ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 Bluetooth: hci4: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/1:2:3473 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:2 D25752 3473 2 0x80000000 Workqueue: events switchdev_deferred_process_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/1:3:9349 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:3 D24656 9349 2 0x80000000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 linkwatch_event+0xb/0x60 net/core/link_watch.c:236 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task syz-executor.5:10464 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28648 10464 6394 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 tun_detach drivers/net/tun.c:759 [inline] tun_chr_close+0x3a/0x180 drivers/net/tun.c:3323 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe79c4f5afb Code: Bad RIP value. RSP: 002b:00007ffe3f60b380 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fe79c4f5afb RDX: 0000001b33320000 RSI: 0000001b3332323c RDI: 0000000000000003 RBP: 00007fe79c657960 R08: 0000000000000000 R09: 000000003253460c R10: 001a63a22acbc5c4 R11: 0000000000000293 R12: 00000000000e4f9c R13: 00007ffe3f60b480 R14: 00007ffe3f60b4a0 R15: 0000000000000032 Showing all locks held in the system: 1 lock held by khungtaskd/1570: #0: 00000000e8312102 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 3 locks held by kworker/1:2/3473: #0: 000000009127c64e ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000ef0ab28c (deferred_process_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000534ae3b4 (rtnl_mutex){+.+.}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 1 lock held by in:imklog/7811: #0: 0000000019e777e8 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 2 locks held by kworker/u4:5/8877: 3 locks held by kworker/1:3/9349: #0: 000000009127c64e ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000ab8e943d ((linkwatch_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000534ae3b4 (rtnl_mutex){+.+.}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:236 2 locks held by kworker/1:4/9350: 1 lock held by syz-executor.0/10423: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10424: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10434: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10440: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d316a661 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d316a661 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d316a661 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d316a661 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002f17abac (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002f17abac (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002f17abac (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002f17abac (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10444: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003dee28fa (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003dee28fa (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003dee28fa (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003dee28fa (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b4c3698a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b4c3698a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b4c3698a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b4c3698a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10445: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000087c70390 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000087c70390 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000087c70390 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000087c70390 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d2e14e32 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d2e14e32 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d2e14e32 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d2e14e32 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10450: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000048b6fbe0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000048b6fbe0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000048b6fbe0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000048b6fbe0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fe495c0a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fe495c0a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fe495c0a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fe495c0a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10451: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10454: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001aa57651 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001aa57651 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001aa57651 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001aa57651 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c8e143cd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c8e143cd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c8e143cd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c8e143cd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10455: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000099c8283c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000099c8283c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000099c8283c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000099c8283c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b16c2731 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b16c2731 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b16c2731 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b16c2731 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10456: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000aad6a8d3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000aad6a8d3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000aad6a8d3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000aad6a8d3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000045eb39e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000045eb39e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000045eb39e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000045eb39e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10458: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10459: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.5/10464: #0: 00000000534ae3b4 (rtnl_mutex){+.+.}, at: tun_detach drivers/net/tun.c:759 [inline] #0: 00000000534ae3b4 (rtnl_mutex){+.+.}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3323 1 lock held by syz-executor.5/10498: 1 lock held by syz-executor.0/10467: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10469: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008bf79eee (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008bf79eee (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008bf79eee (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008bf79eee (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000872bccf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000872bccf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000872bccf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000872bccf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10470: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000493ef65f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000493ef65f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000493ef65f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000493ef65f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000000181da9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000000181da9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000000181da9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000000181da9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10473: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b3a3dc0d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b3a3dc0d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b3a3dc0d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b3a3dc0d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002f1420fe (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002f1420fe (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002f1420fe (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002f1420fe (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10474: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001d161c38 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001d161c38 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001d161c38 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001d161c38 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002f53118a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002f53118a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002f53118a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002f53118a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10475: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008e793201 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008e793201 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008e793201 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008e793201 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005b8a0995 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005b8a0995 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005b8a0995 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005b8a0995 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10476: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f97cf93c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f97cf93c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f97cf93c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f97cf93c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007eacef16 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007eacef16 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007eacef16 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007eacef16 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10477: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10478: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10480: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000004919f1a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000004919f1a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000004919f1a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000004919f1a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cbc8fc61 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cbc8fc61 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cbc8fc61 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cbc8fc61 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10481: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000e35cb14 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000e35cb14 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000e35cb14 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000e35cb14 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000633a2b65 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000633a2b65 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000633a2b65 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000633a2b65 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000025ce3312 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000025ce3312 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10482: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008fab518e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008fab518e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008fab518e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008fab518e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000161a3b0b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000161a3b0b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000161a3b0b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000161a3b0b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10483: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10484: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000003d9ca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000003d9ca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000003d9ca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000003d9ca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000358b2f91 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000358b2f91 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000358b2f91 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000358b2f91 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10485: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10488: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ce5a0c7f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ce5a0c7f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ce5a0c7f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ce5a0c7f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ec34806d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ec34806d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ec34806d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ec34806d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10489: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002e7ca191 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002e7ca191 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002e7ca191 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002e7ca191 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007cb3e7c8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007cb3e7c8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007cb3e7c8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007cb3e7c8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10490: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ae9778e7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ae9778e7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ae9778e7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ae9778e7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b1789e82 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b1789e82 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b1789e82 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b1789e82 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10492: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000037d24459 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000037d24459 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000037d24459 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000037d24459 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000affd4ac2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000affd4ac2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000affd4ac2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000affd4ac2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10494: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10495: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000015690d2e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000015690d2e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000015690d2e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000015690d2e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d900fdb8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d900fdb8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d900fdb8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d900fdb8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10499: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10500: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000018b726c8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000018b726c8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000018b726c8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000018b726c8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fa24910b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fa24910b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fa24910b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fa24910b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10501: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000616a2a3a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000616a2a3a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000616a2a3a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000616a2a3a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d97be1a9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d97be1a9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d97be1a9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d97be1a9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10502: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000868cb661 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000868cb661 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000868cb661 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000868cb661 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005236aa29 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005236aa29 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005236aa29 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005236aa29 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10503: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c822c39d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c822c39d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c822c39d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c822c39d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000048cfdcce (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000048cfdcce (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000048cfdcce (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000048cfdcce (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10504: 1 lock held by syz-executor.0/10505: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10506: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a3ff9358 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a3ff9358 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a3ff9358 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a3ff9358 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008a06027a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008a06027a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008a06027a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008a06027a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10507: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10510: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10511: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f9e45dbb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f9e45dbb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f9e45dbb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f9e45dbb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007a81ce26 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007a81ce26 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007a81ce26 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007a81ce26 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10512: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10513: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10514: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000088ab510a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000088ab510a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000088ab510a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000088ab510a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000043e1e01f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000043e1e01f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000043e1e01f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000043e1e01f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10518: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000800d4929 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000800d4929 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000800d4929 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000800d4929 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000413b4af7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000413b4af7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000413b4af7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000413b4af7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10519: #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000001a9483e6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10520: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e3ab8cfb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e3ab8cfb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e3ab8cfb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e3ab8cfb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000848eacc8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000848eacc8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000848eacc8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000848eacc8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10521: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10522: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10523: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10524: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10525: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000059da9717 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000059da9717 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000059da9717 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000059da9717 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c77ca71d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c77ca71d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c77ca71d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c77ca71d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10526: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b48132ba (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b48132ba (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b48132ba (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b48132ba (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000079b8275e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000079b8275e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000079b8275e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000079b8275e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10527: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000071193fcf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000071193fcf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000071193fcf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000071193fcf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f6b6c315 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f6b6c315 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f6b6c315 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f6b6c315 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10529: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10530: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ced63c45 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ced63c45 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ced63c45 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ced63c45 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a7700e6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a7700e6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a7700e6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a7700e6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10531: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000265a01d4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000265a01d4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000265a01d4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000265a01d4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ef252a3f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ef252a3f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ef252a3f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ef252a3f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10532: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a0213184 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a0213184 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a0213184 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a0213184 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc2541e6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc2541e6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc2541e6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc2541e6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10533: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10534: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000688ecf59 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000688ecf59 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000688ecf59 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000688ecf59 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d377b791 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d377b791 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d377b791 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d377b791 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10535: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c773e24d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c773e24d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c773e24d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c773e24d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e129fd6f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e129fd6f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e129fd6f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e129fd6f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10536: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005083348d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005083348d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005083348d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005083348d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003de38dda (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003de38dda (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003de38dda (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003de38dda (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10537: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000173f78c8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000173f78c8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000173f78c8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000173f78c8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b3bcd1c5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b3bcd1c5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b3bcd1c5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b3bcd1c5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10538: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006ff99b03 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006ff99b03 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006ff99b03 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006ff99b03 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008586359f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008586359f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008586359f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008586359f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10539: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e5c6a7d3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e5c6a7d3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e5c6a7d3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e5c6a7d3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e6a504b9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e6a504b9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e6a504b9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e6a504b9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10540: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fd02f3c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fd02f3c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fd02f3c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fd02f3c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a97fd1c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a97fd1c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a97fd1c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a97fd1c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10541: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c4e8d313 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c4e8d313 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c4e8d313 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c4e8d313 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000eba46dc8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000eba46dc8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000eba46dc8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000eba46dc8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10542: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000008d7afb7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000008d7afb7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000008d7afb7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000008d7afb7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000042fa1898 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000042fa1898 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000042fa1898 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000042fa1898 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10543: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10544: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000008d8551e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000008d8551e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000008d8551e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000008d8551e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009b85ee30 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009b85ee30 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009b85ee30 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009b85ee30 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10545: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10546: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10547: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c47bea13 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c47bea13 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c47bea13 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c47bea13 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc04a878 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc04a878 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc04a878 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc04a878 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10548: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cc9d2f6c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cc9d2f6c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cc9d2f6c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cc9d2f6c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000b84cc63 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000b84cc63 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000b84cc63 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000b84cc63 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10550: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005b0fcf59 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005b0fcf59 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005b0fcf59 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005b0fcf59 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009322db1d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009322db1d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009322db1d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009322db1d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10551: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dd9d06f0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dd9d06f0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dd9d06f0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dd9d06f0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000edfaeeb5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000edfaeeb5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000edfaeeb5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000edfaeeb5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10552: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e7265784 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e7265784 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e7265784 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e7265784 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003788c54e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003788c54e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003788c54e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003788c54e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10553: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000073f9e652 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000073f9e652 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000073f9e652 