Bluetooth: hci6: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/u4:4:2888 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:4 D25680 2888 2 0x80000000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:795 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/u4:11:11443 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:11 D27104 11443 2 0x80000000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:174 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task syz-executor.1:18595 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28744 18595 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline] _synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 namespace_unlock fs/namespace.c:1363 [inline] drop_collected_mounts+0x178/0x1a0 fs/namespace.c:1808 put_mnt_ns fs/namespace.c:3271 [inline] put_mnt_ns+0x5f/0x80 fs/namespace.c:3267 free_nsproxy+0x41/0x220 kernel/nsproxy.c:176 switch_task_namespaces+0xaa/0xc0 kernel/nsproxy.c:229 do_exit+0xbee/0x2be0 kernel/exit.c:869 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f50b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca8f68 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca8f68 RBP: 00007fa360ca8f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca8f6c R13: 00007fffe7661c5f R14: 00007fa35f50b300 R15: 0000000000022000 INFO: task syz-executor.1:18659 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28744 18659 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline] _synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 namespace_unlock fs/namespace.c:1363 [inline] drop_collected_mounts+0x178/0x1a0 fs/namespace.c:1808 put_mnt_ns fs/namespace.c:3271 [inline] put_mnt_ns+0x5f/0x80 fs/namespace.c:3267 free_nsproxy+0x41/0x220 kernel/nsproxy.c:176 switch_task_namespaces+0xaa/0xc0 kernel/nsproxy.c:229 do_exit+0xbee/0x2be0 kernel/exit.c:869 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f50b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca8f68 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca8f68 RBP: 00007fa360ca8f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca8f6c R13: 00007fffe7661c5f R14: 00007fa35f50b300 R15: 0000000000022000 INFO: task syz-executor.1:18665 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28744 18665 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline] _synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 namespace_unlock fs/namespace.c:1363 [inline] drop_collected_mounts+0x178/0x1a0 fs/namespace.c:1808 put_mnt_ns fs/namespace.c:3271 [inline] put_mnt_ns+0x5f/0x80 fs/namespace.c:3267 free_nsproxy+0x41/0x220 kernel/nsproxy.c:176 switch_task_namespaces+0xaa/0xc0 kernel/nsproxy.c:229 do_exit+0xbee/0x2be0 kernel/exit.c:869 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f50b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca8f68 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca8f68 RBP: 00007fa360ca8f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca8f6c R13: 00007fffe7661c5f R14: 00007fa35f50b300 R15: 0000000000022000 INFO: task syz-executor.1:18821 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29024 18821 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 mmu_notifier_release include/linux/mmu_notifier.h:247 [inline] exit_mmap+0x463/0x530 mm/mmap.c:3047 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f50b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca8f68 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca8f68 RBP: 00007fa360ca8f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca8f6c R13: 00007fffe7661c5f R14: 00007fa35f50b300 R15: 0000000000022000 INFO: task syz-executor.1:18941 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29024 18941 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 mmu_notifier_release include/linux/mmu_notifier.h:247 [inline] exit_mmap+0x463/0x530 mm/mmap.c:3047 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f50b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca8f68 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca8f68 RBP: 00007fa360ca8f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca8f6c R13: 00007fffe7661c5f R14: 00007fa35f50b300 R15: 0000000000022000 INFO: task syz-executor.1:18980 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29024 18980 17228 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 mmu_notifier_release include/linux/mmu_notifier.h:247 [inline] exit_mmap+0x463/0x530 mm/mmap.c:3047 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa360b95eb9 Code: Bad RIP value. RSP: 002b:00007fa35f4c9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa360ca9108 RCX: 00007fa360b95eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa360ca9108 RBP: 00007fa360ca9100 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa360ca910c R13: 00007fffe7661c5f R14: 00007fa35f4c9300 R15: 0000000000022000 Showing all locks held in the system: 4 locks held by kworker/u4:2/64: #0: 000000008cfb6edc ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000055d2c644 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000e8181a32 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 00000000ae550f4a (rtnl_mutex){+.+.}, at: ip_tunnel_delete_nets+0x8e/0x580 net/ipv4/ip_tunnel.c:1083 1 lock held by khungtaskd/1566: #0: 000000002454e661 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 2 locks held by kworker/u4:4/2888: #0: 0000000036c48d3f ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000050bb41f9 ((reaper_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 1 lock held by in:imklog/7817: #0: 000000003c553531 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 3 locks held by kworker/0:4/9355: 3 locks held by kworker/u4:5/9421: 2 locks held by kworker/u4:8/9484: 2 locks held by kworker/u4:11/11443: #0: 0000000036c48d3f ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000d0ada531 (connector_reaper_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 1 lock held by syz-executor.1/18588: #0: 000000003c36c047 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #0: 000000003c36c047 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 1 lock held by syz-executor.1/19181: 1 lock held by syz-executor.0/19231: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19233: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b35b80ad (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b35b80ad (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b35b80ad (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b35b80ad (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000454a5130 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000454a5130 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000454a5130 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000454a5130 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19237: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19238: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000913bc6c0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000913bc6c0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000913bc6c0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000913bc6c0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000e135a29 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000e135a29 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000e135a29 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000e135a29 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19239: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19240: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19243: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19244: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19245: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19246: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19247: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19250: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a5fb208b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a5fb208b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a5fb208b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a5fb208b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000aa2ec731 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000aa2ec731 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000aa2ec731 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000aa2ec731 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19251: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f0231120 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f0231120 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f0231120 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f0231120 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bbd743c7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bbd743c7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bbd743c7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bbd743c7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19253: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000063a151d0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000063a151d0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000063a151d0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000063a151d0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004e333610 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004e333610 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004e333610 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004e333610 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19256: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19257: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000835b0f76 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000835b0f76 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000835b0f76 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000835b0f76 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ba1ea90b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ba1ea90b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ba1ea90b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ba1ea90b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19258: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19259: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009a1520f3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009a1520f3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009a1520f3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009a1520f3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009c8c260a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009c8c260a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009c8c260a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009c8c260a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19260: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19262: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19263: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19264: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005d7c226f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005d7c226f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005d7c226f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005d7c226f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000077f4de5e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000077f4de5e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000077f4de5e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000077f4de5e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19282: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19283: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19284: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ce752fa1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ce752fa1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ce752fa1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ce752fa1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a1d38bc1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a1d38bc1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a1d38bc1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a1d38bc1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19285: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005e2a24b2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005e2a24b2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005e2a24b2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005e2a24b2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000070fb0b25 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000070fb0b25 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000070fb0b25 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000070fb0b25 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19286: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19287: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eb2b215e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eb2b215e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eb2b215e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eb2b215e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d999d15b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d999d15b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d999d15b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d999d15b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19288: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19289: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d05023a7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d05023a7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d05023a7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d05023a7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006333cc50 