RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000001ca3 RBP: 000000c42dbd3628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000 R13: 000000c42dbd3750 R14: 000000c42dbd3750 R15: 0000000000000000 INFO: task syz-executor.4:28996 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28928 28996 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f5f6cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078 RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c R13: 00007ffe94e9a1bf R14: 00007fda7f5f79c0 R15: 000000000075c07c INFO: task syz-executor.4:30127 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28928 30127 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f617cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffe94e9a1bf R14: 00007fda7f6189c0 R15: 000000000075bfd4 INFO: task syz-executor.4:30391 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28928 30391 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f617cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffe94e9a1bf R14: 00007fda7f6189c0 R15: 000000000075bfd4 INFO: task syz-executor.4:9633 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28792 9633 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f5d5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075c120 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c120 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c124 R13: 00007ffe94e9a1bf R14: 00007fda7f5d69c0 R15: 000000000075c124 INFO: task syz-executor.4:9831 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28720 9831 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f5d5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075c120 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c120 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c124 R13: 00007ffe94e9a1bf R14: 00007fda7f5d69c0 R15: 000000000075c124 INFO: task syz-executor.4:10092 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28792 10092 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f5d5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075c120 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c120 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c124 R13: 00007ffe94e9a1bf R14: 00007fda7f5d69c0 R15: 000000000075c124 INFO: task syz-executor.4:10510 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28792 10510 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f5d5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075c120 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c120 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c124 R13: 00007ffe94e9a1bf R14: 00007fda7f5d69c0 R15: 000000000075c124 INFO: task syz-executor.4:11287 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29016 11287 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f617cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffe94e9a1bf R14: 00007fda7f6189c0 R15: 000000000075bfd4 INFO: task syz-executor.4:11391 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29016 11391 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f617cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffe94e9a1bf R14: 00007fda7f6189c0 R15: 000000000075bfd4 INFO: task syz-executor.4:11898 blocked for more than 140 seconds. Not tainted 4.14.170-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29016 11898 7338 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x5ce/0xb50 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 lock_anon_vma_root mm/rmap.c:238 [inline] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 free_pgtables+0x183/0x2b0 mm/memory.c:643 exit_mmap+0x294/0x4e0 mm/mmap.c:3057 __mmput kernel/fork.c:930 [inline] mmput+0x114/0x440 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x952/0x2cd0 kernel/exit.c:845 do_group_exit+0x111/0x330 kernel/exit.c:955 get_signal+0x381/0x1cd0 kernel/signal.c:2418 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b399 RSP: 002b:00007fda7f617cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfd0 RCX: 000000000045b399 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffe94e9a1bf R14: 00007fda7f6189c0 R15: 000000000075bfd4 Showing all locks held in the system: 1 lock held by khungtaskd/1057: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4544 2 locks held by getty/7290: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7291: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7292: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7293: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7294: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7295: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 2 locks held by getty/7296: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156 1 lock held by syz-executor.4/28996: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/30127: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/30391: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.2/32427: #0: (&sb->s_type->i_mutex_key#11){+.+.}, at: [] inode_lock include/linux/fs.h:718 [inline] #0: (&sb->s_type->i_mutex_key#11){+.+.}, at: [] __sock_release+0x89/0x2b0 net/socket.c:601 1 lock held by syz-executor.2/32444: #0: (&sb->s_type->i_mutex_key#11){+.+.}, at: [] inode_lock include/linux/fs.h:718 [inline] #0: (&sb->s_type->i_mutex_key#11){+.+.}, at: [] __sock_release+0x89/0x2b0 net/socket.c:601 1 lock held by syz-executor.4/9633: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/9831: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/10092: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/10510: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/11287: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/11391: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/11898: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/11920: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/11994: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12041: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12086: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12123: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12140: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12465: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/12573: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 2 locks held by kworker/0:0/14143: #0: ("events"){+.+.}, at: [] work_static include/linux/workqueue.h:199 [inline] #0: ("events"){+.+.}, at: [] set_work_data kernel/workqueue.c:619 [inline] #0: ("events"){+.+.}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ("events"){+.+.}, at: [] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085 #1: (key_gc_work){+.+.}, at: [] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089 1 lock held by syz-executor.4/22379: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/22399: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24378: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24555: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24809: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24889: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24954: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/24988: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25239: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25402: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25476: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25521: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25746: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25841: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/25971: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26013: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26184: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26269: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26318: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26367: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26405: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26483: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26529: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26572: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26651: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26720: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26756: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/26955: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27039: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27138: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27497: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27553: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27580: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27617: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27766: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27834: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/27934: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/28048: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/28105: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/28737: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/28786: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.4/28840: #0: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #0: (&anon_vma->rwsem){++++}, at: [] unlink_anon_vmas+0x184/0x800 mm/rmap.c:388 1 lock held by syz-executor.2/30698: #0: (&table[i].mutex){+.+.}, at: [] nfnl_lock+0x24/0x30 net/netfilter/nfnetlink.c:61 1 lock held by syz-executor.4/30722: #0: (&table[i].mutex){+.+.}, at: [] nfnl_lock net/netfilter/nfnetlink.c:61 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:303 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:495 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv+0x54e/0x1650 net/netfilter/nfnetlink.c:513 1 lock held by syz-executor.5/30732: #0: (&table[i].mutex){+.+.}, at: [] nfnl_lock net/netfilter/nfnetlink.c:61 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:303 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:495 [inline] #0: (&table[i].mutex){+.+.}, at: [] nfnetlink_rcv+0x54e/0x1650 net/netfilter/nfnetlink.c:513 =============================================