5650463 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21906: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21907: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21908: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000136f9ab (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000136f9ab (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000136f9ab (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000136f9ab (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e4a805ff (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e4a805ff (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e4a805ff (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e4a805ff (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21909: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000039904649 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000039904649 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000039904649 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000039904649 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000aefea680 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000aefea680 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000aefea680 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000aefea680 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21910: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e153a391 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e153a391 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e153a391 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e153a391 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000125e5f18 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000125e5f18 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000125e5f18 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000125e5f18 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21911: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21914: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000031cc274e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000031cc274e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000031cc274e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000031cc274e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000083ad67e4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000083ad67e4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000083ad67e4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000083ad67e4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21915: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21916: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21917: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21919: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21920: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000030ec6195 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000030ec6195 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000030ec6195 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000030ec6195 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e2d599d1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e2d599d1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e2d599d1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e2d599d1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21921: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000035f70cb6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000035f70cb6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000035f70cb6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000035f70cb6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005bda0bc5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005bda0bc5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005bda0bc5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005bda0bc5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21922: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f01eb680 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f01eb680 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f01eb680 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f01eb680 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007404b53f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007404b53f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007404b53f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007404b53f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21923: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dfba426e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dfba426e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dfba426e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dfba426e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e50341a6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e50341a6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e50341a6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e50341a6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21924: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ce0d1f3b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ce0d1f3b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ce0d1f3b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ce0d1f3b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000683e7a71 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000683e7a71 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000683e7a71 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000683e7a71 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21926: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21935: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21936: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009c4033a7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009c4033a7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009c4033a7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009c4033a7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000551d1b1b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000551d1b1b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000551d1b1b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000551d1b1b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21937: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21938: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21939: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21941: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000048fde621 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000048fde621 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000048fde621 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000048fde621 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000d5903c9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000d5903c9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000d5903c9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000d5903c9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21943: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eb74638a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eb74638a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eb74638a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eb74638a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000077888cd8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000077888cd8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000077888cd8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000077888cd8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21944: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fa3d679a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fa3d679a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fa3d679a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fa3d679a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000021fc9056 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000021fc9056 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000021fc9056 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000021fc9056 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21945: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21946: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21947: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21948: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21949: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21950: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21955: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008b609c16 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008b609c16 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008b609c16 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008b609c16 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b8f18183 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b8f18183 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b8f18183 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b8f18183 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21959: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006a3c962e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006a3c962e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006a3c962e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006a3c962e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a4627a77 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a4627a77 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a4627a77 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a4627a77 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21960: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000750e0507 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000750e0507 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000750e0507 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000750e0507 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000004a7e3d4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000004a7e3d4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000004a7e3d4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000004a7e3d4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21961: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bafc57e5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bafc57e5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bafc57e5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bafc57e5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ab20443a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ab20443a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ab20443a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ab20443a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21962: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000677f5fd1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000677f5fd1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000677f5fd1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000677f5fd1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000082930381 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000082930381 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000082930381 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000082930381 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21963: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21965: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000006f07131 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000006f07131 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000006f07131 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000006f07131 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca474e70 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca474e70 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca474e70 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca474e70 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21966: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000079ba6e94 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000079ba6e94 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000079ba6e94 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000079ba6e94 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f126a8a9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f126a8a9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f126a8a9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f126a8a9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21967: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21968: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21969: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000051eee639 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000051eee639 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000051eee639 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000051eee639 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008a411638 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008a411638 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008a411638 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008a411638 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21971: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21974: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21977: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21978: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f5bfcb35 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f5bfcb35 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f5bfcb35 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f5bfcb35 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b7827f58 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b7827f58 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b7827f58 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b7827f58 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21980: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21981: #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21982: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006741f5e7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006741f5e7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006741f5e7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006741f5e7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002b54dc54 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002b54dc54 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002b54dc54 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002b54dc54 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21985: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21986: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21987: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d8de29ca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d8de29ca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d8de29ca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d8de29ca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c8bac355 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c8bac355 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c8bac355 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c8bac355 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21988: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000afe7eb04 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000afe7eb04 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000afe7eb04 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000afe7eb04 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c5a7de71 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c5a7de71 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c5a7de71 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c5a7de71 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21989: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000ae086b5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000ae086b5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000ae086b5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000ae086b5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000073616d4c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000073616d4c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000073616d4c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000073616d4c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21990: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21993: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/21994: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21995: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000091b0f1e8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000091b0f1e8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000091b0f1e8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000091b0f1e8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003546fde2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003546fde2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003546fde2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003546fde2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/21996: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/21997: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000112bbef8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000112bbef8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000112bbef8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000112bbef8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a0ba5045 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a0ba5045 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a0ba5045 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a0ba5045 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/21999: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007fa5b4b2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007fa5b4b2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007fa5b4b2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007fa5b4b2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dcf9ee9f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dcf9ee9f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dcf9ee9f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dcf9ee9f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22001: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006e7ec418 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006e7ec418 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006e7ec418 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006e7ec418 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000019ab1690 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000019ab1690 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000019ab1690 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000019ab1690 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22002: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000061b56277 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000061b56277 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000061b56277 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000061b56277 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004addcc6f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004addcc6f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004addcc6f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004addcc6f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22003: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22005: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d31b2d6e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d31b2d6e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d31b2d6e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d31b2d6e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006c8d7a95 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006c8d7a95 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006c8d7a95 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006c8d7a95 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22006: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f93a1813 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f93a1813 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f93a1813 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f93a1813 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006ed9b768 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006ed9b768 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006ed9b768 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006ed9b768 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22007: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22008: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22009: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001631d9c7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001631d9c7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001631d9c7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001631d9c7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f9c6db27 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f9c6db27 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f9c6db27 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f9c6db27 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22010: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e318292f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e318292f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e318292f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e318292f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a59f3811 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a59f3811 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a59f3811 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a59f3811 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22012: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000061208e71 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000061208e71 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000061208e71 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000061208e71 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000012f678ea (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000012f678ea (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000012f678ea (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000012f678ea (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22013: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000060fd09bf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000060fd09bf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000060fd09bf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000060fd09bf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002e13abdd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002e13abdd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002e13abdd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002e13abdd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22014: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22015: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001c5ebb01 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001c5ebb01 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001c5ebb01 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001c5ebb01 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a217cff2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a217cff2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a217cff2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a217cff2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22016: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000058d335bd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000058d335bd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000058d335bd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000058d335bd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e287445d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e287445d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e287445d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e287445d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22017: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003cebf601 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003cebf601 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003cebf601 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003cebf601 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c337e608 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c337e608 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c337e608 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c337e608 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22018: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22019: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22022: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22024: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000838402e9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000838402e9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000838402e9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000838402e9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002dd5dc97 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002dd5dc97 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002dd5dc97 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002dd5dc97 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22026: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22027: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000936ceb2f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000936ceb2f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000936ceb2f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000936ceb2f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c87f1b55 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c87f1b55 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c87f1b55 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c87f1b55 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22028: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ef32e72f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ef32e72f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ef32e72f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ef32e72f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000215cce9e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000215cce9e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000215cce9e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000215cce9e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22029: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000010eda57a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000010eda57a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000010eda57a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000010eda57a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000092ba2f10 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000092ba2f10 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000092ba2f10 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000092ba2f10 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22031: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22032: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000012bd592a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000012bd592a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000012bd592a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000012bd592a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000922c91e3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000922c91e3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000922c91e3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000922c91e3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22033: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22034: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bf8c921c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bf8c921c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bf8c921c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bf8c921c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000f3b920a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000f3b920a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000f3b920a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000f3b920a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22035: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b45d9fa6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b45d9fa6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b45d9fa6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b45d9fa6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f60b4051 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f60b4051 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f60b4051 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f60b4051 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22036: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009f0fa52b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009f0fa52b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009f0fa52b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009f0fa52b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000064c7a975 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000064c7a975 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000064c7a975 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000064c7a975 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22037: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000033c28dbe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000033c28dbe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000033c28dbe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000033c28dbe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000637c3355 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000637c3355 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000637c3355 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000637c3355 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22038: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b812e70 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b812e70 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b812e70 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b812e70 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000246ad755 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000246ad755 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000246ad755 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000246ad755 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22039: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f4a8919a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f4a8919a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f4a8919a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f4a8919a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000550a64bb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000550a64bb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000550a64bb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000550a64bb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22040: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000054d932ee (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000054d932ee (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000054d932ee (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000054d932ee (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d7c1a8c7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d7c1a8c7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d7c1a8c7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d7c1a8c7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22041: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22042: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22043: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ac0e389a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ac0e389a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ac0e389a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ac0e389a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000524068f0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000524068f0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000524068f0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000524068f0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22045: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22046: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d8224c9b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d8224c9b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d8224c9b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d8224c9b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000145a7b49 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000145a7b49 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000145a7b49 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000145a7b49 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22047: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f7f1f72c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f7f1f72c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f7f1f72c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f7f1f72c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000010384b93 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000010384b93 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000010384b93 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000010384b93 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22048: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d4e9798b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d4e9798b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d4e9798b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d4e9798b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b505245f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b505245f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b505245f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b505245f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22049: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22051: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22052: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003059fee1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003059fee1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003059fee1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003059fee1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bf757d7b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bf757d7b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bf757d7b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bf757d7b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22054: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22055: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22057: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22060: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22061: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22063: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22064: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22065: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22066: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22067: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000503e54c3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000503e54c3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000503e54c3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000503e54c3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e8af2e8f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e8af2e8f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e8af2e8f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e8af2e8f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22068: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22069: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22072: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000085b38f19 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000085b38f19 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000085b38f19 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000085b38f19 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d6ab69c8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d6ab69c8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d6ab69c8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d6ab69c8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22074: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000060d33a19 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000060d33a19 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000060d33a19 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000060d33a19 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c634726f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c634726f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c634726f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c634726f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22075: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000048444e53 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000048444e53 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000048444e53 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000048444e53 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001cd4e9dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001cd4e9dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001cd4e9dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001cd4e9dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22076: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22077: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006770cf86 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006770cf86 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006770cf86 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006770cf86 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e9034fd0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e9034fd0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e9034fd0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e9034fd0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22078: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000097a346e2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000097a346e2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000097a346e2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000097a346e2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000089cffe89 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000089cffe89 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000089cffe89 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000089cffe89 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22080: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000484d3ffb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000484d3ffb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000484d3ffb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000484d3ffb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a3923728 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a3923728 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a3923728 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a3923728 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22081: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22082: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22083: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22086: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bc479f60 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bc479f60 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bc479f60 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bc479f60 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000cf16131 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000cf16131 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000cf16131 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000cf16131 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22087: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22089: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001fc9b7be (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001fc9b7be (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001fc9b7be (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001fc9b7be (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000033b4cbab (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000033b4cbab (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000033b4cbab (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000033b4cbab (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22090: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22091: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22092: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22093: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22094: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22095: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22096: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22097: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22099: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22101: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bb673c31 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bb673c31 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bb673c31 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bb673c31 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ce33a1b6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ce33a1b6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ce33a1b6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ce33a1b6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22104: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22105: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d7f5a744 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d7f5a744 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d7f5a744 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d7f5a744 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005fe48048 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005fe48048 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005fe48048 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005fe48048 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22107: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dfd6289b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dfd6289b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dfd6289b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dfd6289b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000064b3657c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000064b3657c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000064b3657c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000064b3657c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22108: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d5ba6b1f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d5ba6b1f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d5ba6b1f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d5ba6b1f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c5d2abf1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c5d2abf1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c5d2abf1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c5d2abf1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22109: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000033151c98 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000033151c98 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000033151c98 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000033151c98 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004a230848 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004a230848 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004a230848 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004a230848 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22110: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005baaece3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005baaece3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005baaece3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005baaece3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000020bd9a18 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000020bd9a18 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000020bd9a18 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000020bd9a18 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22111: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22112: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d8667fff (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d8667fff (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d8667fff (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d8667fff (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c2d07a0d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c2d07a0d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c2d07a0d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c2d07a0d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22113: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22114: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000042775ed8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000042775ed8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000042775ed8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000042775ed8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002eb763b6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002eb763b6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002eb763b6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002eb763b6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22115: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22116: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eedd9ff2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eedd9ff2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eedd9ff2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eedd9ff2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000058ac425f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000058ac425f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000058ac425f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000058ac425f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22117: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22118: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000578a37b6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000578a37b6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000578a37b6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000578a37b6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005df63b98 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005df63b98 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005df63b98 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005df63b98 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22119: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000023c01b31 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000023c01b31 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000023c01b31 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000023c01b31 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007ddae130 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007ddae130 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007ddae130 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007ddae130 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22120: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000f7ad1c1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000f7ad1c1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000f7ad1c1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000f7ad1c1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc9e8db3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc9e8db3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc9e8db3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc9e8db3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22121: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005779cab2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005779cab2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005779cab2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005779cab2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000599ca6c2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000599ca6c2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000599ca6c2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000599ca6c2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22122: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22123: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f0a85f6a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f0a85f6a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f0a85f6a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f0a85f6a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006bfe8806 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006bfe8806 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006bfe8806 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006bfe8806 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22125: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22126: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000416542c5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000416542c5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000416542c5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000416542c5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001860d3ce (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001860d3ce (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001860d3ce (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001860d3ce (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22127: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a3136f66 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a3136f66 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a3136f66 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a3136f66 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001e8b5a54 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001e8b5a54 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001e8b5a54 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001e8b5a54 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22128: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22129: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d7c55465 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d7c55465 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d7c55465 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d7c55465 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca0f67e4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca0f67e4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca0f67e4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca0f67e4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22130: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22132: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22133: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ef701328 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ef701328 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ef701328 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ef701328 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000487af296 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000487af296 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000487af296 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000487af296 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22134: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22135: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22136: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22138: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22139: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22140: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000437c0d5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000437c0d5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000437c0d5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000437c0d5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002fbccad6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002fbccad6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002fbccad6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002fbccad6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22141: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003f874ca7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003f874ca7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003f874ca7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003f874ca7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004fdca7cc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004fdca7cc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004fdca7cc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004fdca7cc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22142: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000007695693 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000007695693 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000007695693 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000007695693 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dbcc3dd5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dbcc3dd5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dbcc3dd5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dbcc3dd5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22143: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d3492912 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d3492912 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d3492912 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d3492912 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003474c1ea (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003474c1ea (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003474c1ea (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003474c1ea (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22144: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22145: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d1dc0851 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d1dc0851 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d1dc0851 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d1dc0851 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000044559fd0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000044559fd0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000044559fd0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000044559fd0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22146: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a5312f44 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a5312f44 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a5312f44 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a5312f44 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca6062e7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca6062e7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca6062e7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca6062e7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22147: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22148: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22149: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000c079e42 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000c079e42 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000c079e42 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000c079e42 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006b65fe39 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006b65fe39 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006b65fe39 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006b65fe39 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22150: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22151: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22152: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22153: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22154: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ad9e0e77 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ad9e0e77 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ad9e0e77 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ad9e0e77 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025412122 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025412122 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025412122 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025412122 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22155: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002987c053 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002987c053 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002987c053 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002987c053 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004b0a24dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004b0a24dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004b0a24dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004b0a24dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22156: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000089b52dec (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000089b52dec (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000089b52dec (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000089b52dec (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000007c66092 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000007c66092 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000007c66092 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000007c66092 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22157: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22158: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22159: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006676570b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006676570b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006676570b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006676570b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fa552e8d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fa552e8d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fa552e8d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fa552e8d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22160: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22161: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22162: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22163: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002563bf62 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002563bf62 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002563bf62 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002563bf62 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000249118ca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000249118ca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000249118ca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000249118ca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22164: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22165: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000016fe799d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000016fe799d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000016fe799d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000016fe799d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000aee7ab6d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000aee7ab6d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000aee7ab6d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000aee7ab6d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22166: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22167: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22168: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22169: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22170: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008beaffb1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008beaffb1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008beaffb1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008beaffb1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003a1a3893 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003a1a3893 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003a1a3893 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003a1a3893 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22171: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22173: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22174: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b6384b8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b6384b8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b6384b8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b6384b8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000084c7a518 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000084c7a518 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000084c7a518 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000084c7a518 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22175: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22176: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a5b82c8e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a5b82c8e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a5b82c8e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a5b82c8e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e685606d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e685606d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e685606d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e685606d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22177: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22178: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22179: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d3bd3191 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d3bd3191 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d3bd3191 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d3bd3191 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000100c70e1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000100c70e1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000100c70e1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000100c70e1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22180: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009ae28619 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009ae28619 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009ae28619 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009ae28619 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ed38174c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ed38174c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ed38174c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ed38174c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22181: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000908cf67 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000908cf67 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000908cf67 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000908cf67 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000042e97e29 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000042e97e29 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000042e97e29 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000042e97e29 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22183: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22184: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000063aba97b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000063aba97b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000063aba97b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000063aba97b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a787c536 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a787c536 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a787c536 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a787c536 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22185: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000632e68fe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000632e68fe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000632e68fe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000632e68fe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000db32aace (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000db32aace (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000db32aace (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000db32aace (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22186: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000af564c06 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000af564c06 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000af564c06 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000af564c06 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000820c9a0a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000820c9a0a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000820c9a0a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000820c9a0a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22187: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22188: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b32a7c44 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b32a7c44 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b32a7c44 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b32a7c44 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002c6366dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002c6366dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002c6366dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002c6366dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22189: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000026b5ae26 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000026b5ae26 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000026b5ae26 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000026b5ae26 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000741f6f86 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000741f6f86 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000741f6f86 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000741f6f86 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22190: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22191: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22192: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22194: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22195: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22196: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22197: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fe86d4f7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fe86d4f7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fe86d4f7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fe86d4f7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d15da77d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d15da77d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d15da77d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d15da77d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22198: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22199: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000af6e894e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000af6e894e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000af6e894e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000af6e894e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b4d3664f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b4d3664f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b4d3664f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b4d3664f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22201: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22202: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d4e6f513 