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006333cc50 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006333cc50 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006333cc50 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19290: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a6359d0f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a6359d0f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a6359d0f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a6359d0f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc94f297 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc94f297 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc94f297 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc94f297 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19291: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19292: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f8203076 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f8203076 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f8203076 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f8203076 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b9a65183 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b9a65183 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b9a65183 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b9a65183 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19293: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19294: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b25e9e9f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b25e9e9f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b25e9e9f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b25e9e9f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000092109d80 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000092109d80 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000092109d80 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000092109d80 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19295: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19296: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19297: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a7486edb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a7486edb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a7486edb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a7486edb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b48dad25 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b48dad25 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b48dad25 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b48dad25 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19298: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19299: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000054a3b69d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000054a3b69d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000054a3b69d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000054a3b69d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000069086f43 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000069086f43 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000069086f43 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000069086f43 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19300: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19301: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19302: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19303: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19304: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19305: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000819516f0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000819516f0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000819516f0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000819516f0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000adb1aade (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000adb1aade (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000adb1aade (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000adb1aade (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19306: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007819b178 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007819b178 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007819b178 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007819b178 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000081000853 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000081000853 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000081000853 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000081000853 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19307: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000036c4e0f4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000036c4e0f4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000036c4e0f4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000036c4e0f4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b3057cd0 (pool_lock){-.-.}, at: alloc_object lib/debugobjects.c:174 [inline] #2: 00000000b3057cd0 (pool_lock){-.-.}, at: __debug_object_init+0x145/0x9b0 lib/debugobjects.c:387 #3: 0000000066ca508b (&mm->context.lock){+.+.}, at: ldt_dup_context+0x38/0x260 arch/x86/kernel/ldt.c:367 1 lock held by syz-executor.0/19309: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19311: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19312: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000047230c8c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000047230c8c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000047230c8c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000047230c8c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000092ddeb10 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000092ddeb10 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000092ddeb10 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000092ddeb10 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19313: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005e717088 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005e717088 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005e717088 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005e717088 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000acf91ad9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000acf91ad9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000acf91ad9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000acf91ad9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19314: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000056b16ba3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000056b16ba3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000056b16ba3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000056b16ba3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dec75e49 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dec75e49 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dec75e49 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dec75e49 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000005309552 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19315: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19316: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19317: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006f038908 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006f038908 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006f038908 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006f038908 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000830e5975 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000830e5975 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000830e5975 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000830e5975 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19318: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19319: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19320: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19322: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19323: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19324: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19325: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19326: #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000005309552 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19327: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19328: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000080d73acb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000080d73acb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000080d73acb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000080d73acb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000047fd7ac1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000047fd7ac1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000047fd7ac1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000047fd7ac1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19329: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000aa087a92 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000aa087a92 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000aa087a92 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000aa087a92 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004f264b5f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004f264b5f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004f264b5f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004f264b5f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19330: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19331: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19333: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e08d72c1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e08d72c1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e08d72c1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e08d72c1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000026e7355c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000026e7355c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000026e7355c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000026e7355c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19335: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19336: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000840106d5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000840106d5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000840106d5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000840106d5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002d563f8f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002d563f8f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002d563f8f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002d563f8f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19337: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19338: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d1a2b08e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d1a2b08e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d1a2b08e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d1a2b08e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005bcdd223 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005bcdd223 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005bcdd223 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005bcdd223 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19339: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19340: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19341: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19342: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ed60c44d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ed60c44d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ed60c44d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ed60c44d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000052a57986 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000052a57986 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000052a57986 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000052a57986 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19343: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19344: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e797098d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e797098d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e797098d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e797098d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f95f3995 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f95f3995 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f95f3995 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f95f3995 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19345: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004456cb1f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004456cb1f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004456cb1f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004456cb1f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000da0f5093 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000da0f5093 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000da0f5093 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000da0f5093 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19346: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ee0c985d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ee0c985d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ee0c985d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ee0c985d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000050ac5cff (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000050ac5cff (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000050ac5cff (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000050ac5cff (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19347: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000331b3561 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000331b3561 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000331b3561 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000331b3561 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e6b302bf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e6b302bf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e6b302bf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e6b302bf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19348: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19350: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19351: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19352: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19353: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004edea85e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004edea85e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004edea85e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004edea85e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000060f99546 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000060f99546 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000060f99546 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000060f99546 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19354: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19355: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002c988231 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002c988231 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002c988231 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002c988231 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005329697b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005329697b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005329697b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005329697b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19356: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000061960e32 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000061960e32 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000061960e32 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000061960e32 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e50bc346 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e50bc346 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e50bc346 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e50bc346 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19357: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000001c5c63c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000001c5c63c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000001c5c63c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000001c5c63c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a288065e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a288065e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a288065e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a288065e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19358: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19359: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000074d1eb06 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000074d1eb06 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000074d1eb06 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000074d1eb06 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000081f74b0b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000081f74b0b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000081f74b0b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000081f74b0b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19362: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000024def2e9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000024def2e9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000024def2e9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000024def2e9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e6864645 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e6864645 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e6864645 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e6864645 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19363: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19364: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a9c7709c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a9c7709c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a9c7709c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a9c7709c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e89dcc4c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e89dcc4c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e89dcc4c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e89dcc4c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19365: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19366: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19367: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008003de8a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008003de8a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008003de8a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008003de8a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d7297daf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d7297daf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d7297daf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d7297daf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19368: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19369: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19370: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000094fb1667 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000094fb1667 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000094fb1667 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000094fb1667 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006179a197 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006179a197 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006179a197 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006179a197 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19371: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19372: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19373: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000185a34cd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000185a34cd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000185a34cd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000185a34cd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000008b62481 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000008b62481 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000008b62481 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000008b62481 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19374: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bf8aae0b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bf8aae0b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bf8aae0b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bf8aae0b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009d2af27e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009d2af27e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009d2af27e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009d2af27e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19375: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006a63953a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006a63953a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006a63953a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006a63953a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000e2abaa2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000e2abaa2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000e2abaa2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000e2abaa2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19376: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001fc81946 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001fc81946 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001fc81946 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001fc81946 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d9f0b1e0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d9f0b1e0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d9f0b1e0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d9f0b1e0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000046482b8a (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19377: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d70407dd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d70407dd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d70407dd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d70407dd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000039f1b6d8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000039f1b6d8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000039f1b6d8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000039f1b6d8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19378: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19379: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fe531d67 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fe531d67 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fe531d67 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fe531d67 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000036c20fb0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000036c20fb0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000036c20fb0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000036c20fb0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c0199911 (&anon_vma->rwsem){++++}, at: is_bpf_text_address+0x0/0x1b0 kernel/bpf/core.c:533 4 locks held by syz-executor.0/19380: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000000af8b08 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000000af8b08 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000000af8b08 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000000af8b08 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ee8894c8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ee8894c8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ee8894c8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ee8894c8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19381: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19382: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19383: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000858a42dc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000858a42dc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000858a42dc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000858a42dc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000076d4f41 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000076d4f41 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000076d4f41 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000076d4f41 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19384: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19385: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19386: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004ac6b696 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004ac6b696 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004ac6b696 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004ac6b696 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000460352bc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000460352bc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000460352bc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000460352bc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19387: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000058867414 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000058867414 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000058867414 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000058867414 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000073883c22 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000073883c22 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000073883c22 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000073883c22 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19388: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000074cdb52c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000074cdb52c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000074cdb52c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000074cdb52c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007acbfce3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007acbfce3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007acbfce3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007acbfce3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19389: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002f27bbc7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002f27bbc7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002f27bbc7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002f27bbc7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002728344b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002728344b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002728344b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002728344b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19390: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002b0187df (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002b0187df (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002b0187df (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002b0187df (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000042f85e1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000042f85e1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000042f85e1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000042f85e1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19391: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19392: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b92244e5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b92244e5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b92244e5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b92244e5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000157eda1c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000157eda1c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000157eda1c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000157eda1c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19393: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000082dddd48 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000082dddd48 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000082dddd48 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000082dddd48 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007d98d277 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007d98d277 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007d98d277 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007d98d277 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19394: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000058ba7743 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000058ba7743 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000058ba7743 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000058ba7743 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000d88075f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000d88075f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000d88075f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000d88075f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19395: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000086c569ea (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000086c569ea (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000086c569ea (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000086c569ea (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008a33c7a4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008a33c7a4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008a33c7a4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008a33c7a4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19396: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000049d0f5b2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000049d0f5b2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000049d0f5b2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000049d0f5b2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f4a10857 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f4a10857 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f4a10857 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f4a10857 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19397: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19398: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000421801b6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000421801b6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000421801b6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000421801b6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025ff1010 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025ff1010 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025ff1010 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025ff1010 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19399: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b2639367 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b2639367 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b2639367 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b2639367 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000008ace083 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000008ace083 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000008ace083 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000008ace083 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19400: #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19401: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f1684ace (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f1684ace (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f1684ace (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f1684ace (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001d3985b1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001d3985b1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001d3985b1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001d3985b1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19402: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19403: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bd3a3ba8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bd3a3ba8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bd3a3ba8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bd3a3ba8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000050f1872a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000050f1872a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000050f1872a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000050f1872a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19404: #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19405: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19406: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a7ad28c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a7ad28c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a7ad28c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a7ad28c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000058dca0f8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000058dca0f8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000058dca0f8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000058dca0f8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19407: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f1a0896e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f1a0896e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f1a0896e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f1a0896e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000196ed3b3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000196ed3b3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000196ed3b3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000196ed3b3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19408: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000db9d6149 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000db9d6149 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000db9d6149 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000db9d6149 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b2de8c39 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b2de8c39 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b2de8c39 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b2de8c39 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000515fe974 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19409: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19410: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19411: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19412: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19413: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dec2ebd7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dec2ebd7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dec2ebd7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dec2ebd7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ebfcb675 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ebfcb675 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ebfcb675 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ebfcb675 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19414: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000812a23d2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000812a23d2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000812a23d2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000812a23d2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007fe91419 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007fe91419 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007fe91419 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007fe91419 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19415: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003de6d9c0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003de6d9c0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003de6d9c0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003de6d9c0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ab39dd32 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ab39dd32 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ab39dd32 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ab39dd32 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19416: #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000515fe974 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19417: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19418: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a5ed3245 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a5ed3245 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a5ed3245 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a5ed3245 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003ca3ad06 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003ca3ad06 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003ca3ad06 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003ca3ad06 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19419: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000847c7c4b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000847c7c4b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000847c7c4b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000847c7c4b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d55f7c44 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d55f7c44 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d55f7c44 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d55f7c44 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19420: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a698cfe9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a698cfe9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a698cfe9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a698cfe9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000db2fed84 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000db2fed84 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000db2fed84 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000db2fed84 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19421: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19422: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002caa610b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002caa610b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002caa610b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002caa610b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca55a09a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca55a09a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca55a09a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca55a09a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19424: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000671451c4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000671451c4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000671451c4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000671451c4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c4e6c6f3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c4e6c6f3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c4e6c6f3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c4e6c6f3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000068988c17 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19425: #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000068988c17 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19426: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000039acfa35 