audit: type=1800 audit(1641878359.643:20736): pid=16432 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14085 res=0 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/u4:6:16448 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:6 D27080 16448 2 0x80000000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:174 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 process_scheduled_works kernel/workqueue.c:2212 [inline] worker_thread+0x82b/0x1130 kernel/workqueue.c:2298 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: 1 lock held by khungtaskd/1570: #0: 000000006349f2af (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by khugepaged/1577: 1 lock held by in:imklog/7765: 4 locks held by kworker/u4:12/24073: #0: 00000000547f0d3e ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000007cf2f9e1 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000003eb3a9ab (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 000000002d5549b9 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline] #3: 000000002d5549b9 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x4dc/0x6f0 kernel/rcu/tree_exp.h:667 2 locks held by kworker/u4:4/26802: #0: 000000002b8b3ab5 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000004449daf3 ((reaper_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 2 locks held by kworker/1:27/13198: 2 locks held by kworker/u4:6/16448: #0: 000000002b8b3ab5 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000049012bb1 (connector_reaper_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 4 locks held by syz-executor.0/16467: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005d1c3547 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005d1c3547 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005d1c3547 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005d1c3547 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000048ca953a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000048ca953a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000048ca953a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000048ca953a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16472: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16473: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16476: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16477: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16480: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16522: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16523: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16524: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16525: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001b2d71e8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001b2d71e8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001b2d71e8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001b2d71e8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006209b3e8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006209b3e8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006209b3e8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006209b3e8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16526: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000054eac233 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000054eac233 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000054eac233 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000054eac233 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008dc668ff (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008dc668ff (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008dc668ff (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008dc668ff (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16527: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16528: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16529: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c98b21fe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c98b21fe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c98b21fe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c98b21fe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000024ba11ff (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000024ba11ff (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000024ba11ff (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000024ba11ff (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16530: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16531: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007174c77f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007174c77f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007174c77f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007174c77f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ae5b31e9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ae5b31e9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ae5b31e9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ae5b31e9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16532: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16533: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16534: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16535: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007630e975 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007630e975 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007630e975 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007630e975 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b62b9bef (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b62b9bef (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b62b9bef (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b62b9bef (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16536: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16537: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007e9ddff9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007e9ddff9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007e9ddff9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007e9ddff9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cd202d96 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cd202d96 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cd202d96 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cd202d96 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16538: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16539: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16540: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16541: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16542: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16543: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16544: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16549: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16550: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16553: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16552: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000065b1a273 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000065b1a273 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000065b1a273 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000065b1a273 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bcf3d7f6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bcf3d7f6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bcf3d7f6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bcf3d7f6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16554: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16556: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16557: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16558: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16555: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000176435d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000176435d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000176435d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000176435d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000021e09cdf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000021e09cdf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000021e09cdf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000021e09cdf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16559: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16560: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16561: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16562: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16567: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16569: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16570: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16571: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16578: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16579: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16581: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16582: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c8e4d475 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c8e4d475 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c8e4d475 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c8e4d475 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a3862368 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a3862368 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a3862368 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a3862368 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16583: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16584: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16585: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16586: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16587: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c481a3bc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c481a3bc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c481a3bc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c481a3bc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000526cddb8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000526cddb8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000526cddb8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000526cddb8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16588: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16589: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16590: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16591: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16592: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009bbccfa0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009bbccfa0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009bbccfa0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009bbccfa0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dde29a4b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dde29a4b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dde29a4b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dde29a4b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16593: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16594: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16597: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16599: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16598: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16600: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16601: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16602: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16604: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16605: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16606: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16607: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cfc40473 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cfc40473 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cfc40473 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cfc40473 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001a9f1503 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001a9f1503 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001a9f1503 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001a9f1503 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16608: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16609: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16610: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16611: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16612: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16614: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16613: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b51348a2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b51348a2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b51348a2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b51348a2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e521d770 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e521d770 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e521d770 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e521d770 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16615: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000dcf1431 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000dcf1431 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000dcf1431 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000dcf1431 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cdfa2d96 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cdfa2d96 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cdfa2d96 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cdfa2d96 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16618: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16622: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16616: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16617: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f0f5d638 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f0f5d638 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f0f5d638 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f0f5d638 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000030ae0d82 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000030ae0d82 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000030ae0d82 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000030ae0d82 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16624: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16626: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16627: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16628: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16629: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16631: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16633: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16634: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f3bab1aa (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f3bab1aa (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f3bab1aa (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f3bab1aa (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005121c87f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005121c87f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005121c87f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005121c87f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16635: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b59400e1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b59400e1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b59400e1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b59400e1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000099141c95 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000099141c95 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000099141c95 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000099141c95 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16636: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16638: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16640: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16641: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16642: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16643: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009eddaf58 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009eddaf58 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009eddaf58 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009eddaf58 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001e77340c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001e77340c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001e77340c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001e77340c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16644: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16645: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16648: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16649: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16650: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004d36c581 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004d36c581 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004d36c581 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004d36c581 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007c5acbc0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007c5acbc0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007c5acbc0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007c5acbc0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16651: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16652: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16653: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f3310d3a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f3310d3a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f3310d3a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f3310d3a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c6a7fb75 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c6a7fb75 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c6a7fb75 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c6a7fb75 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16654: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16656: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16657: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16658: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16659: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16660: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16661: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16662: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16663: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16664: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16666: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16667: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 #1: 00000000444920ed (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1826 [inline] #1: 00000000444920ed (&rq->lock){-.-.}, at: __schedule+0x1f9/0x2040 kernel/sched/core.c:3455 #2: 000000006349f2af (rcu_read_lock){....}, at: trace_sched_stat_runtime include/trace/events/sched.h:428 [inline] #2: 000000006349f2af (rcu_read_lock){....}, at: update_curr+0x2c3/0x870 kernel/sched/fair.c:857 #3: 000000002a2e0cce (&mm->context.lock){+.+.}, at: ldt_dup_context+0x38/0x260 arch/x86/kernel/ldt.c:367 4 locks held by syz-executor.0/16668: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000863b7970 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000863b7970 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000863b7970 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000863b7970 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000985545ef (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000985545ef (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000985545ef (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000985545ef (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16669: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000075dd7142 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000075dd7142 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000075dd7142 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000075dd7142 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d7fd21a8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d7fd21a8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d7fd21a8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d7fd21a8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16671: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006a555249 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006a555249 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006a555249 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006a555249 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007a48ed7a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007a48ed7a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007a48ed7a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007a48ed7a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16672: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16673: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16674: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16675: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16676: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16677: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000608f807e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000608f807e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000608f807e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000608f807e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000521ef729 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000521ef729 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000521ef729 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000521ef729 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16678: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16679: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16680: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16681: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005eeb75f3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005eeb75f3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005eeb75f3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005eeb75f3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ba83e6f0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ba83e6f0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ba83e6f0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ba83e6f0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16682: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16685: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16686: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16688: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16689: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16690: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16691: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16693: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16694: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16695: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008e534ba5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008e534ba5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008e534ba5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008e534ba5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001422e51d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001422e51d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001422e51d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001422e51d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16696: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16698: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004659c3bd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004659c3bd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004659c3bd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004659c3bd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001cbbd3b9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001cbbd3b9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001cbbd3b9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001cbbd3b9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16699: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007c9cbacc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007c9cbacc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007c9cbacc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007c9cbacc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000c9c555b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000c9c555b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000c9c555b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000c9c555b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16700: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16701: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16702: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16703: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16704: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000201aa56 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000201aa56 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000201aa56 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000201aa56 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a59e2de0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a59e2de0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a59e2de0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a59e2de0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16706: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16707: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000326a46e9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000326a46e9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000326a46e9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000326a46e9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000edd659b6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000edd659b6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000edd659b6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000edd659b6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16708: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16709: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16710: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16711: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16712: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16713: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16714: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16715: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16716: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16717: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16718: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16719: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16720: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16721: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16725: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16726: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16727: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000441299f3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000441299f3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000441299f3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000441299f3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000af121023 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000af121023 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000af121023 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000af121023 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16728: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16729: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e1c5b106 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e1c5b106 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e1c5b106 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e1c5b106 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000041864b6b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000041864b6b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000041864b6b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000041864b6b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16732: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16733: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005325ecd2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005325ecd2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005325ecd2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005325ecd2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000082098410 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000082098410 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000082098410 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000082098410 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16734: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16735: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16736: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16737: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16738: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16739: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16740: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16741: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16742: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16743: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16744: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16745: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16746: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16747: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16748: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16749: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006348a985 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006348a985 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006348a985 