syzbot

------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff0000e3862f70, owner = 0x0, curr 0xffff0000d15c0000, list empty
WARNING: CPU: 1 PID: 7008 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 1 PID: 7008 Comm: syz-executor285 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
sp : ffff80001fb87860
x29: ffff80001fb878f0 x28: 1ffff00002b080b0 x27: ffff800015840000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000e3862fc8
x23: ffff0000d15c0000 x22: ffff80001fb87880 x21: 0000000000000000
x20: ffff0000e3862f70 x19: ffff0000e3862f70 x18: 1fffe0003686f976
x17: ffff80001583d000 x16: ffff800008304e88 x15: ffff0001b437cbbc
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 18eaf7e2930d9e00
x8 : 18eaf7e2930d9e00 x7 : ffff80000827c8d4 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff80001fb873c0 x1 : ffff8000122ac6e0 x0 : ffff80019ebea000
Call trace:
 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
 up_read+0x38/0x48 kernel/locking/rwsem.c:1616
 inode_unlock_shared include/linux/fs.h:773 [inline]
 lookup_slow+0x6c/0x84 fs/namei.c:1708
 walk_component+0x280/0x36c fs/namei.c:1998
 lookup_last fs/namei.c:2455 [inline]
 path_lookupat+0x13c/0x3d0 fs/namei.c:2479
 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508
 user_path_at_empty+0x5c/0x84 fs/namei.c:2907
 user_path_at include/linux/namei.h:57 [inline]
 do_mount fs/namespace.c:3391 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x428/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 118
hardirqs last  enabled at (117): [<ffff80000827c974>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
hardirqs last  enabled at (117): [<ffff80000827c974>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5004
hardirqs last disabled at (118): [<ffff80001214d10c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (34): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (32): [<ffff800008033144>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff0000e3862f70, owner = 0x0, curr 0xffff0000d15c0000, list empty
WARNING: CPU: 1 PID: 7008 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 1 PID: 7008 Comm: syz-executor285 Tainted: G        W          6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
sp : ffff80001fb87860
x29: ffff80001fb878f0 x28: 1ffff00002b080b0 x27: ffff800015840000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff0000e3862fc8
x23: ffff0000e3862f70 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000d15c0000 x19: ffff0000e3862f70 x18: 1fffe0003686f976
x17: 0000000000000000 x16: ffff800012151454 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 18eaf7e2930d9e00
x8 : 18eaf7e2930d9e00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001fb87158 x4 : ffff800015922ae0 x3 : ffff80000aa8ca8c
x2 : ffff0001b437ccd0 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
 up_read+0x38/0x48 kernel/locking/rwsem.c:1616
 inode_unlock_shared include/linux/fs.h:773 [inline]
 lookup_slow+0x6c/0x84 fs/namei.c:1708
 walk_component+0x280/0x36c fs/namei.c:1998
 lookup_last fs/namei.c:2455 [inline]
 path_lookupat+0x13c/0x3d0 fs/namei.c:2479
 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508
 user_path_at_empty+0x5c/0x84 fs/namei.c:2907
 user_path_at include/linux/namei.h:57 [inline]
 do_mount fs/namespace.c:3391 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x428/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 153
hardirqs last  enabled at (153): [<ffff80001214f520>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last  enabled at (153): [<ffff80001214f520>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (152): [<ffff80001221df6c>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last  enabled at (148): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (148): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (121): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---