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000039acfa35 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000039acfa35 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000039acfa35 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c700ac34 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c700ac34 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c700ac34 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c700ac34 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19427: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19428: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19429: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002d115144 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002d115144 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002d115144 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002d115144 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003931db6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003931db6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003931db6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003931db6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19430: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004380742e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004380742e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004380742e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004380742e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007c52f276 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007c52f276 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007c52f276 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007c52f276 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19431: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f95093a8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f95093a8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f95093a8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f95093a8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000577f19f2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000577f19f2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000577f19f2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000577f19f2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19432: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19433: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a898c58a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a898c58a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a898c58a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a898c58a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fb5067aa (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fb5067aa (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fb5067aa (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fb5067aa (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19434: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19435: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19436: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000021412bdc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000021412bdc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000021412bdc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000021412bdc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a78a986 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a78a986 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a78a986 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a78a986 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19437: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000747f05c2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000747f05c2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000747f05c2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000747f05c2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000069957184 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000069957184 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000069957184 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000069957184 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 3 locks held by syz-executor.0/19438: 4 locks held by syz-executor.0/19440: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000684d9e18 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000684d9e18 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000684d9e18 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000684d9e18 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003d34f7ec (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003d34f7ec (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003d34f7ec (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003d34f7ec (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19444: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19445: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000036851f22 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000036851f22 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000036851f22 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000036851f22 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c6f58afb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c6f58afb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c6f58afb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c6f58afb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/19446: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bf771e5d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bf771e5d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bf771e5d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bf771e5d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004e9874f4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004e9874f4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004e9874f4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004e9874f4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19447: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19448: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19449: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008fe4d85a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008fe4d85a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008fe4d85a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008fe4d85a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007d41433a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007d41433a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007d41433a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007d41433a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19450: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005cfbd028 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005cfbd028 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005cfbd028 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005cfbd028 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000877d081e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000877d081e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000877d081e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000877d081e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19451: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002fc675d8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002fc675d8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002fc675d8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002fc675d8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a3876a0d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a3876a0d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a3876a0d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a3876a0d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19452: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000064e3cd63 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000064e3cd63 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000064e3cd63 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000064e3cd63 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ddf1a5e2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ddf1a5e2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ddf1a5e2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ddf1a5e2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19453: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19454: #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000002bb59ea3 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19455: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19456: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000024343a42 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000024343a42 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000024343a42 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000024343a42 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000330affcf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000330affcf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000330affcf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000330affcf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19457: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009e470f0c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009e470f0c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009e470f0c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009e470f0c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008317967d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008317967d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008317967d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008317967d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19458: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19459: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19460: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000042b27725 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000042b27725 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000042b27725 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000042b27725 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c9a0d397 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c9a0d397 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c9a0d397 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c9a0d397 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19461: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000021c2587e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000021c2587e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000021c2587e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000021c2587e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000021bce417 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000021bce417 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000021bce417 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000021bce417 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19462: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005dad8fba (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005dad8fba (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005dad8fba (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005dad8fba (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000824682fa (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000824682fa (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000824682fa (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000824682fa (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19463: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000072056ba3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000072056ba3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000072056ba3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000072056ba3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000090c48cc0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000090c48cc0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000090c48cc0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000090c48cc0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19464: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000842b4d78 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000842b4d78 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000842b4d78 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000842b4d78 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007c9329c1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007c9329c1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007c9329c1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007c9329c1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19465: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000036b5ab69 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000036b5ab69 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000036b5ab69 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000036b5ab69 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004c096b5f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004c096b5f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004c096b5f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004c096b5f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19466: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ef5e3775 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ef5e3775 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ef5e3775 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ef5e3775 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fa7a7d44 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fa7a7d44 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fa7a7d44 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fa7a7d44 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19467: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a2c893cb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a2c893cb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a2c893cb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a2c893cb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025bc4b19 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025bc4b19 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025bc4b19 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025bc4b19 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19468: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007348d004 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007348d004 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007348d004 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007348d004 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f3e87a6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f3e87a6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f3e87a6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f3e87a6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19469: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19470: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fa681841 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fa681841 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fa681841 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fa681841 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d335936f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d335936f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d335936f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d335936f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19471: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007f0130ea (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007f0130ea (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007f0130ea (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007f0130ea (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000089b7a313 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000089b7a313 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000089b7a313 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000089b7a313 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19472: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001168966f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001168966f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001168966f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001168966f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000013b9a6ca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000013b9a6ca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000013b9a6ca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000013b9a6ca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19473: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b94ca987 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b94ca987 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b94ca987 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b94ca987 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a7da75ad (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a7da75ad (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a7da75ad (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a7da75ad (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19474: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000028684a70 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000028684a70 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000028684a70 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000028684a70 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000877d53a9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000877d53a9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000877d53a9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000877d53a9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19475: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19476: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bb3e9040 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bb3e9040 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bb3e9040 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bb3e9040 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000855d9f95 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000855d9f95 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000855d9f95 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000855d9f95 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19477: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000067e40502 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000067e40502 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000067e40502 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000067e40502 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002a5dee77 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002a5dee77 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002a5dee77 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002a5dee77 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19479: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002c6169f8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002c6169f8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002c6169f8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002c6169f8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008af6a205 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008af6a205 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008af6a205 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008af6a205 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19480: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000053061c40 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000053061c40 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000053061c40 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000053061c40 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a3e5df80 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a3e5df80 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a3e5df80 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a3e5df80 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19481: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001d21fde7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001d21fde7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001d21fde7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001d21fde7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008a4f9891 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008a4f9891 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008a4f9891 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008a4f9891 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19482: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a2bf43b0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a2bf43b0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a2bf43b0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a2bf43b0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000009c3b06 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000009c3b06 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000009c3b06 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000009c3b06 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19485: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19486: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000081318322 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000081318322 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000081318322 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000081318322 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003f02f601 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003f02f601 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003f02f601 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003f02f601 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19487: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000207e46a8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000207e46a8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000207e46a8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000207e46a8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008f3af202 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008f3af202 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008f3af202 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008f3af202 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19488: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002f7a484d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002f7a484d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002f7a484d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002f7a484d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bf574087 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bf574087 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bf574087 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bf574087 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19489: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a0b674dd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a0b674dd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a0b674dd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a0b674dd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc04e158 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc04e158 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc04e158 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc04e158 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19490: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000443efe7c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000443efe7c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000443efe7c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000443efe7c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f606424f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f606424f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f606424f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f606424f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19491: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000645e54ed (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000645e54ed (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000645e54ed (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000645e54ed (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a67a5b64 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a67a5b64 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a67a5b64 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a67a5b64 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19492: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19493: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008d17c0aa (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008d17c0aa (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008d17c0aa (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008d17c0aa (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000266c58ea (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000266c58ea (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000266c58ea (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000266c58ea (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19494: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001d06c762 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001d06c762 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001d06c762 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001d06c762 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b5718a7a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b5718a7a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b5718a7a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b5718a7a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19495: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19496: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005985a0af (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005985a0af (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005985a0af (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005985a0af (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000be88cdcb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000be88cdcb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000be88cdcb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000be88cdcb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19497: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19498: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000074f55bc9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000074f55bc9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000074f55bc9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000074f55bc9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000044fd0a14 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000044fd0a14 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000044fd0a14 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000044fd0a14 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19499: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19500: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000da40a531 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000da40a531 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000da40a531 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000da40a531 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003be00861 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003be00861 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003be00861 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003be00861 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19501: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f82834e6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f82834e6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f82834e6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f82834e6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000046bcda63 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000046bcda63 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000046bcda63 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000046bcda63 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19502: #0: 00000000ad21a4d0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000ad21a4d0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19503: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19504: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ab25d8dc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ab25d8dc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ab25d8dc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ab25d8dc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000098d463be (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000098d463be (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000098d463be (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000098d463be (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19505: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19506: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19507: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19508: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008c55d146 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008c55d146 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008c55d146 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008c55d146 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dc046a38 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dc046a38 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dc046a38 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dc046a38 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19509: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007bbe252b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007bbe252b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007bbe252b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007bbe252b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f4da760e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f4da760e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f4da760e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f4da760e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19510: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000084b61f07 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000084b61f07 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000084b61f07 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000084b61f07 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007e43ed23 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007e43ed23 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007e43ed23 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007e43ed23 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19511: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000217a472d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000217a472d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000217a472d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000217a472d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000007b81bfd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000007b81bfd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000007b81bfd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000007b81bfd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19512: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004d0b5a14 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004d0b5a14 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004d0b5a14 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004d0b5a14 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006f2be9b5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006f2be9b5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006f2be9b5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006f2be9b5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19514: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eabcb230 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eabcb230 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eabcb230 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eabcb230 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f1bc427b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f1bc427b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f1bc427b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f1bc427b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19515: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19516: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007bfceae9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007bfceae9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007bfceae9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007bfceae9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000b774bca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000b774bca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000b774bca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000b774bca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19517: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ad80785a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ad80785a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ad80785a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ad80785a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000695e3afc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000695e3afc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000695e3afc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000695e3afc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19518: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19519: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c816850b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c816850b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c816850b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c816850b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b582e0f9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b582e0f9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b582e0f9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b582e0f9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19520: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ee3ecbb4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ee3ecbb4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ee3ecbb4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ee3ecbb4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000126b45ad (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000126b45ad (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000126b45ad (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000126b45ad (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19521: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d3ecd088 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d3ecd088 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d3ecd088 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d3ecd088 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000033e653ad (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000033e653ad (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000033e653ad (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000033e653ad (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19522: #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000046482b8a (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/19523: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19524: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19525: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000af557a7c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000af557a7c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000af557a7c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000af557a7c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b7aa1276 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b7aa1276 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b7aa1276 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b7aa1276 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19527: #0: 00000000ad21a4d0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000ad21a4d0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/19528: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000048327829 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000048327829 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000048327829 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000048327829 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000049fabb8e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000049fabb8e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000049fabb8e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000049fabb8e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19529: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005236f528 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005236f528 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005236f528 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005236f528 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003d399401 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003d399401 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003d399401 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003d399401 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19530: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19531: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003e9c95bd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003e9c95bd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003e9c95bd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003e9c95bd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000039ffac91 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000039ffac91 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000039ffac91 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000039ffac91 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 1 lock held by syz-executor.0/19533: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19534: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cdeb52ec (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cdeb52ec (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cdeb52ec (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cdeb52ec (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a41a9968 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a41a9968 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a41a9968 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a41a9968 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mmap kernel/fork.c:516 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #3: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: copy_process.part.0+0x30c4/0x8260 kernel/fork.c:1913 4 locks held by syz-executor.0/19535: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b4bc0c71 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b4bc0c71 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b4bc0c71 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b4bc0c71 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cef5eeb2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cef5eeb2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cef5eeb2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cef5eeb2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000e63b13f0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000e63b13f0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/19536: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 1 lock held by syz-executor.0/19537: #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: i_mmap_lock_write include/linux/fs.h:491 [inline] #0: 000000003c973f39 (&mapping->i_mmap_rwsem){++++}, at: unlink_file_vma+0x71/0xb0 mm/mmap.c:161 4 locks held by syz-executor.0/19538: #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 0000000051375bf3 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000662d6373 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000662d6373 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000662d6373 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000662d6373 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d05b0af6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d05b0af6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d05b0af6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d05b0af6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913