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006348a985 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008cb59b35 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008cb59b35 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008cb59b35 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008cb59b35 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16750: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000042bf0c7e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000042bf0c7e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000042bf0c7e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000042bf0c7e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c971bf9d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c971bf9d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c971bf9d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c971bf9d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16751: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16752: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16753: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16754: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16755: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16756: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16757: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16758: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16759: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16760: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16761: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16762: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16763: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16764: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16766: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16767: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16768: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16769: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16771: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16772: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16773: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16774: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000023b3ead7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000023b3ead7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000023b3ead7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000023b3ead7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003eea0ff7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003eea0ff7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003eea0ff7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003eea0ff7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16775: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f9bda114 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f9bda114 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f9bda114 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f9bda114 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009596f7bb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009596f7bb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009596f7bb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009596f7bb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16776: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16777: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16778: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16779: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000791f8891 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000791f8891 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000791f8891 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000791f8891 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e39d1301 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e39d1301 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e39d1301 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e39d1301 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16780: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16781: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002123a6c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002123a6c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002123a6c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002123a6c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b460422 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b460422 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b460422 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b460422 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16782: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16783: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16784: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16785: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16788: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16790: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16791: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b2dffec (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b2dffec (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b2dffec (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b2dffec (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fafb20c5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fafb20c5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fafb20c5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fafb20c5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16793: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16794: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16795: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16796: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16797: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16798: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16799: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16800: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006a4f5fe6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006a4f5fe6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006a4f5fe6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006a4f5fe6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000256c5aac (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000256c5aac (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000256c5aac (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000256c5aac (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16801: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16802: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006a4ce63c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006a4ce63c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006a4ce63c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006a4ce63c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000022c1396b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000022c1396b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000022c1396b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000022c1396b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16803: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16805: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16806: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16807: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16809: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000df8e15e5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000df8e15e5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000df8e15e5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000df8e15e5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008ccfe72c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008ccfe72c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008ccfe72c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008ccfe72c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16810: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f8548345 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f8548345 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f8548345 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f8548345 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006a7a4f53 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006a7a4f53 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006a7a4f53 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006a7a4f53 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 0000000011708ffd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16811: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16812: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16813: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16814: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16815: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16818: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16819: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16821: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16820: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16822: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000efda7fd8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000efda7fd8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000efda7fd8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000efda7fd8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c87bd2a5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c87bd2a5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c87bd2a5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c87bd2a5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16824: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b72d523a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b72d523a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b72d523a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b72d523a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005ea8fd59 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005ea8fd59 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005ea8fd59 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005ea8fd59 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16825: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ca0469c3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ca0469c3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ca0469c3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ca0469c3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e82a350b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e82a350b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e82a350b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e82a350b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16830: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b11e78e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b11e78e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b11e78e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b11e78e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009c6b59a3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009c6b59a3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009c6b59a3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009c6b59a3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16831: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d1d047a2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d1d047a2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d1d047a2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d1d047a2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000012fce61b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000012fce61b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000012fce61b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000012fce61b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16832: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000109916b0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000109916b0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000109916b0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000109916b0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002f0d46aa (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002f0d46aa (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002f0d46aa (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002f0d46aa (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16834: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000096715eb2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000096715eb2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000096715eb2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000096715eb2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000060475b55 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000060475b55 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000060475b55 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000060475b55 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16835: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002b456dfe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002b456dfe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002b456dfe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002b456dfe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a031c662 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a031c662 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a031c662 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a031c662 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16836: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007df5f1a6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007df5f1a6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007df5f1a6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007df5f1a6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000469ea358 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000469ea358 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000469ea358 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000469ea358 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16840: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16841: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16842: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16843: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16851: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16852: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000040847e87 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000040847e87 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000040847e87 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000040847e87 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000058f5cae7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000058f5cae7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000058f5cae7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000058f5cae7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16853: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000df19dce2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000df19dce2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000df19dce2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000df19dce2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000480a9997 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000480a9997 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000480a9997 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000480a9997 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16854: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ee65b064 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ee65b064 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ee65b064 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ee65b064 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f64c68c5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f64c68c5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f64c68c5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f64c68c5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16855: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007b0bf42d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007b0bf42d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007b0bf42d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007b0bf42d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bba13cbb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bba13cbb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bba13cbb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bba13cbb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16856: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003bb19021 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003bb19021 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003bb19021 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003bb19021 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000043ae2b3f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000043ae2b3f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000043ae2b3f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000043ae2b3f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16857: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000459ae726 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000459ae726 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000459ae726 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000459ae726 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000035f08586 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000035f08586 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000035f08586 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000035f08586 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16858: #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 0000000011708ffd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16859: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16860: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16865: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000000771122 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000000771122 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000000771122 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000000771122 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cb574966 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cb574966 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cb574966 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cb574966 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16866: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16872: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16873: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000564abb79 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000564abb79 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000564abb79 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000564abb79 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005af368b0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005af368b0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005af368b0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005af368b0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16875: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16876: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16877: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16878: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16879: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16881: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16883: #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16884: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000091dc225d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000091dc225d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000091dc225d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000091dc225d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006bf3daba (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006bf3daba (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006bf3daba (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006bf3daba (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16885: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009f4cb679 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009f4cb679 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009f4cb679 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009f4cb679 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ec20aa3f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ec20aa3f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ec20aa3f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ec20aa3f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16886: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f102eac6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f102eac6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f102eac6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f102eac6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c46a8465 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c46a8465 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c46a8465 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c46a8465 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16887: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003d830ee9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003d830ee9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003d830ee9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003d830ee9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000494b6b44 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000494b6b44 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000494b6b44 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000494b6b44 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16888: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d85cfc59 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d85cfc59 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d85cfc59 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d85cfc59 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000edec3758 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000edec3758 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000edec3758 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000edec3758 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16889: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000559c9e28 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000559c9e28 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000559c9e28 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000559c9e28 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004de49357 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004de49357 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004de49357 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004de49357 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16890: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16891: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16892: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d61a4ed1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d61a4ed1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d61a4ed1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d61a4ed1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cfc5e8ad (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cfc5e8ad (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cfc5e8ad (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cfc5e8ad (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16893: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000425e82f6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000425e82f6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000425e82f6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000425e82f6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004c4f5813 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004c4f5813 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004c4f5813 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004c4f5813 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16894: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000815f81fa (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000815f81fa (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000815f81fa (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000815f81fa (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004944f2f5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004944f2f5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004944f2f5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004944f2f5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16895: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cc70f9c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cc70f9c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cc70f9c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cc70f9c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000db8fdaef (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000db8fdaef (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000db8fdaef (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000db8fdaef (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16896: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000bede2b2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000bede2b2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000bede2b2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000bede2b2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e2ecc004 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e2ecc004 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e2ecc004 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e2ecc004 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16897: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000526baeb0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000526baeb0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000526baeb0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000526baeb0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025fd02c8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025fd02c8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025fd02c8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025fd02c8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16898: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000033fa7ff (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000033fa7ff (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000033fa7ff (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000033fa7ff (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000039e993c3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000039e993c3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000039e993c3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000039e993c3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16899: #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16900: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006b64e72e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006b64e72e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006b64e72e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006b64e72e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001f8f5be3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001f8f5be3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001f8f5be3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001f8f5be3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000d0255f61 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16901: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000299a8ded (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000299a8ded (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000299a8ded (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000299a8ded (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f6ed0ddd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f6ed0ddd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f6ed0ddd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f6ed0ddd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16902: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000059b17616 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000059b17616 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000059b17616 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000059b17616 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d1cd32c4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d1cd32c4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d1cd32c4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d1cd32c4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16903: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000062f3bbff (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000062f3bbff (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000062f3bbff (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000062f3bbff (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001fb2e348 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001fb2e348 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001fb2e348 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001fb2e348 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16904: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16905: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b1845218 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b1845218 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b1845218 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b1845218 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000415c3c1d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000415c3c1d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000415c3c1d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000415c3c1d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16906: 4 locks held by syz-executor.0/16907: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002ff5a650 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002ff5a650 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002ff5a650 