syzbot

------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff0000e27f0330, owner = 0x0, curr 0xffff0000f648b780, list empty
WARNING: CPU: 0 PID: 7908 at kernel/locking/rwsem.c:1372 __up_write kernel/locking/rwsem.c:1371 [inline]
WARNING: CPU: 0 PID: 7908 at kernel/locking/rwsem.c:1372 up_write+0x5c4/0x76c kernel/locking/rwsem.c:1626
Modules linked in:
CPU: 0 PID: 7908 Comm: syz-executor.1 Not tainted 6.1.91-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_write kernel/locking/rwsem.c:1371 [inline]
pc : up_write+0x5c4/0x76c kernel/locking/rwsem.c:1626
lr : __up_write kernel/locking/rwsem.c:1371 [inline]
lr : up_write+0x5c4/0x76c kernel/locking/rwsem.c:1626
sp : ffff80001e3a7300
x29: ffff80001e3a7380 x28: 1ffff00003c74e94 x27: 1fffe0001c4fe073
x26: dfff800000000000 x25: 1fffe0001c4fe067 x24: ffff0000e27f0388
x23: 0000000000000000 x22: 0000000000000000 x21: ffff0000f648b780
x20: ffff0000e27f0330 x19: ffff0000e27f0330 x18: 1fffe0003686af76
x17: ffff80001584d000 x16: ffff800008305e40 x15: ffff0001b4357bbc
x14: 1ffff00002b0a0b0 x13: dfff800000000000 x12: 0000000000000001
x11: 1fffe0001b4c1310 x10: 0000000000000000 x9 : 11a2e389bc41ad00
x8 : 11a2e389bc41ad00 x7 : ffff80000827c88c x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000826a5d8
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
 __up_write kernel/locking/rwsem.c:1371 [inline]
 up_write+0x5c4/0x76c kernel/locking/rwsem.c:1626
 inode_unlock include/linux/fs.h:763 [inline]
 ovl_workdir_create+0x6dc/0x7c8 fs/overlayfs/super.c:842
 ovl_make_workdir fs/overlayfs/super.c:1389 [inline]
 ovl_get_workdir+0x354/0x13d4 fs/overlayfs/super.c:1539
 ovl_fill_super+0x15b4/0x2254 fs/overlayfs/super.c:2095
 mount_nodev+0x68/0x104 fs/super.c:1478
 ovl_mount+0x3c/0x50 fs/overlayfs/super.c:2186
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
 vfs_get_tree+0x90/0x274 fs/super.c:1562
 do_new_mount+0x278/0x8fc fs/namespace.c:3051
 path_mount+0x590/0xe5c fs/namespace.c:3381
 do_mount fs/namespace.c:3394 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 16668
hardirqs last  enabled at (16667): [<ffff80000827c92c>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
hardirqs last  enabled at (16667): [<ffff80000827c92c>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5004
hardirqs last disabled at (16668): [<ffff80001215b3cc>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (16660): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (16660): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (16513): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---