Bluetooth: hci1: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task syz-executor.1:19567 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28224 19567 8131 0x80000002 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 hci_conn_hash_del include/net/bluetooth/hci_core.h:725 [inline] hci_conn_cleanup+0x166/0x550 net/bluetooth/hci_conn.c:123 hci_conn_del+0x2a0/0x780 net/bluetooth/hci_conn.c:611 hci_conn_hash_flush+0x19c/0x260 net/bluetooth/hci_conn.c:1513 hci_dev_do_close+0x6bc/0x1020 net/bluetooth/hci_core.c:1687 hci_unregister_dev+0x14f/0x460 net/bluetooth/hci_core.c:3288 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa43e60be99 Code: Bad RIP value. RSP: 002b:00007fa43cf3f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa43e71f108 RCX: 00007fa43e60be99 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa43e71f108 RBP: 00007fa43e71f100 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa43e71f10c R13: 00007ffe90b9eb4f R14: 00007fa43cf3f300 R15: 0000000000022000 INFO: task syz-executor.1:20839 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28288 20839 8131 0x80000002 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 _synchronize_rcu_expedited+0x419/0x6f0 kernel/rcu/tree_exp.h:686 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 namespace_unlock fs/namespace.c:1363 [inline] drop_collected_mounts+0x178/0x1a0 fs/namespace.c:1808 put_mnt_ns fs/namespace.c:3271 [inline] put_mnt_ns+0x5f/0x80 fs/namespace.c:3267 free_nsproxy+0x41/0x220 kernel/nsproxy.c:176 switch_task_namespaces+0xaa/0xc0 kernel/nsproxy.c:229 do_exit+0xbee/0x2be0 kernel/exit.c:869 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa43e60be99 Code: Bad RIP value. RSP: 002b:00007fa43cf3f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fa43e71f108 RCX: 00007fa43e60be99 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa43e71f108 RBP: 00007fa43e71f100 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa43e71f10c R13: 00007ffe90b9eb4f R14: 00007fa43cf3f300 R15: 0000000000022000 INFO: task syz-executor.1:22446 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D27688 22446 8131 0x80000002 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common+0x29c/0x470 kernel/sched/completion.c:115 __synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936 tracepoint_synchronize_unregister include/linux/tracepoint.h:94 [inline] perf_trace_event_unreg.isra.0+0xba/0x200 kernel/trace/trace_event_perf.c:163 perf_uprobe_destroy+0xbb/0x130 kernel/trace/trace_event_perf.c:343 _free_event+0x32c/0x1150 kernel/events/core.c:4484 put_event kernel/events/core.c:4578 [inline] perf_event_release_kernel+0x6d9/0xcd0 kernel/events/core.c:4693 perf_release+0x33/0x40 kernel/events/core.c:4703 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa43e60be99 Code: Bad RIP value. RSP: 002b:00007fa43cf1e168 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: fffffffffffffe00 RBX: 00007fa43e71f1d0 RCX: 00007fa43e60be99 RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000480 RBP: 00007fa43e665ff1 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe90b9eb4f R14: 00007fa43cf1e300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1569: #0: 000000009fca1964 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by khugepaged/1576: 1 lock held by systemd-journal/4679: 1 lock held by in:imklog/7822: #0: 00000000de7db60e (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 2 locks held by kworker/1:3/8388: 2 locks held by kworker/u4:4/8846: 4 locks held by kworker/u4:6/8857: 2 locks held by kworker/1:4/9348: #0: 00000000a7464a71 ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000c42a5a72 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 3 locks held by syz-executor.1/19567: #0: 00000000dcb00b7b (&hdev->req_lock){+.+.}, at: hci_dev_do_close+0x122/0x1020 net/bluetooth/hci_core.c:1629 #1: 00000000afe67966 (&hdev->lock){+.+.}, at: hci_dev_do_close+0x343/0x1020 net/bluetooth/hci_core.c:1674 #2: 00000000af1662f2 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #2: 00000000af1662f2 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 1 lock held by syz-executor.1/20839: #0: 00000000af1662f2 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #0: 00000000af1662f2 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 1 lock held by syz-executor.1/22446: #0: 000000000ea8bf13 (event_mutex){+.+.}, at: perf_uprobe_destroy+0x23/0x130 kernel/trace/trace_event_perf.c:341 4 locks held by syz-executor.3/22511: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000047d4444d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000047d4444d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000047d4444d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000047d4444d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fb4fa350 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fb4fa350 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fb4fa350 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fb4fa350 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22513: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22514: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22541: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000092212f9c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000092212f9c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000092212f9c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000092212f9c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007bebaacb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007bebaacb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007bebaacb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007bebaacb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22545: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22546: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000755e3e90 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000755e3e90 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000755e3e90 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000755e3e90 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000dfce682a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000dfce682a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000dfce682a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000dfce682a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22547: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006f9a0716 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006f9a0716 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006f9a0716 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006f9a0716 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009d3be01c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009d3be01c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009d3be01c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009d3be01c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22550: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22551: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22552: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22553: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22554: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22555: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22556: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b5926c8c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b5926c8c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b5926c8c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b5926c8c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000065dfd6ce (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000065dfd6ce (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000065dfd6ce (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000065dfd6ce (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22557: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22558: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22559: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002c9e75d8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002c9e75d8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002c9e75d8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002c9e75d8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e223e99c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e223e99c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e223e99c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e223e99c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22560: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22561: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22562: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22563: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22564: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002619ba1a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002619ba1a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002619ba1a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002619ba1a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a4c3a535 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a4c3a535 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a4c3a535 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a4c3a535 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22565: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22566: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000032d74250 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000032d74250 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000032d74250 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000032d74250 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006e69ead2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006e69ead2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006e69ead2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006e69ead2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22567: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22568: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000049be8dcf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000049be8dcf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000049be8dcf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000049be8dcf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b3176e01 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b3176e01 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b3176e01 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b3176e01 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22569: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22570: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22571: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22572: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22573: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22574: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22575: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e99ee9b7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e99ee9b7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e99ee9b7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e99ee9b7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004dec8229 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004dec8229 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004dec8229 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004dec8229 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22576: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22577: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22578: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22579: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22580: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22581: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e6aad655 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e6aad655 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e6aad655 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e6aad655 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d96b09b3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d96b09b3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d96b09b3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d96b09b3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22582: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22583: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22584: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22585: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22586: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009dbd3c1f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009dbd3c1f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009dbd3c1f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009dbd3c1f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c4afab26 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c4afab26 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c4afab26 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c4afab26 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22587: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22588: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f93a8620 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f93a8620 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f93a8620 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f93a8620 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e021ad04 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e021ad04 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e021ad04 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e021ad04 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22589: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22590: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22592: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e44a6ae6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e44a6ae6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e44a6ae6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e44a6ae6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bbf89dde (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bbf89dde (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bbf89dde (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bbf89dde (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22593: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22594: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000067bbcf76 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000067bbcf76 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000067bbcf76 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000067bbcf76 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000066499465 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000066499465 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000066499465 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000066499465 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22598: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22599: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22600: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22601: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22602: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008382212e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008382212e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008382212e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008382212e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007946d010 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007946d010 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007946d010 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007946d010 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22603: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22604: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22605: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22606: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f1ae3069 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f1ae3069 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f1ae3069 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f1ae3069 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000051cc42c5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000051cc42c5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000051cc42c5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000051cc42c5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22607: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000075342c6a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000075342c6a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000075342c6a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000075342c6a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000695c8148 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000695c8148 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000695c8148 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000695c8148 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22608: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22609: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007817e6f2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007817e6f2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007817e6f2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007817e6f2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000337a2154 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000337a2154 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000337a2154 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000337a2154 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22610: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22611: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000073f4c61d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000073f4c61d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000073f4c61d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000073f4c61d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d7dc32c1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d7dc32c1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d7dc32c1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d7dc32c1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22612: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004762c85c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004762c85c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004762c85c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004762c85c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000069a249e9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000069a249e9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000069a249e9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000069a249e9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22613: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009048b94d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009048b94d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009048b94d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009048b94d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b9036021 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b9036021 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b9036021 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b9036021 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22614: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22615: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22616: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22617: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004935b0da (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004935b0da (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004935b0da (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004935b0da (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000140c578b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000140c578b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000140c578b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000140c578b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22618: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002205a0dc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002205a0dc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002205a0dc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002205a0dc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009b1f4752 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009b1f4752 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009b1f4752 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009b1f4752 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22619: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000021aa9ab (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000021aa9ab (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000021aa9ab (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000021aa9ab (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000042ec46d8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000042ec46d8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000042ec46d8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000042ec46d8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22620: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006575b2b9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006575b2b9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006575b2b9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006575b2b9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000120376ae (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000120376ae (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000120376ae (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000120376ae (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22621: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000af86a249 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000af86a249 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000af86a249 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000af86a249 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000066b26a9d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000066b26a9d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000066b26a9d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000066b26a9d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22622: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22623: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006f15c561 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006f15c561 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006f15c561 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006f15c561 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006d9a109f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006d9a109f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006d9a109f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006d9a109f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22624: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000054596a78 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000054596a78 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000054596a78 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000054596a78 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008b53e066 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008b53e066 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008b53e066 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008b53e066 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22625: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22626: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22627: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000b4a081a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000b4a081a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000b4a081a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000b4a081a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e787cf7b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e787cf7b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e787cf7b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e787cf7b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22628: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a8a8536f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a8a8536f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a8a8536f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a8a8536f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000026801e1a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000026801e1a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000026801e1a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000026801e1a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22629: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d341ccf7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d341ccf7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d341ccf7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d341ccf7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fdd6baa4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fdd6baa4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fdd6baa4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fdd6baa4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22632: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22665: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000067d721 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000067d721 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000067d721 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000067d721 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007763abcf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007763abcf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007763abcf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007763abcf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22666: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22667: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22668: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22669: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22670: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000019d258d3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000019d258d3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000019d258d3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000019d258d3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001ebfcfbe (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001ebfcfbe (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001ebfcfbe (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001ebfcfbe (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22671: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22672: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22673: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ad2a4a6c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ad2a4a6c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ad2a4a6c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ad2a4a6c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f76375f5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f76375f5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f76375f5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f76375f5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22674: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22675: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22676: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000087452432 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000087452432 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000087452432 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000087452432 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008eac8300 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008eac8300 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008eac8300 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008eac8300 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22678: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22679: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000364ecedf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000364ecedf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000364ecedf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000364ecedf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009641f1c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009641f1c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009641f1c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009641f1c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22680: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22681: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22682: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22683: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22684: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000085682ab3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000085682ab3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000085682ab3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000085682ab3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e0bc66b8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e0bc66b8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e0bc66b8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e0bc66b8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22685: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22686: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22687: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000095ed4a03 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000095ed4a03 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000095ed4a03 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000095ed4a03 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e2e0d87a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e2e0d87a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e2e0d87a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e2e0d87a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22688: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000543a7f4a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000543a7f4a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000543a7f4a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000543a7f4a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000af0011c1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000af0011c1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000af0011c1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000af0011c1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22689: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003d318ab1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003d318ab1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003d318ab1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003d318ab1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cc824625 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cc824625 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cc824625 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cc824625 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22690: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22691: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008c6ee04c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008c6ee04c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008c6ee04c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008c6ee04c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007bb11bed (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007bb11bed (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007bb11bed (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007bb11bed (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22692: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a0a4d16f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a0a4d16f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a0a4d16f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a0a4d16f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c4e8397d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c4e8397d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c4e8397d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c4e8397d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22693: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001b84b4c2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001b84b4c2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001b84b4c2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001b84b4c2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000053bc22c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000053bc22c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000053bc22c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000053bc22c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22694: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cbeaa75c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cbeaa75c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cbeaa75c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cbeaa75c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000584ef24c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000584ef24c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000584ef24c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000584ef24c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22695: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f3bcbf5f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f3bcbf5f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f3bcbf5f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f3bcbf5f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a523f2fc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a523f2fc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a523f2fc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a523f2fc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22696: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000114999b1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000114999b1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000114999b1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000114999b1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000066cd4d91 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000066cd4d91 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000066cd4d91 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000066cd4d91 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22697: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22698: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005e837237 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005e837237 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005e837237 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005e837237 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bd4af83e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bd4af83e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bd4af83e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bd4af83e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22699: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005613220b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005613220b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005613220b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005613220b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cf8bad97 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cf8bad97 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cf8bad97 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cf8bad97 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22700: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22701: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000068f46b9d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000068f46b9d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000068f46b9d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000068f46b9d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000014fca2e8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000014fca2e8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000014fca2e8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000014fca2e8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22702: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22703: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22704: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22705: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000008ec83b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000008ec83b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000008ec83b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000008ec83b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000119c089b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000119c089b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000119c089b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000119c089b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22706: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22707: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22709: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22710: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000020c1c520 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000020c1c520 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000020c1c520 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000020c1c520 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a0ca5cca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a0ca5cca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a0ca5cca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a0ca5cca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22711: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22712: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22713: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000038680eb7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000038680eb7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000038680eb7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000038680eb7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a0afa991 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a0afa991 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a0afa991 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a0afa991 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22714: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006854ce57 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006854ce57 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006854ce57 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006854ce57 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b19ebf4a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b19ebf4a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b19ebf4a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b19ebf4a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22715: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22717: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e20e8302 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e20e8302 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e20e8302 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e20e8302 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000968e018a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000968e018a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000968e018a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000968e018a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22718: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b71353b0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b71353b0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b71353b0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b71353b0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000002618c47 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000002618c47 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000002618c47 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000002618c47 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22719: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002255a994 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002255a994 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002255a994 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002255a994 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ae80bc24 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ae80bc24 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ae80bc24 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ae80bc24 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22720: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22721: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002658cdfb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002658cdfb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002658cdfb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002658cdfb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e06ac9df (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e06ac9df (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e06ac9df (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e06ac9df (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22722: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002df2bd79 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002df2bd79 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002df2bd79 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002df2bd79 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000078107d5a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000078107d5a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000078107d5a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000078107d5a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22723: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000043bc45e7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000043bc45e7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000043bc45e7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000043bc45e7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d8d8c03e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d8d8c03e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d8d8c03e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d8d8c03e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22724: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006fa597ca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006fa597ca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006fa597ca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006fa597ca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f089316c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f089316c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f089316c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f089316c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22725: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005a076f1e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005a076f1e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005a076f1e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005a076f1e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bbc239c1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bbc239c1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bbc239c1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bbc239c1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22727: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f80b8db4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f80b8db4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f80b8db4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f80b8db4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009052ca5a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009052ca5a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009052ca5a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009052ca5a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22731: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22732: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fff28b98 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fff28b98 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fff28b98 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fff28b98 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc51d673 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc51d673 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc51d673 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc51d673 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22733: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22734: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22735: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22736: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f978f3e6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f978f3e6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f978f3e6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f978f3e6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e85f2b58 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e85f2b58 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e85f2b58 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e85f2b58 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22737: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22738: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22739: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22740: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002aba27fc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002aba27fc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002aba27fc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002aba27fc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c2c7417f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c2c7417f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c2c7417f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c2c7417f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22741: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f2cae9ea (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f2cae9ea (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f2cae9ea (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f2cae9ea (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b04be75f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b04be75f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b04be75f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b04be75f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22742: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22743: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22744: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22745: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22746: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000dabefe2b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000dabefe2b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000dabefe2b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000dabefe2b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000050d79cb7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000050d79cb7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000050d79cb7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000050d79cb7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22747: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22748: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ac6d1a80 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ac6d1a80 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ac6d1a80 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ac6d1a80 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc5a35e7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc5a35e7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc5a35e7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc5a35e7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22749: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000027281b69 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000027281b69 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000027281b69 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000027281b69 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000090326bbc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000090326bbc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000090326bbc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000090326bbc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22750: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e8460c65 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e8460c65 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e8460c65 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e8460c65 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000050682a01 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000050682a01 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000050682a01 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000050682a01 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22751: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22752: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22753: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003adc6b76 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003adc6b76 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003adc6b76 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003adc6b76 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000053d5448e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000053d5448e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000053d5448e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000053d5448e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22754: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000313c753d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000313c753d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000313c753d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000313c753d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000639eee18 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000639eee18 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000639eee18 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000639eee18 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22755: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22756: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22757: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22758: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bd373923 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bd373923 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bd373923 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bd373923 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000004187d52 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000004187d52 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000004187d52 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000004187d52 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22759: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22760: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000046bde5b8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000046bde5b8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000046bde5b8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000046bde5b8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000fdd0585 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000fdd0585 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000fdd0585 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000fdd0585 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22761: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22762: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22764: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22765: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000968f7065 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000968f7065 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000968f7065 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000968f7065 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d031ed5f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d031ed5f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d031ed5f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d031ed5f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22766: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22767: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001973be46 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001973be46 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001973be46 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001973be46 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009f017448 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009f017448 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009f017448 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009f017448 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22768: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000777565f9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000777565f9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000777565f9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000777565f9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005fa394a8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005fa394a8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005fa394a8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005fa394a8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22769: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001ae2724e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001ae2724e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001ae2724e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001ae2724e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ac6a8473 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ac6a8473 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ac6a8473 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ac6a8473 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22770: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22771: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22772: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004d374843 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004d374843 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004d374843 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004d374843 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000853e5b6a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000853e5b6a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000853e5b6a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000853e5b6a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22773: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f809a2cb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f809a2cb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f809a2cb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f809a2cb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009d30cd10 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009d30cd10 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009d30cd10 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009d30cd10 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22774: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009a426bdb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009a426bdb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009a426bdb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009a426bdb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000331e9ea8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000331e9ea8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000331e9ea8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000331e9ea8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22775: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d1f397e8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d1f397e8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d1f397e8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d1f397e8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009d0fe4c2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009d0fe4c2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009d0fe4c2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009d0fe4c2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22776: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000afc40ebf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000afc40ebf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000afc40ebf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000afc40ebf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000daf948bf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000daf948bf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000daf948bf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000daf948bf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22778: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000081c93889 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000081c93889 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000081c93889 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000081c93889 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000000e0f59d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000000e0f59d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000000e0f59d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000000e0f59d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22779: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22780: #0: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000731bc22b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22781: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22782: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002c628dd5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002c628dd5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002c628dd5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002c628dd5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c91d3ad0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c91d3ad0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c91d3ad0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c91d3ad0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22783: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e5ff4063 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e5ff4063 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e5ff4063 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e5ff4063 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fd40f699 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fd40f699 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fd40f699 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fd40f699 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22784: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22785: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000043789f9f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000043789f9f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000043789f9f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000043789f9f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002bf063a3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002bf063a3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002bf063a3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002bf063a3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22786: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22788: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004de79048 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004de79048 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004de79048 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004de79048 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d3ad4c40 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d3ad4c40 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d3ad4c40 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d3ad4c40 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22789: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22790: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000056705b5e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000056705b5e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000056705b5e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000056705b5e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ded3a94c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ded3a94c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ded3a94c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ded3a94c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000731bc22b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22791: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22792: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22793: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b1b881a4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b1b881a4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b1b881a4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b1b881a4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000072070c64 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000072070c64 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000072070c64 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000072070c64 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22794: #0: 00000000731bc22b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000731bc22b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22795: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000077d59ec0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000077d59ec0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000077d59ec0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000077d59ec0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002042f2c9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002042f2c9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002042f2c9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002042f2c9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22796: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22797: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22798: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d3bd09f2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d3bd09f2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d3bd09f2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d3bd09f2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002055565d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002055565d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002055565d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002055565d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22799: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22801: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22802: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000144a62f8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000144a62f8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000144a62f8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000144a62f8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005d4cbfc2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005d4cbfc2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005d4cbfc2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005d4cbfc2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22804: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000077590c25 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000077590c25 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000077590c25 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000077590c25 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000056ad5681 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000056ad5681 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000056ad5681 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000056ad5681 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22805: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cf48f298 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cf48f298 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cf48f298 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cf48f298 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ff243402 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ff243402 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ff243402 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ff243402 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22806: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000051d48061 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000051d48061 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000051d48061 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000051d48061 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000025c302e8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000025c302e8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000025c302e8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000025c302e8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22807: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22808: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a90457bf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a90457bf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a90457bf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a90457bf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000032b30ecb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000032b30ecb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000032b30ecb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000032b30ecb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22809: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000019719f42 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000019719f42 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000019719f42 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000019719f42 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009e3b5aa5 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009e3b5aa5 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009e3b5aa5 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009e3b5aa5 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22811: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009da12bbd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009da12bbd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009da12bbd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009da12bbd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d96078b1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d96078b1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d96078b1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d96078b1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22812: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22813: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000813a1fb2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000813a1fb2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000813a1fb2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000813a1fb2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c8443026 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c8443026 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c8443026 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c8443026 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22814: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000179cdf8e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000179cdf8e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000179cdf8e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000179cdf8e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000073981a60 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000073981a60 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000073981a60 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000073981a60 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22815: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22816: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22817: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006da9f057 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006da9f057 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006da9f057 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006da9f057 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ee3b5b34 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ee3b5b34 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ee3b5b34 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ee3b5b34 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22818: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000113d7b84 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000113d7b84 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000113d7b84 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000113d7b84 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006cabe806 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006cabe806 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006cabe806 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006cabe806 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22819: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22820: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22821: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22822: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22823: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22824: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a43e94a4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a43e94a4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a43e94a4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a43e94a4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000040e2a4c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000040e2a4c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000040e2a4c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000040e2a4c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22825: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22826: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22827: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22828: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22829: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22830: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ab922bce (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ab922bce (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ab922bce (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ab922bce (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca01de3b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca01de3b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca01de3b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca01de3b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22831: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22832: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000861a7110 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000861a7110 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000861a7110 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000861a7110 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000085f7cb87 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000085f7cb87 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000085f7cb87 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000085f7cb87 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22833: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22834: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22835: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22837: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22838: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22839: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22840: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22841: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22842: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22843: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22844: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c4880dbc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c4880dbc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c4880dbc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c4880dbc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000072f03f40 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000072f03f40 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000072f03f40 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000072f03f40 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22845: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000b03f998 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000b03f998 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000b03f998 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000b03f998 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000013f503e7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000013f503e7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000013f503e7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000013f503e7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22846: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22847: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22848: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22849: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008e40890c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008e40890c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008e40890c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008e40890c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004ce92448 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004ce92448 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004ce92448 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004ce92448 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22850: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000922b7f34 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000922b7f34 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000922b7f34 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000922b7f34 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000625ea61e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000625ea61e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000625ea61e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000625ea61e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22851: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22852: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22853: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d17a60fc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d17a60fc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d17a60fc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d17a60fc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d1a4d230 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d1a4d230 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d1a4d230 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d1a4d230 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22854: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22855: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000094b0910a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000094b0910a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000094b0910a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000094b0910a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000b2a97bb (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000b2a97bb (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000b2a97bb (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000b2a97bb (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22856: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22857: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22858: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22859: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22860: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c004b205 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c004b205 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c004b205 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c004b205 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c0d7b090 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c0d7b090 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c0d7b090 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c0d7b090 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22861: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22862: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d0c80cdf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d0c80cdf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d0c80cdf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d0c80cdf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000084648f85 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000084648f85 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000084648f85 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000084648f85 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22863: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a8275989 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a8275989 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a8275989 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a8275989 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc7a468f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc7a468f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc7a468f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc7a468f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22864: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22865: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22866: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22867: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22868: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22869: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004fa622ae (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004fa622ae (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004fa622ae (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004fa622ae (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ac3c4f39 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ac3c4f39 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ac3c4f39 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ac3c4f39 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22871: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22872: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004cae1c6d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004cae1c6d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004cae1c6d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004cae1c6d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000aab87d3d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000aab87d3d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000aab87d3d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000aab87d3d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22873: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d9a054ad (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d9a054ad (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d9a054ad (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d9a054ad (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fcf69d8e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fcf69d8e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fcf69d8e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fcf69d8e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22874: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22875: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22881: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000094603a0f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000094603a0f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000094603a0f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000094603a0f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d6afca88 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d6afca88 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d6afca88 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d6afca88 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22882: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22883: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22884: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22885: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002806e7d9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002806e7d9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002806e7d9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002806e7d9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009e90c525 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009e90c525 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009e90c525 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009e90c525 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22886: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22887: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000056a03625 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000056a03625 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000056a03625 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000056a03625 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f0a2e1ab (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f0a2e1ab (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f0a2e1ab (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f0a2e1ab (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22888: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22889: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a275b19a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a275b19a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a275b19a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a275b19a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009e68824a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009e68824a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009e68824a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009e68824a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22890: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009576aa4d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009576aa4d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009576aa4d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009576aa4d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000088ea4b88 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000088ea4b88 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000088ea4b88 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000088ea4b88 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22891: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cca1fa48 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cca1fa48 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cca1fa48 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cca1fa48 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f20c5636 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f20c5636 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f20c5636 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f20c5636 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22892: 1 lock held by syz-executor.3/22893: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22895: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22896: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000045203e43 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000045203e43 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000045203e43 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000045203e43 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cacfa161 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cacfa161 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cacfa161 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cacfa161 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22897: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22898: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d7c9c81d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d7c9c81d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d7c9c81d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d7c9c81d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c1723d2d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c1723d2d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c1723d2d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c1723d2d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22901: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 3 locks held by syz-executor.3/22902: 4 locks held by syz-executor.3/22903: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b73ad2dd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b73ad2dd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b73ad2dd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b73ad2dd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009e7ea8fe (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009e7ea8fe (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009e7ea8fe (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009e7ea8fe (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22904: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004cdb278d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004cdb278d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004cdb278d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004cdb278d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c37fd945 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c37fd945 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c37fd945 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c37fd945 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000620cfb0d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000620cfb0d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22906: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22907: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f650541f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f650541f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f650541f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f650541f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003a7da7e2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003a7da7e2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003a7da7e2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003a7da7e2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22908: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004fbc2e2d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004fbc2e2d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004fbc2e2d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004fbc2e2d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000874c4ed4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000874c4ed4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000874c4ed4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000874c4ed4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22909: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22910: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000302a392d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000302a392d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000302a392d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000302a392d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a79bfa3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a79bfa3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a79bfa3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a79bfa3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22911: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22912: #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000997836d6 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22914: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d166255c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d166255c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d166255c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d166255c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000da54ed32 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000da54ed32 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000da54ed32 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000da54ed32 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22915: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22917: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22918: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004c24c14d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004c24c14d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004c24c14d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004c24c14d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000006d45e22 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000006d45e22 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000006d45e22 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000006d45e22 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22919: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009865836d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009865836d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009865836d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009865836d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000076bb3577 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000076bb3577 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000076bb3577 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000076bb3577 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22921: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000015bc0e75 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000015bc0e75 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000015bc0e75 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000015bc0e75 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d54b9966 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d54b9966 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d54b9966 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d54b9966 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22922: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22926: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22927: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22928: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000040df4322 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000040df4322 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000040df4322 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000040df4322 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009a3482b2 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009a3482b2 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009a3482b2 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009a3482b2 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22929: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22931: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22932: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c0545d5b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c0545d5b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c0545d5b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c0545d5b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d805f69f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d805f69f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d805f69f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d805f69f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22934: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eaba9a19 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eaba9a19 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eaba9a19 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eaba9a19 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fffcfedc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fffcfedc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fffcfedc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fffcfedc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22935: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22936: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22939: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003a768724 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003a768724 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003a768724 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003a768724 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009c45fffe (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009c45fffe (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009c45fffe (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009c45fffe (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22940: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c5644140 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c5644140 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c5644140 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c5644140 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008e240188 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008e240188 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008e240188 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008e240188 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22942: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22945: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001a2568d2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001a2568d2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001a2568d2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001a2568d2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003844e3a6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003844e3a6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003844e3a6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003844e3a6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22946: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000057c29c54 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000057c29c54 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000057c29c54 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000057c29c54 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000093ba4ca8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000093ba4ca8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000093ba4ca8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000093ba4ca8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22947: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22948: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22950: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22952: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22953: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22954: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005ee7c890 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005ee7c890 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005ee7c890 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005ee7c890 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000817b3165 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000817b3165 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000817b3165 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000817b3165 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/22955: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000011a5e3e1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000011a5e3e1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000011a5e3e1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000011a5e3e1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000522cdd22 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000522cdd22 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000522cdd22 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000522cdd22 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22956: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22957: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000023e26f60 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000023e26f60 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000023e26f60 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000023e26f60 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f274b84a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f274b84a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f274b84a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f274b84a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000997836d6 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22959: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22963: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000066b507f7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000066b507f7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000066b507f7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000066b507f7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000067a5c00e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000067a5c00e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000067a5c00e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000067a5c00e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22964: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22966: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22967: #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/22968: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22969: #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000831d1d33 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001e8847b3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001e8847b3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001e8847b3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001e8847b3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000668d6203 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000668d6203 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000668d6203 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000668d6203 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008abb5d6b (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/22970: #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000a0ac9f6d (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/22971: