audit: type=1400 audit(1556933990.974:51910): avc: denied { sys_boot } for pid=538 comm="syz-executor.4" capability=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1556933990.984:51911): avc: denied { sys_boot } for pid=590 comm="syz-executor.4" capability=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: audit_lost=51024 audit_rate_limit=0 audit_backlog_limit=64 INFO: task init:13373 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28888 13373 1 0x00000000 ffff8801c9054740 ffff8801d38f8580 ffff8801a8757380 ffff8801ccba2f80 ffff8801db721018 ffff8801d393f580 ffffffff828075c2 ffff8801c9054ff0 000000000000015c 0000000000000000 0000000000000000 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771 [] __down_common kernel/locking/semaphore.c:221 [inline] [] __down+0x191/0x2b0 kernel/locking/semaphore.c:238 [] down+0x5e/0x80 kernel/locking/semaphore.c:61 [] console_lock+0x2c/0x80 kernel/printk/printk.c:2217 [] console_device+0x1c/0xc0 kernel/printk/printk.c:2554 [] tty_lookup_driver drivers/tty/tty_io.c:2008 [inline] [] tty_open_by_driver drivers/tty/tty_io.c:2053 [inline] [] tty_open+0x6f5/0xdf0 drivers/tty/tty_io.c:2130 [] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by kworker/u4:0/6: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] rcu_read_unlock include/linux/rcupdate.h:927 [inline] #0: (rcu_read_lock){......}, at: [] rcu_lock_break kernel/hung_task.c:143 [inline] #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:177 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x310/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1900: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2028: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/u4:2/2120: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:3/2127: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:4/2134: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:6/2141: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:7/10392: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:8/10448: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:9/10453: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:10/10455: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:11/10461: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:13/10492: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:14/10496: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:16/10505: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:17/10513: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:19/10523: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:21/10529: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:22/10531: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:24/10538: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:25/10547: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:26/10576: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:27/10582: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:28/10590: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:29/10592: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:30/10594: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:31/10600: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:32/10602: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:34/10610: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:35/10614: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:36/10617: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:37/10621: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:38/10625: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:39/10632: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:40/10641: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:41/10647: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:42/10649: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:43/10656: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:44/10660: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:45/10664: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:46/10669: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:47/10679: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:48/10682: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:49/10708: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:50/10710: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:51/10873: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:52/10937: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:53/11009: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:55/11013: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:56/11033: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:57/11040: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:59/11293: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:60/11359: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:61/11401: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:64/11755: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:65/11859: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:66/11916: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:68/12211: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:69/12262: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:70/12264: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:72/12275: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:74/12284: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:75/12289: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:76/12306: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:77/12312: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:79/12336: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:80/12339: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:81/12341: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:82/12353: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:85/12507: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:87/12516: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:88/12524: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:89/12541: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:90/12558: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:91/12620: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:92/12637: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:93/12656: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:94/12664: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:95/12666: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:96/12668: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:97/12673: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:98/12692: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:99/12705: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:100/12782: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:102/12787: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:103/12797: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by init/13373: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/13389: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/13508: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/13563: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/13564: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/13592: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 2 locks held by kworker/u4:105/13642: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:106/13684: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:107/13688: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:108/13741: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:109/15588: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:111/15691: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:112/15747: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:113/15797: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:114/15846: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:115/15848: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:117/15865: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:118/18044: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:119/19228: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:120/19242: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:121/19256: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:125/19403: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:126/19405: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:127/19407: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:128/19411: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:129/20499: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:130/20538: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:131/24300: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:136/24343: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:137/24351: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:138/24382: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 2 locks held by kworker/u4:139/24389: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by syz-executor.4/32566: #0: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #0: (&anon_vma->rwsem){++++..}, at: [] unlink_anon_vmas+0x184/0x840 mm/rmap.c:385 1 lock held by syz-executor.4/32672: #0: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #0: (&anon_vma->rwsem){++++..}, at: [] unlink_anon_vmas+0x184/0x840 mm/rmap.c:385 4 locks held by syz-executor.4/948: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/950: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/953: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/957: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/959: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/960: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/962: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/963: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/965: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/978: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/980: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/982: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/983: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/984: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/987: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/989: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/990: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/993: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/996: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/997: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 4 locks held by syz-executor.4/1000: #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mmap kernel/fork.c:573 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] dup_mm kernel/fork.c:1156 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_mm kernel/fork.c:1210 [inline] #0: (&dup_mmap_sem){.+.+.+}, at: [] copy_process.part.8+0x3d95/0x6a10 kernel/fork.c:1692 #1: (&mm->mmap_sem){++++++}, at: [] dup_mmap kernel/fork.c:574 [inline] #1: (&mm->mmap_sem){++++++}, at: [] dup_mm kernel/fork.c:1156 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_mm kernel/fork.c:1210 [inline] #1: (&mm->mmap_sem){++++++}, at: [] copy_process.part.8+0x3db0/0x6a10 kernel/fork.c:1692 #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mmap kernel/fork.c:583 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] dup_mm kernel/fork.c:1156 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_mm kernel/fork.c:1210 [inline] #2: (&mm->mmap_sem/1){+.+.+.}, at: [] copy_process.part.8+0x3df9/0x6a10 kernel/fork.c:1692 #3: (&anon_vma->rwsem){++++..}, at: [] lock_anon_vma_root mm/rmap.c:235 [inline] #3: (&anon_vma->rwsem){++++..}, at: [] anon_vma_clone+0x143/0x4b0 mm/rmap.c:275 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 561 Comm: syz-executor.4 Not tainted 4.9.141+ #1 task: ffff8801a82e8000 task.stack: ffff8801990f0000 RIP: 0010:[] c [] __tlb_remove_page_size+0x1ad/0x500 mm/memory.c:321 RSP: 0018:ffff8801990f76e8 EFLAGS: 00000292 RAX: 0000000000000000 RBX: 00007f74cb24c000 RCX: ffff8801990f7940 RDX: 0000000000000000 RSI: ffffffff81495806 RDI: ffff8801a83d7c20 RBP: ffff8801990f7708 R08: ffff8801a82e88d0 R09: 9e50ee563b4102ff R10: ffff8801a82e8000 R11: 0000000000000001 R12: ffff8801a83d7000 R13: 0000000000000182 R14: ffffea0006d26940 R15: ffff8801a83d7008 FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000003 CR3: 000000019b0f4000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 00007f74cb24d000c 000000000000038ac ffffea0006d26940c ffff880186415260c ffff8801990f7868c ffffffff81499b10c 1ffff1003321eefcc dffffc0000000003c fffffbfff067cf3ac 0000000000000019c 00007f74cb2e1fffc 00007f74cb2e1fffc Call Trace: [] __tlb_remove_page include/asm-generic/tlb.h:163 [inline] [] zap_pte_range mm/memory.c:1165 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0xe60/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c02 c00 c00 c4f c89 c74 cec c10 c31 cdb ceb c13 ce8 c6d c62 ce8 cff c45 c39 cec c0f c84 cf6 cfe cff cff cbb c01 c00 c00 c00 ce8 c5a c62 ce8 cff c89 cd8 c48 c83 cc4 c08 c5b c<41> c5c c41 c5d c41 c5e c41 c5f c5d cc3 c48 c89 c4d cd0 ce8 c40 c62 ce8 cff c4c c89 c