vhci_hcd: disconnect device vhci_hcd: connection reset by peer vhci_hcd: stop threads vhci_hcd: connection reset by peer vhci_hcd: release socket INFO: task kworker/1:2:3054 blocked for more than 140 seconds. vhci_hcd: unlink cleanup rx 1 Not tainted 4.14.258-syzkaller #0 vhci_hcd: connection reset by peer "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. vhci_hcd: disconnect device kworker/1:2 D26760 3054 2 0x80000000 Workqueue: usb_hub_wq hub_event usb 19-1: enqueue for inactive port 0 vhci_hcd: vhci_device speed not set vhci_hcd: stop threads Call Trace: vhci_hcd: release socket vhci_hcd: unlink cleanup rx 1 context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 vhci_hcd: disconnect device vhci_hcd: stop threads vhci_hcd: release socket vhci_hcd: unlink cleanup rx 1 vhci_hcd: disconnect device schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 hub_port_connect drivers/usb/core/hub.c:4921 [inline] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] port_event drivers/usb/core/hub.c:5250 [inline] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 usb 15-1: enqueue for inactive port 0 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 vhci_hcd: vhci_device speed not set ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Showing all locks held in the system: 5 locks held by kworker/0:0/3: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 5 locks held by kworker/0:1/24: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 1 lock held by khungtaskd/1533: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 5 locks held by kworker/1:2/3054: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 6 locks held by kworker/0:2/3625: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 #5: (ehci_cf_port_reset_rwsem){.+.+}, at: [] hub_port_reset+0x159/0x1410 drivers/usb/core/hub.c:2809 3 locks held by kworker/0:3/8620: #0: ("%s"("ipv6_addrconf")){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((addr_chk_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (rtnl_mutex){+.+.}, at: [] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4416 5 locks held by kworker/0:4/9235: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 1 lock held by syz-executor.1/13452: #0: (rtnl_mutex){+.+.}, at: [] tun_detach drivers/net/tun.c:593 [inline] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732 1 lock held by syz-executor.3/27278: #0: (rtnl_mutex){+.+.}, at: [] tun_detach drivers/net/tun.c:593 [inline] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732 1 lock held by syz-executor.5/2127: #0: (rtnl_mutex){+.+.}, at: [] tun_detach drivers/net/tun.c:593 [inline] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732 3 locks held by kworker/1:6/11695: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((linkwatch_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (rtnl_mutex){+.+.}, at: [] linkwatch_event+0xa/0x50 net/core/link_watch.c:236 5 locks held by kworker/0:5/25653: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1082 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2936 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4920 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4921 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] port_event drivers/usb/core/hub.c:5250 [inline] #4: (hcd->address0_mutex){+.+.}, at: [] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330 1 lock held by syz-executor.4/1066: #0: (rtnl_mutex){+.+.}, at: [] tun_detach drivers/net/tun.c:593 [inline] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732 4 locks held by syz-executor.0/5975: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/5977: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/5978: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/5979: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/5981: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/5982: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/5983: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/5984: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/5987: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/5989: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/5990: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/5991: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/5992: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/5993: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/5994: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/5995: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/5996: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/5998: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/5999: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6000: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/6002: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6003: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/6005: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6006: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/6007: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6008: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6009: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6010: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6011: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6012: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/6013: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6014: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/6015: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6016: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6017: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 4 locks held by syz-executor.0/6018: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 4 locks held by syz-executor.0/6019: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:601 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1200 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1255 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:602 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1200 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1255 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:611 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1200 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1255 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278 1 lock held by syz-executor.0/6020: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/6021: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388 1 lock held by syz-executor.0/6023: #0: (&anon_vma->rwsem){++++}, at: [