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000073f9e652 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004017e1e2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004017e1e2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004017e1e2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004017e1e2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10554: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ce22154f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ce22154f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ce22154f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ce22154f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000295248c4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000295248c4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000295248c4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000295248c4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10555: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d81c14a0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d81c14a0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d81c14a0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d81c14a0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d9a877bc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d9a877bc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d9a877bc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d9a877bc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10556: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003765ab2d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003765ab2d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003765ab2d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003765ab2d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b8b69b1b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b8b69b1b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b8b69b1b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b8b69b1b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10563: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10564: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000090352b23 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000090352b23 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000090352b23 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000090352b23 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f8f74323 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f8f74323 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f8f74323 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f8f74323 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10565: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000054c19bb0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000054c19bb0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000054c19bb0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000054c19bb0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002cff1518 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002cff1518 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002cff1518 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002cff1518 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10566: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10567: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10568: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008317e853 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008317e853 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008317e853 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008317e853 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000081fe3f52 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000081fe3f52 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000081fe3f52 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000081fe3f52 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10570: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10571: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a9ada9b0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a9ada9b0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a9ada9b0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a9ada9b0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000012c2e17d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000012c2e17d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000012c2e17d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000012c2e17d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10572: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10573: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10574: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10575: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000060fdd244 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000060fdd244 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000060fdd244 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000060fdd244 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000af75cf75 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000af75cf75 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000af75cf75 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000af75cf75 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10576: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10577: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10578: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10579: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d7f86296 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d7f86296 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d7f86296 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d7f86296 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e6a597dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e6a597dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e6a597dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e6a597dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10580: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003f480475 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003f480475 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003f480475 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003f480475 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003a8e4480 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003a8e4480 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003a8e4480 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003a8e4480 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10581: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10582: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000003ab358e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000003ab358e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000003ab358e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000003ab358e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005304c94a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005304c94a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005304c94a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005304c94a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10583: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10584: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10585: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000004d894d9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000004d894d9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000004d894d9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000004d894d9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000033db128a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000033db128a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000033db128a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000033db128a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10586: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10587: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10588: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10589: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007b96a362 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007b96a362 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007b96a362 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007b96a362 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000251b2c70 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000251b2c70 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000251b2c70 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000251b2c70 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10590: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10591: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10592: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10593: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008d711938 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008d711938 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008d711938 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008d711938 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006822eec3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006822eec3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006822eec3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006822eec3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10594: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f1a62cb2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f1a62cb2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f1a62cb2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f1a62cb2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000014a9eca8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000014a9eca8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000014a9eca8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000014a9eca8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10595: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10596: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10597: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007b09887c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007b09887c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007b09887c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007b09887c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000087bbfaa7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000087bbfaa7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000087bbfaa7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000087bbfaa7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10598: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10599: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007fd7d5af (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007fd7d5af (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007fd7d5af (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007fd7d5af (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007441844c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007441844c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007441844c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007441844c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10600: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009eef5c31 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009eef5c31 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009eef5c31 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009eef5c31 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cd90dffb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cd90dffb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cd90dffb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cd90dffb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10601: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000053c1acdf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000053c1acdf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000053c1acdf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000053c1acdf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005ab99be3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005ab99be3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005ab99be3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005ab99be3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10602: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10603: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10604: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000019aa93b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000019aa93b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000019aa93b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000019aa93b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002f828cc7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002f828cc7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002f828cc7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002f828cc7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10605: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10606: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10607: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000df10aa4a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000df10aa4a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000df10aa4a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000df10aa4a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000215efc7e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000215efc7e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000215efc7e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000215efc7e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10608: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10609: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10610: #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000010b10072 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10611: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10612: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10613: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10614: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004303d509 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004303d509 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004303d509 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004303d509 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a07bfd19 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a07bfd19 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a07bfd19 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a07bfd19 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/10615: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000c87f91e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000c87f91e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000c87f91e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000c87f91e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007d93d917 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007d93d917 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007d93d917 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007d93d917 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10616: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10617: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c079e646 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c079e646 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c079e646 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c079e646 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b8b96579 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b8b96579 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b8b96579 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b8b96579 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10618: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10619: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/10620: #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000006b04a15e (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004a883268 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004a883268 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004a883268 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004a883268 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000080257f1e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000080257f1e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000080257f1e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000080257f1e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000010b10072 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/10621: #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000020cffbc8 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/10622: