------------[ cut here ]------------ WARNING: CPU: 1 PID: 25875 at include/linux/mmap_lock.h:155 mmap_assert_locked include/linux/mmap_lock.h:155 [inline] WARNING: CPU: 1 PID: 25875 at include/linux/mmap_lock.h:155 find_vma+0x110/0x160 mm/mmap.c:2255 Modules linked in: CPU: 1 PID: 25875 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller-16455-ga41a877bc12d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mmap_assert_locked include/linux/mmap_lock.h:155 [inline] pc : find_vma+0x110/0x160 mm/mmap.c:2255 lr : mmap_assert_locked include/linux/mmap_lock.h:155 [inline] lr : find_vma+0x110/0x160 mm/mmap.c:2255 sp : ffff800020cc3a90 x29: ffff800020cc3a90 x28: ffff0000fa1b6ee0 x27: 0000000000000000 x26: ffff0000fa1b6c00 x25: 0000000000000000 x24: 0000000000000000 x23: ffff0000fa1b6c30 x22: ffff80000cebf1cb x21: ffff0000f82aca80 x20: 0000000000000000 x19: 0000000020ffc000 x18: 0000000000000000 x17: 0000000000000000 x16: ffff80000dbb8658 x15: ffff0000fc859a80 x14: 0000000000000158 x13: 00000000ffffffff x12: 0000000000040000 x11: 0000000000000b07 x10: ffff800014207000 x9 : ffff80000848baa8 x8 : 0000000000000b08 x7 : ffff80000aff43b4 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : ffff0000fc859a80 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: mmap_assert_locked include/linux/mmap_lock.h:155 [inline] find_vma+0x110/0x160 mm/mmap.c:2255 vma_lookup include/linux/mm.h:2743 [inline] binder_alloc_get_vma drivers/android/binder_alloc.c:340 [inline] binder_alloc_print_pages+0x58/0x180 drivers/android/binder_alloc.c:932 print_binder_proc_stats drivers/android/binder.c:6289 [inline] stats_show+0x2d8/0x3e0 drivers/android/binder.c:6352 seq_read_iter+0x220/0x5e0 fs/seq_file.c:230 seq_read+0x98/0xd0 fs/seq_file.c:162 full_proxy_read+0x94/0x140 fs/debugfs/file.c:231 vfs_read+0x19c/0x448 fs/read_write.c:468 ksys_read+0xb4/0x160 fs/read_write.c:607 __do_sys_read fs/read_write.c:617 [inline] __se_sys_read fs/read_write.c:615 [inline] __arm64_sys_read+0x24/0x34 fs/read_write.c:615 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x154 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 irq event stamp: 234 hardirqs last enabled at (233): [] mod_objcg_state+0x19c/0x204 mm/memcontrol.c:3158 hardirqs last disabled at (234): [] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:395 softirqs last enabled at (218): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (216): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- mm ffff0000f82aca80 mmap ffff0000cb3aebb8 seqnum 1 task_size 281474976710656 get_unmapped_area ffff80000848b950 mmap_base 281473024086016 mmap_legacy_base 0 highest_vm_end 281474379792384 pgd ffff00010180e000 mm_users 2 mm_count 2 pgtables_bytes 77824 map_count 24 hiwater_rss 861 hiwater_vm 34f6 total_vm 34f6 locked_vm 0 pinned_vm 0 data_vm 23a1 exec_vm e6 stack_vm 21 start_code ffff8a800000 end_code ffff8a8e475c start_data ffff8a8f5230 end_data ffff8a942058 start_brk aaaaafc16000 brk aaaaafc38000 start_stack ffffdc6bb5d0 arg_start ffffdc6bbec8 arg_end ffffdc6bbee2 env_start ffffdc6bbee2 env_end ffffdc6bbfe3 binfmt ffff80000d4ed0f0 flags 8d ioctx_table 0000000000000000 owner ffff0000fc858000 exe_file ffff0000c5de3800 ------------[ cut here ]------------ kernel BUG at include/linux/mmap_lock.h:156! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 25875 Comm: syz-executor.0 Tainted: G W 6.0.0-rc2-syzkaller-16455-ga41a877bc12d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mmap_assert_locked include/linux/mmap_lock.h:156 [inline] pc : find_vma+0x15c/0x160 mm/mmap.c:2255 lr : mmap_assert_locked include/linux/mmap_lock.h:156 [inline] lr : find_vma+0x15c/0x160 mm/mmap.c:2255 sp : ffff800020cc3a90 x29: ffff800020cc3a90 x28: ffff0000fa1b6ee0 x27: 0000000000000000 x26: ffff0000fa1b6c00 x25: 0000000000000000 x24: 0000000000000000 x23: ffff0000fa1b6c30 x22: ffff80000cebf1cb x21: ffff0000f82aca80 x20: 0000000000000000 x19: 0000000020ffc000 x18: 000000000000028c x17: ffff80000c04d6bc x16: ffff80000dbb8658 x15: ffff0000fc859a80 x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000 x11: 000000000003ffff x10: ffff800014207000 x9 : 169746ddd8cdb000 x8 : 169746ddd8cdb000 x7 : ffff800008163ce8 x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : ffff0001fefddcd0 x1 : 0000000100000000 x0 : 0000000000000360 Call trace: mmap_assert_locked include/linux/mmap_lock.h:156 [inline] find_vma+0x15c/0x160 mm/mmap.c:2255 vma_lookup include/linux/mm.h:2743 [inline] binder_alloc_get_vma drivers/android/binder_alloc.c:340 [inline] binder_alloc_print_pages+0x58/0x180 drivers/android/binder_alloc.c:932 print_binder_proc_stats drivers/android/binder.c:6289 [inline] stats_show+0x2d8/0x3e0 drivers/android/binder.c:6352 seq_read_iter+0x220/0x5e0 fs/seq_file.c:230 seq_read+0x98/0xd0 fs/seq_file.c:162 full_proxy_read+0x94/0x140 fs/debugfs/file.c:231 vfs_read+0x19c/0x448 fs/read_write.c:468 ksys_read+0xb4/0x160 fs/read_write.c:607 __do_sys_read fs/read_write.c:617 [inline] __se_sys_read fs/read_write.c:615 [inline] __arm64_sys_read+0x24/0x34 fs/read_write.c:615 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x154 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 Code: 17ffffd1 97f85f78 aa1503e0 97ff3140 (d4210000) ---[ end trace 0000000000000000 ]---