bisecting fixing commit since e109a984cf380b4b80418b7477c970bfeb428325 building syzkaller on cf9c3a505dd23f7f4e391c0c24c9a9d3b9b26385 testing commit e109a984cf380b4b80418b7477c970bfeb428325 with gcc (GCC) 8.1.0 kernel signature: 1d4565f22b066e0786f9ef680fd23dcdadef2d0e5d541048982c5be54ad4dc1d all runs: crashed: INFO: task hung in do_exit testing current HEAD 258f0cf7ac3b788a14c0d01aab3c4aea02f8c86e testing commit 258f0cf7ac3b788a14c0d01aab3c4aea02f8c86e with gcc (GCC) 8.1.0 kernel signature: 5bef95650aa78c36e6ba397320e9755e60a5b2f6d26b26bc5fecfb0ec3c29649 all runs: crashed: INFO: task hung in do_exit revisions tested: 2, total time: 32m34.74017321s (build: 18m46.152644418s, test: 12m15.472038469s) the crash still happens on HEAD commit msg: Linux 4.19.123 crash: INFO: task hung in do_exit IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 8021q: adding VLAN 0 to HW filter on device batadv0 INFO: task syz-executor.0:7250 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28136 7250 6271 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 __do_sys_exit_group kernel/exit.c:994 [inline] __se_sys_exit_group kernel/exit.c:992 [inline] __x64_sys_exit_group+0x39/0x40 kernel/exit.c:992 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd4c15a8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459279 RDX: 0000000000412f61 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007ffd4c15a900 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd4c15a900 R14: 0000000000000000 R15: 00007ffd4c15a910 INFO: task syz-executor.0:7253 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28008 7253 6271 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f82348efcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bf28 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c R13: 00007ffd4c15a69f R14: 00007f82348f09c0 R15: 000000000075bf2c INFO: task syz-executor.0:7267 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29192 7267 6271 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f82348cecf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfc8 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfc8 RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfcc R13: 00007ffd4c15a69f R14: 00007f82348cf9c0 R15: 000000000075bfcc INFO: task syz-executor.3:7251 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28136 7251 6268 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 __do_sys_exit_group kernel/exit.c:994 [inline] __se_sys_exit_group kernel/exit.c:992 [inline] __x64_sys_exit_group+0x39/0x40 kernel/exit.c:992 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc7e0c14a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459279 RDX: 0000000000412f61 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007ffc7e0c1500 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc7e0c1500 R14: 0000000000000000 R15: 00007ffc7e0c1510 INFO: task syz-executor.3:7255 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28008 7255 6268 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdf27da7cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bf28 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c R13: 00007ffc7e0c129f R14: 00007fdf27da89c0 R15: 000000000075bf2c INFO: task syz-executor.3:7268 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29192 7268 6268 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdf27d86cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfc8 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfc8 RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfcc R13: 00007ffc7e0c129f R14: 00007fdf27d879c0 R15: 000000000075bfcc INFO: task syz-executor.2:7270 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28136 7270 6264 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 __do_sys_exit_group kernel/exit.c:994 [inline] __se_sys_exit_group kernel/exit.c:992 [inline] __x64_sys_exit_group+0x39/0x40 kernel/exit.c:992 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc900d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459279 RDX: 0000000000412f61 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007ffc900d4440 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc900d4440 R14: 0000000000000000 R15: 00007ffc900d4450 INFO: task syz-executor.2:7272 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28008 7272 6264 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fe72fdeccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bf28 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c R13: 00007ffc900d41df R14: 00007fe72fded9c0 R15: 000000000075bf2c INFO: task syz-executor.2:7284 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29192 7284 6264 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 get_signal+0x313/0x1a00 kernel/signal.c:2588 do_signal+0x87/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x114/0x200 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x413/0x4e0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fe72fdcbcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000075bfc8 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfc8 RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfcc R13: 00007ffc900d41df R14: 00007fe72fdcc9c0 R15: 000000000075bfcc INFO: task syz-executor.4:7275 blocked for more than 140 seconds. Not tainted 4.19.123-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28120 7275 6270 0x80000000 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x21c/0x3e0 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x49/0xb0 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x617/0x2d20 kernel/exit.c:867 do_group_exit+0xf4/0x2f0 kernel/exit.c:983 __do_sys_exit_group kernel/exit.c:994 [inline] __se_sys_exit_group kernel/exit.c:992 [inline] __x64_sys_exit_group+0x39/0x40 kernel/exit.c:992 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd10c18268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459279 RDX: 0000000000412f61 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007ffd10c182c0 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd10c182c0 R14: 0000000000000000 R15: 00007ffd10c182d0 Showing all locks held in the system: 1 lock held by khungtaskd/1039: #0: 000000004a9753d7 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442 1 lock held by in:imklog/5768: #0: 00000000484d6117 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 1 lock held by syz-executor.0/7250: #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.0/7253: #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.0/7267: #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000e0786921 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.0/7283: 1 lock held by syz-executor.3/7251: #0: 00000000694e760a (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000694e760a (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.3/7255: #0: 00000000694e760a (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000694e760a (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.3/7268: #0: 00000000694e760a (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000694e760a (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 2 locks held by syz-executor.3/7282: 1 lock held by syz-executor.2/7270: #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.2/7272: #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.2/7284: #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 000000007e23e3a7 (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 2 locks held by syz-executor.2/7291: 1 lock held by syz-executor.4/7275: #0: 000000005160427e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 000000005160427e (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867 1 lock held by syz-executor.4/7277: #0: 000000005160427e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 000000005160427e (&mm->mmap_sem){++++}, at: do_exit+0x617/0x2d20 kernel/exit.c:867