------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff888075e92d18, owner = 0x1, curr 0xffff88802c369f00, list not empty
WARNING: kernel/locking/rwsem.c:1389 at __up_read+0x307/0x6b0 kernel/locking/rwsem.c:1389, CPU#0: syz.0.351/7414
Modules linked in:
CPU: 0 UID: 0 PID: 7414 Comm: syz.0.351 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:__up_read+0x3f5/0x6b0 kernel/locking/rwsem.c:1389
Code: 8b 49 c7 c2 40 e6 cc 8b 4c 0f 44 d0 48 8b 7c 24 38 48 c7 c6 c0 e8 cc 8b 48 8b 54 24 30 4c 89 f1 4d 89 f8 4c 8b 4c 24 28 41 52 <67> 48 0f b9 3a 48 83 c4 08 e8 dd 32 0d 03 e9 72 fe ff ff 48 8d 1d
RSP: 0018:ffffc90005857918 EFLAGS: 00010246
RAX: ffffffff8bcce660 RBX: ffff888075e92d70 RCX: ffff888075e92d18
RDX: ffffffffffffff00 RSI: ffffffff8bcce8c0 RDI: ffffffff90338f60
RBP: ffffc900058579e8 R08: 0000000000000001 R09: ffff88802c369f00
R10: ffffffff8bcce660 R11: ffffed100ebd25a5 R12: ffffffffffffff00
R13: 1ffff92000b0af2c R14: ffff888075e92d18 R15: 0000000000000001
FS: 00007fb9e28966c0(0000) GS:ffff8881252a0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efe8ff5f000 CR3: 0000000055c70000 CR4: 0000000000350ef0
Call Trace:
<TASK>
inode_unlock_shared include/linux/fs.h:1054 [inline]
lookup_slow+0x5e/0x70 fs/namei.c:1933
walk_component fs/namei.c:2278 [inline]
link_path_walk+0xd1e/0x18d0 fs/namei.c:2652
path_parentat fs/namei.c:2856 [inline]
__filename_parentat+0x27f/0x6f0 fs/namei.c:2880
filename_parentat fs/namei.c:2898 [inline]
filename_create+0xd9/0x370 fs/namei.c:4931
filename_mkdirat+0xd2/0x510 fs/namei.c:5297
__do_sys_mkdirat fs/namei.c:5325 [inline]
__se_sys_mkdirat+0x35/0x150 fs/namei.c:5322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb9e199ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb9e2896028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb9e1c16180 RCX: 00007fb9e199ce59
RDX: 00000000000001c0 RSI: 0000200000000240 RDI: ffffffffffffff9c
RBP: 00007fb9e1a32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb9e1c16218 R14: 00007fb9e1c16180 R15: 00007ffd41f5c7f8
</TASK>
----------------
Code disassembly (best guess):
0: 8b 49 c7 mov -0x39(%rcx),%ecx
3: c2 40 e6 ret $0xe640
6: cc int3
7: 8b 4c 0f 44 mov 0x44(%rdi,%rcx,1),%ecx
b: d0 48 8b rorb $1,-0x75(%rax)
e: 7c 24 jl 0x34
10: 38 48 c7 cmp %cl,-0x39(%rax)
13: c6 c0 e8 mov $0xe8,%al
16: cc int3
17: 8b 48 8b mov -0x75(%rax),%ecx
1a: 54 push %rsp
1b: 24 30 and $0x30,%al
1d: 4c 89 f1 mov %r14,%rcx
20: 4d 89 f8 mov %r15,%r8
23: 4c 8b 4c 24 28 mov 0x28(%rsp),%r9
28: 41 52 push %r10
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 48 83 c4 08 add $0x8,%rsp
33: e8 dd 32 0d 03 call 0x30d3315
38: e9 72 fe ff ff jmp 0xfffffeaf
3d: 48 rex.W
3e: 8d .byte 0x8d
3f: 1d .byte 0x1d