Hello, Peter. We got two reports. Neither RWSEM_READER_OWNED nor RWSEM_ANONYMOUSLY_OWNED is set, and (presumably) sem->owner == current is true, but count is -1. What does this mean? https://syzkaller.appspot.com/text?tag=CrashLog&x=169dbb9b400000 [ 2580.337550][ T3645] mmap_sem: hlock->read=1 count=-4294967295 current=ffff888050e04140, owner=ffff888050e04140 [ 2580.353526][ T3645] ------------[ cut here ]------------ [ 2580.367859][ T3645] downgrading a read lock [ 2580.367935][ T3645] WARNING: CPU: 1 PID: 3645 at kernel/locking/lockdep.c:3572 lock_downgrade+0x35d/0xbe0 [ 2580.382206][ T3645] Kernel panic - not syncing: panic_on_warn set ... https://syzkaller.appspot.com/text?tag=CrashLog&x=1542da4f400000 [ 386.342585][T16698] mmap_sem: hlock->read=1 count=-4294967295 current=ffff8880512ae180, owner=ffff8880512ae180 [ 386.348586][T16698] ------------[ cut here ]------------ [ 386.357203][T16698] downgrading a read lock [ 386.357294][T16698] WARNING: CPU: 1 PID: 16698 at kernel/locking/lockdep.c:3572 lock_downgrade+0x35d/0xbe0 [ 386.372148][T16698] Kernel panic - not syncing: panic_on_warn set ...