Hello,
syzbot found the following crash on:
HEAD commit: fa5941f4 Linux 4.14.114
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=12d32f38a00000
kernel config:
https://syzkaller.appspot.com/x/.config?x=d7780000df8e070e
dashboard link:
https://syzkaller.appspot.com/bug?extid=ca2bcb4480e72cbbaff8
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+ca2bcb...@syzkaller.appspotmail.com
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 142s!
INFO: task syz-executor.0:7001 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D24944 7001 6998 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
SYSC_clone kernel/fork.c:2168 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2162
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45737a
RSP: 002b:00007ffec150cf50 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffec150cf50 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffec150cf90 R08: 0000000000000001 R09: 0000000000d53940
R10: 0000000000d53c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec150cfe0
INFO: task syz-executor.5:7005 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D25232 7005 7000 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
SYSC_clone kernel/fork.c:2168 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2162
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45737a
RSP: 002b:00007ffccc3e9b10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffccc3e9b10 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffccc3e9b50 R08: 0000000000000001 R09: 00000000016f5940
R10: 00000000016f5c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffccc3e9ba0
INFO: task syz-executor.1:7006 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D24992 7006 6999 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
SYSC_clone kernel/fork.c:2168 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2162
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45737a
RSP: 002b:00007ffc1cfca180 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffc1cfca180 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffc1cfca1c0 R08: 0000000000000001 R09: 00000000028f8940
R10: 00000000028f8c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc1cfca210
INFO: task syz-executor.2:7007 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D24992 7007 7002 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
SYSC_clone kernel/fork.c:2168 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2162
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45737a
RSP: 002b:00007ffed031c600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffed031c600 RCX: 000000000045737a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffed031c640 R08: 0000000000000001 R09: 00000000024a9940
R10: 00000000024a9c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffed031c690
INFO: task syz-executor.1:8138 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D27520 8138 7006 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
wb_wait_for_completion fs/fs-writeback.c:221 [inline]
wb_wait_for_completion+0x133/0x190 fs/fs-writeback.c:217
sync_inodes_sb+0x170/0x9b0 fs/fs-writeback.c:2447
sync_inodes_one_sb+0x48/0x60 fs/sync.c:74
iterate_supers+0x133/0x250 fs/super.c:613
sys_sync+0x7a/0x130 fs/sync.c:113
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x200001ca
RSP: 002b:00007f9573d27bd8 EFLAGS: 00000a83 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000200001ca
RDX: 88b8b086124f4ca8 RSI: 0000000000000000 RDI: 0000000000400300
RBP: 00000000000000eb R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000a83 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
INFO: task syz-executor.2:8324 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D28760 8324 8294 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
sys_fork+0x1f/0x30 kernel/fork.c:2128
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x20000911
RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911
RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608
RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
INFO: task syz-executor.2:8344 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29520 8344 8304 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
sys_fork+0x1f/0x30 kernel/fork.c:2128
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x20000911
RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911
RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608
RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
INFO: task syz-executor.2:8350 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29520 8350 8295 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
sys_fork+0x1f/0x30 kernel/fork.c:2128
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x20000911
RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911
RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608
RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
INFO: task syz-executor.2:8352 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29248 8352 8301 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
sys_fork+0x1f/0x30 kernel/fork.c:2128
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x20000911
RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911
RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608
RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
INFO: task syz-executor.2:8355 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29520 8355 8309 0x00000000
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:572 [inline]
rwsem_down_write_failed+0x5cd/0xbe0 kernel/locking/rwsem-xadd.c:601
call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x53/0x90 kernel/locking/rwsem.c:56
i_mmap_lock_write include/linux/fs.h:470 [inline]
dup_mmap kernel/fork.c:681 [inline]
dup_mm kernel/fork.c:1199 [inline]
copy_mm kernel/fork.c:1253 [inline]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
copy_process kernel/fork.c:1570 [inline]
_do_fork+0x19e/0xce0 kernel/fork.c:2058
sys_fork+0x1f/0x30 kernel/fork.c:2128
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x20000911
RSP: 002b:00007fc31be71bd8 EFLAGS: 00000216 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000911
RDX: 5bb50b0134176bba RSI: 0000000000000000 RDI: 00007fc31be72608
RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006
R10: 0000000000000007 R11: 0000000000000216 R12: 000000000000000b
R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/1008:
#0: (tasklist_lock){.+.+}, at: [<ffffffff81487148>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4541
5 locks held by kworker/u4:4/2279:
#0: ("writeback"){+.+.}, at: [<ffffffff813d130e>] work_static
include/linux/workqueue.h:199 [inline]
#0: ("writeback"){+.+.}, at: [<ffffffff813d130e>] set_work_data
kernel/workqueue.c:619 [inline]
#0: ("writeback"){+.+.}, at: [<ffffffff813d130e>]
set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("writeback"){+.+.}, at: [<ffffffff813d130e>]
process_one_work+0x76e/0x1610 kernel/workqueue.c:2085
#1: ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffff813d134b>]
process_one_work+0x7ab/0x1610 kernel/workqueue.c:2089
#2: (&sbi->s_journal_flag_rwsem){.+.+}, at: [<ffffffff81739b32>]
do_writepages+0xd2/0x250 mm/page-writeback.c:2364
#3: (&ei->i_data_sem){++++}, at: [<ffffffff81c1effb>]
ext4_map_blocks+0x77b/0x16e0 fs/ext4/inode.c:628
#4: (pcpu_drain_mutex){+.+.}, at: [<ffffffff817217ad>]
drain_all_pages+0x4d/0x570 mm/page_alloc.c:2493
3 locks held by rs:main Q:Reg/6834:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff81942e9b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
#1: (sb_writers#4){.+.+}, at: [<ffffffff818d9cff>] file_start_write
include/linux/fs.h:2702 [inline]
#1: (sb_writers#4){.+.+}, at: [<ffffffff818d9cff>] vfs_write+0x3af/0x500
fs/read_write.c:543
#2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1fb5>]
inode_trylock include/linux/fs.h:735 [inline]
#2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff81bf1fb5>]
ext4_file_write_iter+0x205/0xfd0 fs/ext4/file.c:230
2 locks held by getty/6959:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6960:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6961:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6962:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6963:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6964:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6965:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
1 lock held by syz-fuzzer/6996:
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff8522cbe2>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff8522cbe2>]
tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1445
1 lock held by syz-executor.0/6998:
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
unlink_file_vma+0x76/0xb0 mm/mmap.c:158
4 locks held by syz-executor.0/7001:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mmap
kernel/fork.c:681 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mm
kernel/fork.c:1199 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] copy_mm
kernel/fork.c:1253 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
1 lock held by syz-executor.2/7002:
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
unlink_file_vma+0x76/0xb0 mm/mmap.c:158
1 lock held by syz-executor.3/7003:
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#0: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff817ded16>]
unlink_file_vma+0x76/0xb0 mm/mmap.c:158
4 locks held by syz-executor.5/7005:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mmap
kernel/fork.c:681 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mm
kernel/fork.c:1199 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] copy_mm
kernel/fork.c:1253 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
4 locks held by syz-executor.1/7006:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mmap
kernel/fork.c:681 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mm
kernel/fork.c:1199 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] copy_mm
kernel/fork.c:1253 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
4 locks held by syz-executor.2/7007:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
i_mmap_lock_write include/linux/fs.h:470 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mmap
kernel/fork.c:681 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] dup_mm
kernel/fork.c:1199 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>] copy_mm
kernel/fork.c:1253 [inline]
#3: (&mapping->i_mmap_rwsem){++++}, at: [<ffffffff81370717>]
copy_process.part.0+0x4147/0x6950 kernel/fork.c:1755
1 lock held by udevd/7131:
#0: (&mm->mmap_sem){++++}, at: [<ffffffff8129896a>]
__do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1354
1 lock held by udevd/7142:
#0: (&mm->mmap_sem){++++}, at: [<ffffffff8129896a>]
__do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1354
2 locks held by syz-executor.1/8138:
#0: (&type->s_umount_key#45){++++}, at: [<ffffffff818e13b1>]
iterate_supers+0xe1/0x250 fs/super.c:611
#1: (&bdi->wb_switch_rwsem){+.+.}, at: [<ffffffff81976cb0>]
bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:336 [inline]
#1: (&bdi->wb_switch_rwsem){+.+.}, at: [<ffffffff81976cb0>]
sync_inodes_sb+0x150/0x9b0 fs/fs-writeback.c:2445
3 locks held by syz-executor.2/8281:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8282:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8288:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8289:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8290:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8291:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8292:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8293:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
4 locks held by syz-executor.2/8294:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff817fe233>] lock_anon_vma_root
mm/rmap.c:238 [inline]
#3: (&anon_vma->rwsem){++++}, at: [<ffffffff817fe233>]
anon_vma_clone+0x143/0x470 mm/rmap.c:278
3 locks held by syz-executor.2/8295:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8296:
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mmap
kernel/fork.c:606 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] dup_mm
kernel/fork.c:1199 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>] copy_mm
kernel/fork.c:1253 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<ffffffff8137027f>]
copy_process.part.0+0x3caf/0x6950 kernel/fork.c:1755
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mmap
kernel/fork.c:607 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] dup_mm
kernel/fork.c:1199 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>] copy_mm
kernel/fork.c:1253 [inline]
#1: (&mm->mmap_sem){++++}, at: [<ffffffff8137029b>]
copy_process.part.0+0x3ccb/0x6950 kernel/fork.c:1755
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mmap
kernel/fork.c:616 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] dup_mm
kernel/fork.c:1199 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>] copy_mm
kernel/fork.c:1253 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<ffffffff813702d5>]
copy_process.part.0+0x3d05/0x6950 kernel/fork.c:1755
3 locks held by syz-executor.2/8297: