INFO: task hung in hub_event
7 views
Skip to first unread message
syzbot
Dec 19, 2021, 6:11:26 AM12/19/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9dfbac0e6b86 Linux 4.14.258
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12cc300db00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9cac3dc48a267418
dashboard link: https://syzkaller.appspot.com/bug?extid=8488769862e6de1de44a
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+848876...@syzkaller.appspotmail.com
vhci_hcd: disconnect device
vhci_hcd: connection reset by peer
vhci_hcd: stop threads
vhci_hcd: connection reset by peer
vhci_hcd: release socket
INFO: task kworker/1:2:3054 blocked for more than 140 seconds.
vhci_hcd: unlink cleanup rx 1
Not tainted 4.14.258-syzkaller #0
vhci_hcd: connection reset by peer
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
vhci_hcd: disconnect device
kworker/1:2 D26760 3054 2 0x80000000
Workqueue: usb_hub_wq hub_event
usb 19-1: enqueue for inactive port 0
vhci_hcd: vhci_device speed not set
vhci_hcd: stop threads
Call Trace:
vhci_hcd: release socket
vhci_hcd: unlink cleanup rx 1
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
vhci_hcd: disconnect device
vhci_hcd: stop threads
vhci_hcd: release socket
vhci_hcd: unlink cleanup rx 1
vhci_hcd: disconnect device
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
hub_port_connect drivers/usb/core/hub.c:4921 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
port_event drivers/usb/core/hub.c:5250 [inline]
hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
usb 15-1: enqueue for inactive port 0
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
vhci_hcd: vhci_device speed not set
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
5 locks held by kworker/0:0/3:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
5 locks held by kworker/0:1/24:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by khungtaskd/1533:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8701ebe7>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
5 locks held by kworker/1:2/3054:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
6 locks held by kworker/0:2/3625:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
#5: (ehci_cf_port_reset_rwsem){.+.+}, at: [<ffffffff8444f6b9>] hub_port_reset+0x159/0x1410 drivers/usb/core/hub.c:2809
3 locks held by kworker/0:3/8620:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((addr_chk_work).work){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff8636bd0a>] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4416
5 locks held by kworker/0:4/9235:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by syz-executor.1/13452:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
1 lock held by syz-executor.3/27278:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
1 lock held by syz-executor.5/2127:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
3 locks held by kworker/1:6/11695:
#0: ("events"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((linkwatch_work).work){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff85c8f06a>] linkwatch_event+0xa/0x50 net/core/link_watch.c:236
5 locks held by kworker/0:5/25653:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by syz-executor.4/1066:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
4 locks held by syz-executor.0/5975:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5977:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5978:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5979:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5981:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5982:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5983:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5984:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5987:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5989:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5990:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5991:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5992:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5993:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5994:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5995:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5996:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5998:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5999:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6000:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6002:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6003:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6005:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6006:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6007:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6008:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6009:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6010:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6011:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6012:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6013:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6014:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6015:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6016:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6017:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6018:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6019:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6020:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6021:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6023:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6024:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6025:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6026:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6027:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6028:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6029:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6030:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6031:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6032:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6036:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6037:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6038:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6039:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6040:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6041:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6042:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6043:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6044:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6045:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6046:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6047:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6048:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6049:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6050:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6051:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6052:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6053:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6054:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 9dfbac0e6b86 Linux 4.14.258
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12cc300db00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9cac3dc48a267418
dashboard link: https://syzkaller.appspot.com/bug?extid=8488769862e6de1de44a
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+848876...@syzkaller.appspotmail.com
vhci_hcd: disconnect device
vhci_hcd: connection reset by peer
vhci_hcd: stop threads
vhci_hcd: connection reset by peer
vhci_hcd: release socket
INFO: task kworker/1:2:3054 blocked for more than 140 seconds.
vhci_hcd: unlink cleanup rx 1
Not tainted 4.14.258-syzkaller #0
vhci_hcd: connection reset by peer
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
vhci_hcd: disconnect device
kworker/1:2 D26760 3054 2 0x80000000
Workqueue: usb_hub_wq hub_event
usb 19-1: enqueue for inactive port 0
vhci_hcd: vhci_device speed not set
vhci_hcd: stop threads
Call Trace:
vhci_hcd: release socket
vhci_hcd: unlink cleanup rx 1
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
vhci_hcd: disconnect device
vhci_hcd: stop threads
vhci_hcd: release socket
vhci_hcd: unlink cleanup rx 1
vhci_hcd: disconnect device
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
hub_port_connect drivers/usb/core/hub.c:4921 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
port_event drivers/usb/core/hub.c:5250 [inline]
hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
usb 15-1: enqueue for inactive port 0
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
vhci_hcd: vhci_device speed not set
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
5 locks held by kworker/0:0/3:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
5 locks held by kworker/0:1/24:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by khungtaskd/1533:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8701ebe7>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
5 locks held by kworker/1:2/3054:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
6 locks held by kworker/0:2/3625:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
#5: (ehci_cf_port_reset_rwsem){.+.+}, at: [<ffffffff8444f6b9>] hub_port_reset+0x159/0x1410 drivers/usb/core/hub.c:2809
3 locks held by kworker/0:3/8620:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((addr_chk_work).work){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff8636bd0a>] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4416
5 locks held by kworker/0:4/9235:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by syz-executor.1/13452:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
1 lock held by syz-executor.3/27278:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
1 lock held by syz-executor.5/2127:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
3 locks held by kworker/1:6/11695:
#0: ("events"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((linkwatch_work).work){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff85c8f06a>] linkwatch_event+0xa/0x50 net/core/link_watch.c:236
5 locks held by kworker/0:5/25653:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff81364b80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&hub->events)){+.+.}, at: [<ffffffff81364bb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] device_lock include/linux/device.h:1082 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8445b508>] hub_event+0x108/0x3f60 drivers/usb/core/hub.c:5276
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] usb_lock_port drivers/usb/core/hub.c:2936 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect drivers/usb/core/hub.c:4920 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] port_event drivers/usb/core/hub.c:5250 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8445c9c0>] hub_event+0x15c0/0x3f60 drivers/usb/core/hub.c:5330
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect drivers/usb/core/hub.c:4921 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_port_connect_change drivers/usb/core/hub.c:5144 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] port_event drivers/usb/core/hub.c:5250 [inline]
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff8445c9ea>] hub_event+0x15ea/0x3f60 drivers/usb/core/hub.c:5330
1 lock held by syz-executor.4/1066:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_detach drivers/net/tun.c:593 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff83d53b04>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732
4 locks held by syz-executor.0/5975:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5977:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5978:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5979:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5981:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5982:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5983:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5984:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5987:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5989:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5990:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5991:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5992:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5993:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5994:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/5995:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/5996:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/5998:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/5999:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6000:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6002:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6003:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6005:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6006:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6007:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6008:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6009:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6010:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6011:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6012:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6013:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6014:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6015:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6016:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6017:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6018:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6019:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6020:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6021:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6023:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6024:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6025:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6026:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6027:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6028:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6029:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6030:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6031:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6032:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6036:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6037:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
4 locks held by syz-executor.0/6038:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6039:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6040:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6041:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6042:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6043:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6044:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6045:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6046:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6047:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6048:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
1 lock held by syz-executor.0/6049:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6050:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6051:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6052:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mmap kernel/fork.c:611 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] dup_mm kernel/fork.c:1200 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_mm kernel/fork.c:1255 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff81307ca8>] copy_process.part.0+0x43e8/0x71c0 kernel/fork.c:1791
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] lock_anon_vma_root mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff81785605>] anon_vma_clone+0x145/0x5b0 mm/rmap.c:278
1 lock held by syz-executor.0/6053:
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] lock_anon_vma_root mm/rmap.c:238 [inline]
#0: (&anon_vma->rwsem){++++}, at: [<ffffffff81784e58>] unlink_anon_vmas+0x178/0x7e0 mm/rmap.c:388
4 locks held by syz-executor.0/6054:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mmap kernel/fork.c:601 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] dup_mm kernel/fork.c:1200 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_mm kernel/fork.c:1255 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff81307c52>] copy_process.part.0+0x4392/0x71c0 kernel/fork.c:1791
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mmap kernel/fork.c:602 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] dup_mm kernel/fork.c:1200 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_mm kernel/fork.c:1255 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff81307c6e>] copy_process.part.0+0x43ae/0x71c0 kernel/fork.c:1791
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 10, 2022, 6:19:18 AM5/10/22
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages