ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/0:17:17825 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:17 D25816 17825 2 0x90000000 Workqueue: events proc_cleanup_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline] _synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 kern_unmount fs/namespace.c:3295 [inline] kern_unmount+0x67/0xe0 fs/namespace.c:3290 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/0:29:17875 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:29 D26192 17875 2 0x90000000 Workqueue: events proc_cleanup_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline] _synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667 synchronize_rcu+0xc6/0x160 kernel/rcu/tree_plugin.h:818 kern_unmount fs/namespace.c:3295 [inline] kern_unmount+0x67/0xe0 fs/namespace.c:3290 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Showing all locks held in the system: 4 locks held by kworker/u4:4/683: #0: 000000008aaae169 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000ba2027d5 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000f53d5d20 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 000000004e974fc5 (rtnl_mutex){+.+.}, at: cangw_pernet_exit+0xe/0x20 net/can/gw.c:1032 1 lock held by khungtaskd/1571: #0: 0000000080c952c6 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7811: 2 locks held by kworker/u4:5/8794: 2 locks held by kworker/0:17/17825: #0: 0000000035f034af ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000dc200dc0 ((work_completion)(&ns->proc_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 2 locks held by kworker/0:27/17858: 3 locks held by kworker/0:28/17872: #0: 0000000035f034af ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000005f71da7d ((work_completion)(&ns->proc_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000007c545cc4 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #2: 000000007c545cc4 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 2 locks held by kworker/0:29/17875: #0: 0000000035f034af ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000f0f4ec37 ((work_completion)(&ns->proc_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 2 locks held by syz-executor.4/22344: #0: 000000004e974fc5 (rtnl_mutex){+.+.}, at: tun_detach drivers/net/tun.c:759 [inline] #0: 000000004e974fc5 (rtnl_mutex){+.+.}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3323 #1: 000000007c545cc4 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #1: 000000007c545cc4 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 4 locks held by syz-executor.3/30974: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d9e81824 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d9e81824 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d9e81824 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d9e81824 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000066fd0fa6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000066fd0fa6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000066fd0fa6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000066fd0fa6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/30992: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005a828687 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005a828687 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005a828687 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005a828687 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000870e1e88 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000870e1e88 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000870e1e88 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000870e1e88 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/30994: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/30995: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/30996: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/30997: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000df851ac4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000df851ac4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000df851ac4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000df851ac4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000022d9cfaf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000022d9cfaf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000022d9cfaf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000022d9cfaf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/30998: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31002: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31003: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31004: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ddc234b4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ddc234b4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ddc234b4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ddc234b4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c3edcb0c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c3edcb0c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c3edcb0c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c3edcb0c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31005: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c3366c9a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c3366c9a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c3366c9a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c3366c9a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003fb95d30 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003fb95d30 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003fb95d30 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003fb95d30 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31006: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31007: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000045b9f2c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000045b9f2c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000045b9f2c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000045b9f2c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006811d3c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006811d3c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006811d3c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006811d3c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31009: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000059f08637 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000059f08637 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000059f08637 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000059f08637 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004ac782f3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004ac782f3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004ac782f3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004ac782f3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31010: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31011: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009c899bf6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009c899bf6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009c899bf6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009c899bf6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000042b3439f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000042b3439f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000042b3439f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000042b3439f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31012: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31017: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f3874d80 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f3874d80 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f3874d80 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f3874d80 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002014f5b3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002014f5b3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002014f5b3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002014f5b3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31019: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bf6e32b1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bf6e32b1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bf6e32b1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bf6e32b1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000056d39404 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000056d39404 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000056d39404 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000056d39404 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31021: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31022: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31023: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31024: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31025: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31026: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000d6391e2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000d6391e2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000d6391e2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000d6391e2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b4318806 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b4318806 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b4318806 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b4318806 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31027: #0: 00000000f00e82f5 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000f00e82f5 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31028: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006aecfc09 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006aecfc09 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006aecfc09 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006aecfc09 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d7a92778 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d7a92778 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d7a92778 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d7a92778 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31029: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a414b47d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a414b47d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a414b47d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a414b47d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ab2b2f4d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ab2b2f4d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ab2b2f4d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ab2b2f4d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31031: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a7e9ac0f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a7e9ac0f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a7e9ac0f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a7e9ac0f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008d2fd9f9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008d2fd9f9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008d2fd9f9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008d2fd9f9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31033: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31034: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31035: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e8c84a38 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e8c84a38 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e8c84a38 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e8c84a38 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ebc5ceaf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ebc5ceaf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ebc5ceaf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ebc5ceaf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31036: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31038: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004e519a63 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004e519a63 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004e519a63 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004e519a63 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000099fa10d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000099fa10d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000099fa10d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000099fa10d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31039: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000067179aad (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000067179aad (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000067179aad (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000067179aad (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000099932b4a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000099932b4a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000099932b4a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000099932b4a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31040: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008aff8c76 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008aff8c76 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008aff8c76 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008aff8c76 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001fde6c79 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001fde6c79 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001fde6c79 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001fde6c79 