BUG: sleeping function called from invalid context at lib/usercopy.c:28
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8944, name: syz-executor.3
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by syz-executor.3/8944:
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:360 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: _binder_inner_proc_lock drivers/android/binder.c:283 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: binder_ioctl_get_extended_error drivers/android/binder.c:5167 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: binder_ioctl+0x798/0x6d80 drivers/android/binder.c:5390
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 8944 Comm: syz-executor.3 Not tainted 5.18.0-rc6-next-20220516-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
__might_resched.cold+0x222/0x26b kernel/sched/core.c:9791
__might_fault+0x6c/0x170 mm/memory.c:5567
_copy_to_user+0x25/0x140 lib/usercopy.c:28
copy_to_user include/linux/uaccess.h:160 [inline]
binder_ioctl_get_extended_error drivers/android/binder.c:5168 [inline]
binder_ioctl+0x7aa/0x6d80 drivers/android/binder.c:5390
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f189ec890e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f189fdb7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f189ed9bf60 RCX: 00007f189ec890e9
RDX: 00000000200005c0 RSI: 00000000c00c6211 RDI: 0000000000000003
RBP: 00007f189ece308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8df3e48f R14: 00007f189fdb7300 R15: 0000000000022000
=============================
[ BUG: Invalid wait context ]
5.18.0-rc6-next-20220516-syzkaller #0 Tainted: G W
-----------------------------
syz-executor.3/8944 is trying to lock:
ffff888019c249d8 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0xa1/0x170 mm/memory.c:5569
other info that might help us debug this:
context-{4:4}
1 lock held by syz-executor.3/8944:
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:360 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: _binder_inner_proc_lock drivers/android/binder.c:283 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: binder_ioctl_get_extended_error drivers/android/binder.c:5167 [inline]
#0: ffff88807b3bd2f8 (&proc->inner_lock){+.+.}-{2:2}, at: binder_ioctl+0x798/0x6d80 drivers/android/binder.c:5390
stack backtrace:
CPU: 0 PID: 8944 Comm: syz-executor.3 Tainted: G W 5.18.0-rc6-next-20220516-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_lock_invalid_wait_context kernel/locking/lockdep.c:4705 [inline]
check_wait_context kernel/locking/lockdep.c:4766 [inline]
__lock_acquire.cold+0xdb/0x3b4 kernel/locking/lockdep.c:5003
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__might_fault mm/memory.c:5570 [inline]
__might_fault+0x104/0x170 mm/memory.c:5563
_copy_to_user+0x25/0x140 lib/usercopy.c:28
copy_to_user include/linux/uaccess.h:160 [inline]
binder_ioctl_get_extended_error drivers/android/binder.c:5168 [inline]
binder_ioctl+0x7aa/0x6d80 drivers/android/binder.c:5390
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f189ec890e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f189fdb7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f189ed9bf60 RCX: 00007f189ec890e9
RDX: 00000000200005c0 RSI: 00000000c00c6211 RDI: 0000000000000003
RBP: 00007f189ece308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8df3e48f R14: 00007f189fdb7300 R15: 0000000000022000