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d4e6f513 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d4e6f513 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d4e6f513 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025cf7377 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025cf7377 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025cf7377 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025cf7377 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22203: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22204: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22205: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fb6a1214 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fb6a1214 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fb6a1214 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fb6a1214 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000715d44d3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000715d44d3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000715d44d3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000715d44d3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22206: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22207: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22209: #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22210: #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000744a3381 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22211: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22212: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22213: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22215: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002295620a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002295620a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002295620a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002295620a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000aa7c1e89 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000aa7c1e89 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000aa7c1e89 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000aa7c1e89 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005b946aaf (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22216: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000989d0c24 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000989d0c24 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000989d0c24 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000989d0c24 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c4578be4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c4578be4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c4578be4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c4578be4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22217: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22218: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22219: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22221: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000057cf1754 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000057cf1754 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000057cf1754 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000057cf1754 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004c2c4a48 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004c2c4a48 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004c2c4a48 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004c2c4a48 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22222: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000047fb0244 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000047fb0244 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000047fb0244 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000047fb0244 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000363c751e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000363c751e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000363c751e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000363c751e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22223: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004f4c4a21 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004f4c4a21 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004f4c4a21 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004f4c4a21 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b239b87b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b239b87b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b239b87b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b239b87b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22224: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000d3429e4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000d3429e4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000d3429e4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000d3429e4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006e0644c9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006e0644c9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006e0644c9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006e0644c9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22225: #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000000e6cebb9 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22226: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22227: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22228: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006e3c00c7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006e3c00c7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006e3c00c7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006e3c00c7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009aa420f9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009aa420f9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009aa420f9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009aa420f9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22229: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22230: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22231: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22232: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a35c845a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a35c845a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a35c845a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a35c845a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002839f509 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002839f509 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002839f509 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002839f509 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000744a3381 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22233: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22234: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008be2f3c3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008be2f3c3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008be2f3c3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008be2f3c3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c9010680 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c9010680 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c9010680 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c9010680 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22235: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22236: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22237: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000098ad4a61 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000098ad4a61 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000098ad4a61 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000098ad4a61 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003673431e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003673431e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003673431e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003673431e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22238: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ca06826f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ca06826f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ca06826f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ca06826f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000512daca5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000512daca5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000512daca5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000512daca5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22239: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009c3e1237 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009c3e1237 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009c3e1237 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009c3e1237 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b1e9614 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b1e9614 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b1e9614 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b1e9614 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22241: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000038a8785b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000038a8785b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000038a8785b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000038a8785b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000714bf444 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000714bf444 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000714bf444 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000714bf444 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22242: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22243: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22246: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22247: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22248: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000029e7dd2a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000029e7dd2a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000029e7dd2a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000029e7dd2a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000eca588f3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000eca588f3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000eca588f3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000eca588f3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/22249: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22250: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22251: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cca51377 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cca51377 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cca51377 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cca51377 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000462cbd7a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000462cbd7a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000462cbd7a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000462cbd7a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/22252: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000133d2309 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000133d2309 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000133d2309 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000133d2309 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000997923a5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000997923a5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000997923a5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000997923a5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22253: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22254: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b802763 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b802763 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b802763 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b802763 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009e0bb4dc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009e0bb4dc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009e0bb4dc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009e0bb4dc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/22255: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000070718570 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000070718570 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000070718570 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000070718570 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000186b35d4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000186b35d4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000186b35d4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000186b35d4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22256: #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005b946aaf (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22257: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008373ea03 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008373ea03 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008373ea03 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008373ea03 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006481c551 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006481c551 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006481c551 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006481c551 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22258: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/22259: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000ea2a0da (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000ea2a0da (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000ea2a0da (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000ea2a0da (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a9b8ed69 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a9b8ed69 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a9b8ed69 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a9b8ed69 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22260: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22261: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000088f00a92 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000088f00a92 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000088f00a92 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000088f00a92 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002afa0c9e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002afa0c9e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002afa0c9e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002afa0c9e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22262: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22263: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22264: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22265: #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 00000000ad164f18 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/22266: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22267: #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22268: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/22269: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22271: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c27422d1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c27422d1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c27422d1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c27422d1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000416f22fd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000416f22fd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000416f22fd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000416f22fd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000090aca837 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/22272: #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000090aca837 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/22273: #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000005530de (&dup_mmap_sem){.+.+}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f94b22e9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f94b22e9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f94b22e9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f94b22e9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000798ca2ea (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000798ca2ea (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000798ca2ea (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000798ca2ea (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a44a52b6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278