BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 142s! INFO: task syz-executor.0:7001 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D24944 7001 6998 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 SYSC_clone kernel/fork.c:2168 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2162 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45737a RSP: 002b:00007ffec150cf50 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffec150cf50 RCX: 000000000045737a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffec150cf90 R08: 0000000000000001 R09: 0000000000d53940 R10: 0000000000d53c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec150cfe0 INFO: task syz-executor.5:7005 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D25232 7005 7000 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 SYSC_clone kernel/fork.c:2168 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2162 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45737a RSP: 002b:00007ffccc3e9b10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffccc3e9b10 RCX: 000000000045737a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffccc3e9b50 R08: 0000000000000001 R09: 00000000016f5940 R10: 00000000016f5c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffccc3e9ba0 INFO: task syz-executor.1:7006 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D24992 7006 6999 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 SYSC_clone kernel/fork.c:2168 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2162 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45737a RSP: 002b:00007ffc1cfca180 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffc1cfca180 RCX: 000000000045737a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffc1cfca1c0 R08: 0000000000000001 R09: 00000000028f8940 R10: 00000000028f8c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc1cfca210 INFO: task syz-executor.2:7007 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D24992 7007 7002 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 SYSC_clone kernel/fork.c:2168 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2162 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45737a RSP: 002b:00007ffed031c600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffed031c600 RCX: 000000000045737a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffed031c640 R08: 0000000000000001 R09: 00000000024a9940 R10: 00000000024a9c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffed031c690 INFO: task syz-executor.1:8138 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D27520 8138 7006 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 wb_wait_for_completion fs/fs-writeback.c:221 [inline] wb_wait_for_completion+0x133/0x190 fs/fs-writeback.c:217 sync_inodes_sb+0x170/0x9b0 fs/fs-writeback.c:2447 sync_inodes_one_sb+0x48/0x60 fs/sync.c:74 iterate_supers+0x133/0x250 fs/super.c:613 sys_sync+0x7a/0x130 fs/sync.c:113 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x200001ca RSP: 002b:00007f9573d27bd8 EFLAGS: 00000a83 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000200001ca RDX: 88b8b086124f4ca8 RSI: 0000000000000000 RDI: 0000000000400300 RBP: 00000000000000eb R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000a83 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff INFO: task syz-executor.2:8324 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28760 8324 8294 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 sys_fork+0x1f/0x30 kernel/fork.c:2128 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x20000911 RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911 RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608 RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff INFO: task syz-executor.2:8344 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29520 8344 8304 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 sys_fork+0x1f/0x30 kernel/fork.c:2128 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x20000911 RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911 RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608 RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff INFO: task syz-executor.2:8350 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29520 8350 8295 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 sys_fork+0x1f/0x30 kernel/fork.c:2128 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x20000911 RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911 RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608 RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff INFO: task syz-executor.2:8352 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29248 8352 8301 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 sys_fork+0x1f/0x30 kernel/fork.c:2128 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x20000911 RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911 RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608 RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff INFO: task syz-executor.2:8355 blocked for more than 140 seconds. Not tainted 4.14.114 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29520 8355 8309 0x00000000 Call Trace: context_switch kernel/sched/core.c:2807 [inline] __schedule+0x7be/0x1cf0 kernel/sched/core.c:3383 schedule+0x92/0x1c0 kernel/sched/core.c:3427 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline] rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x53/0x90 kernel/locking/rwsem.c:56 i_mmap_lock_write include/linux/fs.h:470 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1199 [inline] copy_mm kernel/fork.c:1253 [inline] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 copy_process kernel/fork.c:1570 [inline] _do_fork+0x19e/0xce0 kernel/fork.c:2058 sys_fork+0x1f/0x30 kernel/fork.c:2128 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x20000911 RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911 RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608 RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1008: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4541 5 locks held by kworker/u4:4/2279: #0: ("writeback"){+.