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002ff5a650 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000068a9e163 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000068a9e163 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000068a9e163 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000068a9e163 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16908: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f557a482 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f557a482 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f557a482 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f557a482 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000823f08fc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000823f08fc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000823f08fc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000823f08fc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16909: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000097d8d8b4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000097d8d8b4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000097d8d8b4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000097d8d8b4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000071408a59 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000071408a59 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000071408a59 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000071408a59 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16910: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000135ce96b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000135ce96b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000135ce96b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000135ce96b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000e7249c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000e7249c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000e7249c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000e7249c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16911: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003488ef51 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003488ef51 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003488ef51 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003488ef51 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c22a3a84 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c22a3a84 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c22a3a84 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c22a3a84 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16912: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001f005049 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001f005049 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001f005049 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001f005049 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f389821c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f389821c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f389821c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f389821c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16913: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f9615ce7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f9615ce7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f9615ce7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f9615ce7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000384b7f88 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000384b7f88 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000384b7f88 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000384b7f88 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005226f3a0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16914: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bd2a70ae (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bd2a70ae (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bd2a70ae (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bd2a70ae (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000056e35369 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000056e35369 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000056e35369 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000056e35369 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16915: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000097a9de7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000097a9de7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000097a9de7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000097a9de7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000eb9d5943 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000eb9d5943 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000eb9d5943 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000eb9d5943 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16916: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006f0d8682 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006f0d8682 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006f0d8682 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006f0d8682 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a2d0c82b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a2d0c82b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a2d0c82b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a2d0c82b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16917: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f455097d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f455097d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f455097d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f455097d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc802650 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc802650 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc802650 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc802650 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16918: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fe56f118 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fe56f118 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fe56f118 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fe56f118 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000afa3c7b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000afa3c7b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000afa3c7b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000afa3c7b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16919: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000078135d0e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000078135d0e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000078135d0e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000078135d0e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003e1b2368 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003e1b2368 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003e1b2368 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003e1b2368 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16920: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000025d12527 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000025d12527 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000025d12527 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000025d12527 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000083eccc57 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000083eccc57 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000083eccc57 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000083eccc57 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16921: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001090e704 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001090e704 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001090e704 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001090e704 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b976fc6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b976fc6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b976fc6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b976fc6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16922: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005f4b643e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005f4b643e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005f4b643e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005f4b643e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ad1ed048 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ad1ed048 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ad1ed048 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ad1ed048 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16923: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d0261ec7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d0261ec7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d0261ec7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d0261ec7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000026f62aa6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000026f62aa6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000026f62aa6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000026f62aa6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16924: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16925: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eb401093 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eb401093 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eb401093 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eb401093 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a688782 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a688782 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a688782 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a688782 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16926: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16927: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001b75a864 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001b75a864 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001b75a864 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001b75a864 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001ab85922 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001ab85922 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001ab85922 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001ab85922 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16928: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000059ab0f39 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000059ab0f39 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000059ab0f39 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000059ab0f39 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001fbaae9c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001fbaae9c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001fbaae9c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001fbaae9c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16929: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16930: #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000005d1aaeb0 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16931: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000034e6dc5d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000034e6dc5d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000034e6dc5d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000034e6dc5d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ec286980 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ec286980 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ec286980 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ec286980 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16932: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b866a94c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b866a94c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b866a94c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b866a94c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008fd8120a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008fd8120a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008fd8120a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008fd8120a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16933: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000c700b8b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000c700b8b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000c700b8b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000c700b8b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a053dfca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a053dfca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a053dfca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a053dfca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16934: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000383d9619 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000383d9619 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000383d9619 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000383d9619 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000614a8b68 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000614a8b68 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000614a8b68 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000614a8b68 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16935: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000021e92527 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000021e92527 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000021e92527 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000021e92527 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000879d0a54 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000879d0a54 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000879d0a54 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000879d0a54 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16936: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 audit: type=1800 audit(1641878359.643:20737): pid=16432 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14085 res=0 #1: 00000000976472fb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000976472fb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000976472fb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000976472fb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d21d2858 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d21d2858 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d21d2858 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d21d2858 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16937: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16938: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16939: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000086312df8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000086312df8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000086312df8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000086312df8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000012a25ad9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000012a25ad9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000012a25ad9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000012a25ad9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16940: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000bb484a8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000bb484a8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000bb484a8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000bb484a8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d565dd05 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d565dd05 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d565dd05 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d565dd05 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16941: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000086ed9776 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000086ed9776 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000086ed9776 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000086ed9776 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000cbf459b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000cbf459b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000cbf459b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000cbf459b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16942: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000070c55204 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000070c55204 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000070c55204 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000070c55204 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007a56168a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007a56168a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007a56168a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007a56168a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16943: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000052107b3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000052107b3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000052107b3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000052107b3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000078df4afc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000078df4afc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000078df4afc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000078df4afc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16944: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16945: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000006d07b12 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000006d07b12 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000006d07b12 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000006d07b12 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004b292a6a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004b292a6a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004b292a6a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004b292a6a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16946: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000056b631cb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000056b631cb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000056b631cb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000056b631cb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fc371ff6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fc371ff6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fc371ff6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fc371ff6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16947: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dd40c351 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dd40c351 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dd40c351 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dd40c351 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc7c2b12 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc7c2b12 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc7c2b12 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc7c2b12 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16948: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cc1aec13 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cc1aec13 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cc1aec13 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cc1aec13 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000033589db8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000033589db8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000033589db8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000033589db8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16949: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000710835d2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000710835d2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000710835d2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000710835d2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cad41161 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cad41161 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cad41161 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cad41161 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16950: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16951: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16952: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000d278493 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000d278493 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000d278493 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000d278493 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000084f8d63b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000084f8d63b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000084f8d63b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000084f8d63b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16953: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000090e94214 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000090e94214 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000090e94214 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000090e94214 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c9cf74e4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c9cf74e4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c9cf74e4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c9cf74e4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16954: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007aa2adbe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007aa2adbe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007aa2adbe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007aa2adbe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005748046b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005748046b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005748046b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005748046b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16955: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000033621b40 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000033621b40 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000033621b40 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000033621b40 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006ed4898d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006ed4898d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006ed4898d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006ed4898d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16956: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000367b8c97 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000367b8c97 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000367b8c97 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000367b8c97 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004e073976 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004e073976 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004e073976 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004e073976 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16957: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16958: #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16959: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ad146081 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ad146081 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ad146081 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ad146081 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008e3efaf4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008e3efaf4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008e3efaf4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008e3efaf4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16960: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ae80d46f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ae80d46f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ae80d46f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ae80d46f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007af59a32 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007af59a32 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007af59a32 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007af59a32 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16961: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002080bfa8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002080bfa8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002080bfa8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002080bfa8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003358f884 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003358f884 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003358f884 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003358f884 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16962: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000092bff9db (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000092bff9db (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000092bff9db (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000092bff9db (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000a1877bd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000a1877bd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000a1877bd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000a1877bd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16963: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dd3cb0c8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dd3cb0c8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dd3cb0c8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dd3cb0c8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d721fdf7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d721fdf7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d721fdf7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d721fdf7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16964: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000073167d20 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000073167d20 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000073167d20 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000073167d20 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003ecb6790 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003ecb6790 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003ecb6790 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003ecb6790 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16965: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c7375887 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c7375887 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c7375887 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c7375887 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005300848d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005300848d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005300848d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005300848d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16966: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bc12774a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bc12774a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bc12774a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bc12774a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002123cf1c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002123cf1c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002123cf1c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002123cf1c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16967: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f6c3c786 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f6c3c786 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f6c3c786 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f6c3c786 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000074a5cf77 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000074a5cf77 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000074a5cf77 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000074a5cf77 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16968: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cfd1d2cc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cfd1d2cc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cfd1d2cc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cfd1d2cc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000053c71768 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000053c71768 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000053c71768 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000053c71768 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16969: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c2b99aca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c2b99aca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c2b99aca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c2b99aca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007068c803 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007068c803 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007068c803 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007068c803 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16970: #0: 00000000aff72b30 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000aff72b30 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16971: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000020dee59f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000020dee59f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000020dee59f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000020dee59f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000063ca90e4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000063ca90e4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000063ca90e4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000063ca90e4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16972: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000017bdf094 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000017bdf094 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000017bdf094 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000017bdf094 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001e264b14 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001e264b14 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001e264b14 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001e264b14 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16973: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003b94f912 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003b94f912 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003b94f912 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003b94f912 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000092a5f172 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000092a5f172 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000092a5f172 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000092a5f172 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16974: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000059120dea (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000059120dea (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000059120dea (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000059120dea (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d87ab67c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d87ab67c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d87ab67c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d87ab67c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16975: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f86ee1c5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f86ee1c5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f86ee1c5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f86ee1c5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e7d99714 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e7d99714 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e7d99714 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e7d99714 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16976: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16977: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.0/16978: #0: 00000000aff72b30 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000aff72b30 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16979: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000067da015 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000067da015 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000067da015 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000067da015 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000af7993fd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000af7993fd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000af7993fd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000af7993fd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16980: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000bdf45d0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000bdf45d0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000bdf45d0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000bdf45d0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000005d66702 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000005d66702 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000005d66702 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000005d66702 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16981: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000040aa876e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000040aa876e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000040aa876e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000040aa876e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000026ccce47 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000026ccce47 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000026ccce47 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000026ccce47 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16982: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000046859c27 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000046859c27 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000046859c27 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000046859c27 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a433683 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a433683 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a433683 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a433683 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16983: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e6689285 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e6689285 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e6689285 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e6689285 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000196eb139 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000196eb139 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000196eb139 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000196eb139 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16984: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002fbba7bb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002fbba7bb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002fbba7bb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002fbba7bb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001378f0c8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001378f0c8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001378f0c8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001378f0c8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16985: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ca169681 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ca169681 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ca169681 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ca169681 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008b435c6d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008b435c6d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008b435c6d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008b435c6d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16986: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16987: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ec66d77f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ec66d77f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ec66d77f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ec66d77f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000086c6e759 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000086c6e759 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000086c6e759 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000086c6e759 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16988: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004b58735b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004b58735b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004b58735b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004b58735b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e0ab80ab (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e0ab80ab (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e0ab80ab (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e0ab80ab (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16989: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006ab63426 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006ab63426 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006ab63426 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006ab63426 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005a691f8d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005a691f8d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005a691f8d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005a691f8d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16990: #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16991: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001a168b10 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001a168b10 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001a168b10 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001a168b10 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000798367b8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000798367b8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000798367b8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000798367b8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16992: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a116c8c1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a116c8c1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a116c8c1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a116c8c1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001f5c4c6f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001f5c4c6f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001f5c4c6f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001f5c4c6f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16993: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005a524c81 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005a524c81 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005a524c81 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005a524c81 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c550bed7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c550bed7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c550bed7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c550bed7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16994: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000393929e1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000393929e1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000393929e1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000393929e1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001dfe4835 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001dfe4835 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001dfe4835 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001dfe4835 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/16995: #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000b3cc5499 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.0/16996: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d698c01e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d698c01e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d698c01e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d698c01e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000080c51348 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000080c51348 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000080c51348 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000080c51348 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16997: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002bc81212 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002bc81212 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002bc81212 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002bc81212 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005a260887 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005a260887 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005a260887 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005a260887 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16998: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b1934543 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b1934543 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b1934543 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b1934543 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000094a7bc66 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000094a7bc66 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000094a7bc66 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000094a7bc66 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/16999: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000accd5e72 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000accd5e72 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000accd5e72 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000accd5e72 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008814886f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008814886f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008814886f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008814886f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/17000: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000a0d2fb6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000a0d2fb6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000a0d2fb6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000a0d2fb6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000090d0ece8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000090d0ece8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000090d0ece8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000090d0ece8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/17001: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000098e785a4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000098e785a4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000098e785a4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000098e785a4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000039733845 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000039733845 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000039733845 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000039733845 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.0/17002: #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 000000001f9f67d5 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000078ddda77 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000078ddda77 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000078ddda77 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000078ddda77 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004f2b5c11 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004f2b5c11 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004f2b5c11 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004f2b5c11 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000006f297afb (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.0/17003: #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000006f297afb (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388