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31041: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31042: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31043: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31046: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31047: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31048: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a278dad7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a278dad7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a278dad7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a278dad7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000077fd57ea (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000077fd57ea (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000077fd57ea (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000077fd57ea (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31049: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c4630711 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c4630711 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c4630711 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c4630711 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000085c77576 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000085c77576 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000085c77576 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000085c77576 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31050: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003d6d65bf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003d6d65bf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003d6d65bf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003d6d65bf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005d211104 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005d211104 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005d211104 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005d211104 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31051: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31052: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31053: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31054: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bf570d36 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bf570d36 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bf570d36 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bf570d36 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002b53d3a9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002b53d3a9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002b53d3a9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002b53d3a9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31055: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000015d2bc27 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000015d2bc27 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000015d2bc27 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000015d2bc27 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ca4cca90 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ca4cca90 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ca4cca90 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ca4cca90 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31056: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f87e07bf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f87e07bf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f87e07bf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f87e07bf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000041bc61fe (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000041bc61fe (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000041bc61fe (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000041bc61fe (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31059: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31060: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31061: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000be4a03dc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000be4a03dc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000be4a03dc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000be4a03dc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000404b3375 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000404b3375 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000404b3375 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000404b3375 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31062: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000082762ad9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000082762ad9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000082762ad9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000082762ad9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000399cd9d9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000399cd9d9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000399cd9d9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000399cd9d9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31063: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31064: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31065: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31066: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009734f7fc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009734f7fc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009734f7fc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009734f7fc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ace25112 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ace25112 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ace25112 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ace25112 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31067: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000060c60115 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000060c60115 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000060c60115 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000060c60115 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000076c950c4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000076c950c4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000076c950c4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000076c950c4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31068: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31069: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d7266162 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d7266162 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d7266162 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d7266162 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000017cbb534 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000017cbb534 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000017cbb534 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000017cbb534 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31070: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31071: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31072: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000023da8d40 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000023da8d40 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000023da8d40 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000023da8d40 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b100bf18 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b100bf18 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b100bf18 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b100bf18 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31073: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31075: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31076: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31077: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000616faef7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000616faef7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000616faef7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000616faef7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bda11fe9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bda11fe9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bda11fe9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bda11fe9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31078: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31080: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31081: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000527934ab (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000527934ab (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000527934ab (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000527934ab (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e7815710 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e7815710 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e7815710 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e7815710 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31082: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eef5e2b6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eef5e2b6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eef5e2b6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eef5e2b6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000089928362 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000089928362 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000089928362 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000089928362 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31083: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31084: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31085: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31088: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c3f07525 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c3f07525 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c3f07525 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c3f07525 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000eaa55f7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000eaa55f7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000eaa55f7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000eaa55f7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31090: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31091: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ab294431 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ab294431 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ab294431 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ab294431 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000069862e0d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000069862e0d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000069862e0d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000069862e0d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31092: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31094: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31095: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e436b6b0 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e436b6b0 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e436b6b0 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e436b6b0 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f85d99f3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f85d99f3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f85d99f3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f85d99f3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31096: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31097: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31098: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31099: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fc9e74cb (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fc9e74cb (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fc9e74cb (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fc9e74cb (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e127e33a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e127e33a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e127e33a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e127e33a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31100: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009221df3b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009221df3b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009221df3b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009221df3b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000015858bf3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000015858bf3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000015858bf3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000015858bf3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31101: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000736235a9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000736235a9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000736235a9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000736235a9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004fcdac03 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004fcdac03 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004fcdac03 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004fcdac03 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31102: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000904e7c5e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000904e7c5e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000904e7c5e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000904e7c5e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007949a264 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007949a264 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007949a264 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007949a264 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31103: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31105: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31107: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000be32741c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000be32741c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000be32741c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000be32741c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008558892c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008558892c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008558892c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008558892c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31109: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000036874310 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000036874310 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000036874310 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000036874310 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b359363 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b359363 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b359363 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b359363 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31111: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31112: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31113: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31114: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008ab6c85e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008ab6c85e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008ab6c85e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008ab6c85e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d1a338f9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d1a338f9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d1a338f9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d1a338f9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31115: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31116: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009fc74656 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009fc74656 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009fc74656 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009fc74656 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e83fe052 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e83fe052 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e83fe052 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e83fe052 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31117: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fc26cbef (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fc26cbef (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fc26cbef (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fc26cbef (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000033496fb3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000033496fb3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000033496fb3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000033496fb3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31118: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31119: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31120: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31121: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31122: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000acd69298 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000acd69298 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000acd69298 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000acd69298 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a756520e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a756520e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a756520e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a756520e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31123: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007b4c04f1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007b4c04f1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007b4c04f1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007b4c04f1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d1fab135 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d1fab135 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d1fab135 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d1fab135 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31124: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31125: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31126: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008c453b4a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008c453b4a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008c453b4a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008c453b4a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000509f51e1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000509f51e1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000509f51e1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000509f51e1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31127: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000197b08b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000197b08b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000197b08b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000197b08b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007c612c6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007c612c6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007c612c6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007c612c6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31128: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31129: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31131: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000004b20fda7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000004b20fda7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000004b20fda7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000004b20fda7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b0ac8f09 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b0ac8f09 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b0ac8f09 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b0ac8f09 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31132: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31134: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31135: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31136: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31139: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006c4be0df (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006c4be0df (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006c4be0df (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006c4be0df (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000048997e9e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000048997e9e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000048997e9e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000048997e9e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31145: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31146: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31147: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000084012487 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000084012487 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000084012487 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000084012487 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ce33793e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ce33793e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ce33793e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ce33793e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31148: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31149: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31150: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007d6625f2 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007d6625f2 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007d6625f2 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007d6625f2 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000eb1221f7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000eb1221f7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000eb1221f7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000eb1221f7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31151: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31152: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31153: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001e864c08 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001e864c08 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001e864c08 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001e864c08 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fb9fd1c4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fb9fd1c4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fb9fd1c4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fb9fd1c4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31154: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f0245949 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f0245949 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f0245949 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f0245949 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008ae9e98a (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008ae9e98a (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008ae9e98a (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008ae9e98a (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31155: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31156: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31157: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31158: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eca453e1 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eca453e1 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eca453e1 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eca453e1 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009db7e622 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009db7e622 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009db7e622 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009db7e622 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31159: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008bdb0c73 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008bdb0c73 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008bdb0c73 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008bdb0c73 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000049c9a479 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000049c9a479 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000049c9a479 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000049c9a479 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31160: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31161: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000401e32c6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000401e32c6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000401e32c6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000401e32c6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ae3b6237 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ae3b6237 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ae3b6237 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ae3b6237 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31162: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31163: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000004f53863 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000004f53863 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000004f53863 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000004f53863 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000662f1d05 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000662f1d05 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000662f1d05 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000662f1d05 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31164: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000068dbec8a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000068dbec8a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000068dbec8a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000068dbec8a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001f127ebf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001f127ebf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001f127ebf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001f127ebf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31165: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31166: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31169: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31170: 1 lock held by syz-executor.3/31171: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31173: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31174: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31176: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31178: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31179: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006f6b612a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006f6b612a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006f6b612a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006f6b612a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000222fe03 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000222fe03 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000222fe03 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000222fe03 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31180: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000063aa7f7e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000063aa7f7e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000063aa7f7e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000063aa7f7e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000cb28a248 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000cb28a248 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000cb28a248 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000cb28a248 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31181: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31182: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31183: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31184: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002e9405b4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002e9405b4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002e9405b4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002e9405b4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000026674916 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000026674916 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000026674916 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000026674916 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31186: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003f57741c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003f57741c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003f57741c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003f57741c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000c1d23ddd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000c1d23ddd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000c1d23ddd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000c1d23ddd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31187: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000050762305 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000050762305 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000050762305 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000050762305 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000048e8c2ab (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000048e8c2ab (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000048e8c2ab (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000048e8c2ab (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31188: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000554bdba5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000554bdba5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000554bdba5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000554bdba5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a2627a18 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a2627a18 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a2627a18 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a2627a18 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31189: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31190: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31191: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31192: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31193: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31194: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31195: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31197: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31198: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000335b8570 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000335b8570 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000335b8570 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000335b8570 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000742979fd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000742979fd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000742979fd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000742979fd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31200: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31201: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31202: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cc36152f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cc36152f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cc36152f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cc36152f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000582ba667 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000582ba667 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000582ba667 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000582ba667 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31203: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31204: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31205: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31206: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31207: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31208: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31209: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31210: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31211: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31212: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31215: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31216: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000625f774f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000625f774f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000625f774f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000625f774f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000dbccff7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000dbccff7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000dbccff7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000dbccff7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31217: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31218: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31219: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31221: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31223: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31224: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000aedaee76 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000aedaee76 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000aedaee76 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000aedaee76 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000054ffc7bd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000054ffc7bd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000054ffc7bd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000054ffc7bd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31225: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31226: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31227: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31228: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31229: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31231: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31233: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31234: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31235: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31236: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f8b754b4 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f8b754b4 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f8b754b4 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f8b754b4 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004dc11981 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004dc11981 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004dc11981 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004dc11981 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31238: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31239: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31240: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31241: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31242: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31243: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31244: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31245: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31247: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31248: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005209504b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005209504b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005209504b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005209504b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007860aee6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007860aee6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007860aee6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007860aee6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31249: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31250: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31251: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31252: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31253: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31254: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31256: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31258: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31259: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31260: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31262: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000021e18f94 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000021e18f94 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000021e18f94 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000021e18f94 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001754f882 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001754f882 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001754f882 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001754f882 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31263: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31264: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31270: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c4a5c120 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c4a5c120 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c4a5c120 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c4a5c120 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000813f8a08 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000813f8a08 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000813f8a08 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000813f8a08 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31272: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31273: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31274: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31275: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31276: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31277: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31278: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31279: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31280: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31283: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31284: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31285: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31286: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31287: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31288: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ffaa144c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ffaa144c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ffaa144c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ffaa144c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b22f542f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b22f542f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b22f542f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b22f542f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31290: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31291: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31292: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31293: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c722b811 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c722b811 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c722b811 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c722b811 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006e0ba4a7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006e0ba4a7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006e0ba4a7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006e0ba4a7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31295: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31296: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31297: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31298: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000006bb1fa0f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000006bb1fa0f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000006bb1fa0f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000006bb1fa0f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000062640aaf (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000062640aaf (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000062640aaf (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000062640aaf (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31299: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31301: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31302: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31303: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31304: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31305: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31306: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31308: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31309: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31310: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31311: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000065cb041 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000065cb041 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000065cb041 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000065cb041 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000135c3c6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000135c3c6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000135c3c6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000135c3c6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31312: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000001c5b4a7e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000001c5b4a7e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000001c5b4a7e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000001c5b4a7e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b91f073 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b91f073 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b91f073 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b91f073 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31313: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ac0bf380 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ac0bf380 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ac0bf380 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ac0bf380 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000008df98c6c (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000008df98c6c (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000008df98c6c (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000008df98c6c (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31314: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31316: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31317: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eb96f68e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eb96f68e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eb96f68e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eb96f68e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006c9c8471 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006c9c8471 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006c9c8471 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006c9c8471 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31318: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ee8e0a7e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ee8e0a7e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ee8e0a7e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ee8e0a7e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000004764c20d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000004764c20d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000004764c20d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000004764c20d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31319: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31321: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f833c0e3 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f833c0e3 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f833c0e3 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f833c0e3 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003855a78e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003855a78e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003855a78e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003855a78e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31322: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000002ab34b21 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000002ab34b21 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000002ab34b21 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000002ab34b21 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000016c551dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000016c551dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000016c551dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000016c551dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31323: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000039ce6dca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000039ce6dca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000039ce6dca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000039ce6dca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000fe443184 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000fe443184 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000fe443184 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000fe443184 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31324: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31325: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000094c34502 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000094c34502 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000094c34502 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000094c34502 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005f8db319 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005f8db319 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005f8db319 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005f8db319 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31326: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000011b95a6f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000011b95a6f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000011b95a6f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000011b95a6f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a4f3a8e9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a4f3a8e9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a4f3a8e9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a4f3a8e9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31327: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000009384b0ed (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000009384b0ed (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000009384b0ed (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000009384b0ed (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000083d18126 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000083d18126 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000083d18126 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000083d18126 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31328: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31329: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31330: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31331: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31332: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31333: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31335: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000883dcebe (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000883dcebe (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000883dcebe (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000883dcebe (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000013cf7d9 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000013cf7d9 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000013cf7d9 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000013cf7d9 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31336: #0: 00000000f00e82f5 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000f00e82f5 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31337: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31338: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000bee0d815 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000bee0d815 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000bee0d815 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000bee0d815 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007676dd28 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007676dd28 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007676dd28 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007676dd28 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31339: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31341: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000000e7ebf62 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000000e7ebf62 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000000e7ebf62 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000000e7ebf62 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000077669262 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000077669262 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000077669262 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000077669262 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31342: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003f1e9928 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003f1e9928 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003f1e9928 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003f1e9928 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002425cf14 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002425cf14 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002425cf14 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002425cf14 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31343: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000007e104db (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000007e104db (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000007e104db (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000007e104db (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000080b9c756 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000080b9c756 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000080b9c756 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000080b9c756 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31344: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31345: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31346: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31347: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000552420a9 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000552420a9 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000552420a9 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000552420a9 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000054e0f555 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000054e0f555 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000054e0f555 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000054e0f555 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31348: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31349: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008601998d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008601998d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008601998d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008601998d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005d1d9722 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005d1d9722 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005d1d9722 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005d1d9722 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31350: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000080cc3c34 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000080cc3c34 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000080cc3c34 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000080cc3c34 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000057047f69 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000057047f69 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000057047f69 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000057047f69 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31351: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008753e9ea (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008753e9ea (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008753e9ea (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008753e9ea (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bde8c756 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bde8c756 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bde8c756 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bde8c756 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31352: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31353: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31355: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31356: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31357: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31359: #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000003a990f60 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31360: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31361: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31362: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000a1416323 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000a1416323 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000a1416323 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000a1416323 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bc34f568 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bc34f568 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bc34f568 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bc34f568 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31363: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31364: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f93c246e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f93c246e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f93c246e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f93c246e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007df2e2a8 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007df2e2a8 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007df2e2a8 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007df2e2a8 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31365: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31366: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000013cbbecc (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000013cbbecc (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000013cbbecc (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000013cbbecc (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e324150f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e324150f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e324150f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e324150f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31367: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000003ac3d61d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000003ac3d61d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000003ac3d61d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000003ac3d61d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000028856ac3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000028856ac3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000028856ac3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000028856ac3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31368: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000008bbf998b (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000008bbf998b (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000008bbf998b (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000008bbf998b (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000725ab6e3 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000725ab6e3 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000725ab6e3 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000725ab6e3 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31369: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31370: #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31371: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000048ec3cd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000048ec3cd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000048ec3cd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000048ec3cd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000080233c10 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000080233c10 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000080233c10 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000080233c10 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31372: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31374: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31375: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31376: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c88befe5 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c88befe5 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c88befe5 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c88befe5 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b324a28 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b324a28 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b324a28 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b324a28 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31377: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000023109785 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000023109785 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000023109785 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000023109785 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000599fa0d6 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000599fa0d6 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000599fa0d6 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000599fa0d6 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31378: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31379: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000d117a1b6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000d117a1b6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000d117a1b6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000d117a1b6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000009bda121b (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000009bda121b (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000009bda121b (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000009bda121b (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31380: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007d9b8da7 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007d9b8da7 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007d9b8da7 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007d9b8da7 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000056c66133 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000056c66133 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000056c66133 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000056c66133 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31381: #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31382: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cf6c92ce (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cf6c92ce (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cf6c92ce (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cf6c92ce (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000006d522891 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000006d522891 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000006d522891 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000006d522891 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31383: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ea6c409c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ea6c409c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ea6c409c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ea6c409c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000007d17e418 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000007d17e418 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000007d17e418 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000007d17e418 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31384: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31385: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000833ebddf (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000833ebddf (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000833ebddf (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000833ebddf (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d55b0f1f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d55b0f1f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d55b0f1f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d55b0f1f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31386: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007491075e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007491075e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007491075e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007491075e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000bf327468 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000bf327468 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000bf327468 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000bf327468 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31387: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31388: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cb5c146c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cb5c146c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cb5c146c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cb5c146c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000d74e111 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000d74e111 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000d74e111 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000d74e111 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000c3828dd1 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31389: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000e7fae755 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000e7fae755 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000e7fae755 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000e7fae755 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001e314844 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001e314844 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001e314844 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001e314844 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31390: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000cae8984c (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000cae8984c (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000cae8984c (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000cae8984c (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e2c64e81 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e2c64e81 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e2c64e81 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e2c64e81 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31391: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000f87e711e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000f87e711e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000f87e711e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000f87e711e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a23695c4 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a23695c4 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a23695c4 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a23695c4 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31392: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000155b800d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000155b800d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000155b800d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000155b800d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000012773b87 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000012773b87 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000012773b87 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000012773b87 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31393: #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008a0e11fd (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31394: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000da950bb8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000da950bb8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000da950bb8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000da950bb8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000000075a223 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000000075a223 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000000075a223 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000000075a223 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31395: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31396: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31397: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31398: #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 00000000debf1804 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31399: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ed9a0b19 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ed9a0b19 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ed9a0b19 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ed9a0b19 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000a430b6d7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000a430b6d7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000a430b6d7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000a430b6d7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31400: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ab153aa8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ab153aa8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ab153aa8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ab153aa8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000003062ec1e (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000003062ec1e (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000003062ec1e (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000003062ec1e (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31401: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000c66595f6 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000c66595f6 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000c66595f6 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000c66595f6 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000002916f9af (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000002916f9af (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000002916f9af (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000002916f9af (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31402: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005e9bc371 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005e9bc371 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005e9bc371 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005e9bc371 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000559107b7 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000559107b7 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000559107b7 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000559107b7 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31403: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000037850910 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000037850910 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000037850910 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000037850910 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000ee9143bd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000ee9143bd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000ee9143bd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000ee9143bd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000debf1804 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31404: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31405: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31406: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31407: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000250ec418 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000250ec418 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000250ec418 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000250ec418 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000f6a1b937 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000f6a1b937 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000f6a1b937 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000f6a1b937 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31408: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000838d1bf8 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000838d1bf8 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000838d1bf8 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000838d1bf8 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000d0552652 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000d0552652 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000d0552652 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000d0552652 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31409: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31410: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000ff79b881 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000ff79b881 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000ff79b881 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000ff79b881 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000226f4c57 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000226f4c57 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000226f4c57 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000226f4c57 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31411: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b77c0c8e (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b77c0c8e (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b77c0c8e (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b77c0c8e (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000571987ba (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000571987ba (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000571987ba (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000571987ba (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31412: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b8c4ea2f (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b8c4ea2f (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b8c4ea2f (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b8c4ea2f (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001b2d27ca (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001b2d27ca (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001b2d27ca (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001b2d27ca (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000003a990f60 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31413: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000007a8a2e11 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000007a8a2e11 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000007a8a2e11 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000007a8a2e11 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000069e8f69d (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000069e8f69d (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000069e8f69d (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000069e8f69d (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31414: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fb6a019d (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fb6a019d (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fb6a019d (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fb6a019d (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000797b1fda (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000797b1fda (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000797b1fda (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000797b1fda (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31415: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005e9a44ef (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005e9a44ef (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005e9a44ef (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005e9a44ef (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000104109dd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000104109dd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000104109dd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000104109dd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31416: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000b1f92574 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000b1f92574 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000b1f92574 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000b1f92574 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000b983eaa1 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000b983eaa1 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000b983eaa1 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000b983eaa1 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31417: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31418: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 1 lock held by syz-executor.3/31419: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31420: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000aacf9e18 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000aacf9e18 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000aacf9e18 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000aacf9e18 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000005038fc30 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000005038fc30 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000005038fc30 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000005038fc30 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31421: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000095ad29dd (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000095ad29dd (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000095ad29dd (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000095ad29dd (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000404dfdcd (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000404dfdcd (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000404dfdcd (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000404dfdcd (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31422: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 000000005a999a72 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 000000005a999a72 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 000000005a999a72 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 000000005a999a72 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000677cad75 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000677cad75 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000677cad75 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000677cad75 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31423: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000146bc918 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000146bc918 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000146bc918 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000146bc918 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000049210012 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000049210012 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000049210012 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000049210012 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31424: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31425: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000021b50e90 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000021b50e90 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000021b50e90 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000021b50e90 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 000000001d79975f (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 000000001d79975f (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 000000001d79975f (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 000000001d79975f (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 00000000280e7e81 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31426: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000028c40c67 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000028c40c67 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000028c40c67 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000028c40c67 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000999b52f0 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000999b52f0 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000999b52f0 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000999b52f0 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31427: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000182a6076 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000182a6076 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000182a6076 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000182a6076 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000006bbd557 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000006bbd557 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000006bbd557 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000006bbd557 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31428: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 0000000037e8167a (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 0000000037e8167a (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 0000000037e8167a (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 0000000037e8167a (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000e0107ccc (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000e0107ccc (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000e0107ccc (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000e0107ccc (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 1 lock held by syz-executor.3/31429: #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #0: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: unlink_anon_vmas+0x178/0x840 mm/rmap.c:388 4 locks held by syz-executor.3/31430: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000fe06a4ac (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000fe06a4ac (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000fe06a4ac (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000fe06a4ac (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 00000000185a9a37 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 00000000185a9a37 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 00000000185a9a37 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 00000000185a9a37 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278 4 locks held by syz-executor.3/31431: #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #0: 00000000eed2bf11 (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2bb3/0x8260 kernel/fork.c:1913 #1: 00000000eaab9353 (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline] #1: 00000000eaab9353 (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1285 [inline] #1: 00000000eaab9353 (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1341 [inline] #1: 00000000eaab9353 (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1913 #2: 0000000074ec0252 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline] #2: 0000000074ec0252 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1285 [inline] #2: 0000000074ec0252 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1341 [inline] #2: 0000000074ec0252 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2c1c/0x8260 kernel/fork.c:1913 #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline] #3: 000000008b6bd291 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x145/0x5e0 mm/rmap.c:278