+.}, at: [] work_static include/linux/workqueue.h:199 [inline] #0: ("writeback"){+.+.}, at: [] set_work_data kernel/workqueue.c:619 [inline] #0: ("writeback"){+.+.}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ("writeback"){+.+.}, at: [] process_one_work+0x76e/0x1610 kernel/workqueue.c:2085 #1: ((&(&wb->dwork)->work)){+.+.}, at: [] process_one_work+0x7ab/0x1610 kernel/workqueue.c:2089 #2: (&sbi->s_journal_flag_rwsem){.+.+}, at: [] do_writepages+0xd2/0x250 mm/page-writeback.c:2364 #3: (&ei->i_data_sem){++++}, at: [] ext4_map_blocks+0x77b/0x16e0 fs/ext4/inode.c:628 #4: (pcpu_drain_mutex){+.+.}, at: [] drain_all_pages+0x4d/0x570 mm/page_alloc.c:2493 3 locks held by rs:main Q:Reg/6834: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 fs/file.c:769 #1: (sb_writers#4){.+.+}, at: [] file_start_write include/linux/fs.h:2702 [inline] #1: (sb_writers#4){.+.+}, at: [] vfs_write+0x3af/0x500 fs/read_write.c:543 #2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [] inode_trylock include/linux/fs.h:735 [inline] #2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [] ext4_file_write_iter+0x205/0xfd0 fs/ext4/file.c:230 2 locks held by getty/6959: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6960: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6961: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6962: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6963: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6964: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 2 locks held by getty/6965: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156 1 lock held by syz-fuzzer/6996: #0: (sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1462 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1445 1 lock held by syz-executor.0/6998: #0: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #0: (&mapping->i_mmap_rwsem){++++}, at: [] unlink_file_vma+0x76/0xb0 mm/mmap.c:158 4 locks held by syz-executor.0/7001: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 #3: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mmap kernel/fork.c:681 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 1 lock held by syz-executor.2/7002: #0: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #0: (&mapping->i_mmap_rwsem){++++}, at: [] unlink_file_vma+0x76/0xb0 mm/mmap.c:158 1 lock held by syz-executor.3/7003: #0: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #0: (&mapping->i_mmap_rwsem){++++}, at: [] unlink_file_vma+0x76/0xb0 mm/mmap.c:158 4 locks held by syz-executor.5/7005: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 #3: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mmap kernel/fork.c:681 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 4 locks held by syz-executor.1/7006: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 #3: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mmap kernel/fork.c:681 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 4 locks held by syz-executor.2/7007: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 #3: (&mapping->i_mmap_rwsem){++++}, at: [] i_mmap_lock_write include/linux/fs.h:470 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mmap kernel/fork.c:681 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #3: (&mapping->i_mmap_rwsem){++++}, at: [] copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755 1 lock held by udevd/7131: #0: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1354 1 lock held by udevd/7142: #0: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1354 2 locks held by syz-executor.1/8138: #0: (&type->s_umount_key#45){++++}, at: [] iterate_supers+0xe1/0x250 fs/super.c:611 #1: (&bdi->wb_switch_rwsem){+.+.}, at: [] bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:336 [inline] #1: (&bdi->wb_switch_rwsem){+.+.}, at: [] sync_inodes_sb+0x150/0x9b0 fs/fs-writeback.c:2445 3 locks held by syz-executor.2/8281: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8282: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8288: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8289: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8290: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8291: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8292: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8293: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 4 locks held by syz-executor.2/8294: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 #3: (&anon_vma->rwsem){++++}, at: [] lock_anon_vma_root mm/rmap.c:238 [inline] #3: (&anon_vma->rwsem){++++}, at: [] anon_vma_clone+0x143/0x470 mm/rmap.c:278 3 locks held by syz-executor.2/8295: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8296: #0: (&dup_mmap_sem){.+.+}, at: [] dup_mmap kernel/fork.c:606 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] dup_mm kernel/fork.c:1199 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_mm kernel/fork.c:1253 [inline] #0: (&dup_mmap_sem){.+.+}, at: [] copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755 #1: (&mm->mmap_sem){++++}, at: [] dup_mmap kernel/fork.c:607 [inline] #1: (&mm->mmap_sem){++++}, at: [] dup_mm kernel/fork.c:1199 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_mm kernel/fork.c:1253 [inline] #1: (&mm->mmap_sem){++++}, at: [] copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755 #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mmap kernel/fork.c:616 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] dup_mm kernel/fork.c:1199 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_mm kernel/fork.c:1253 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [] copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755 3 locks held by syz-executor.2/8297: