------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff8880465bc9b8, owner = 0x0, curr 0xffff88803aab24c0, list empty
WARNING: kernel/locking/rwsem.c:1354 at __up_read+0x532/0x6b0 kernel/locking/rwsem.c:1354, CPU#0: syz.0.0/5337
Modules linked in:
CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__up_read+0x61a/0x6b0 kernel/locking/rwsem.c:1354
Code: ec cc 8b 49 c7 c2 a0 ec cc 8b 4c 0f 44 d0 48 8b 7c 24 28 48 c7 c6 40 ec cc 8b 48 89 da 48 8b 4c 24 20 4d 89 f0 4d 89 f9 41 52 <67> 48 0f b9 3a 48 83 c4 08 e8 f8 ff 0b 03 4c 8b 7c 24 18 e9 32 fb
RSP: 0018:ffffc9000e43f918 EFLAGS: 00010246
RAX: ffffffff8bccec80 RBX: 0000000000000000 RCX: ffff8880465bc9b8
RDX: 0000000000000000 RSI: ffffffff8bccec40 RDI: ffffffff90150e60
RBP: ffffc9000e43f9e8 R08: 0000000000000000 R09: ffff88803aab24c0
R10: ffffffff8bccec80 R11: ffffed1008cb7939 R12: ffff8880465bca10
R13: 1ffff92001c87f2c R14: 0000000000000000 R15: ffff88803aab24c0
FS: 00007f30ddbb36c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000131f3000 CR4: 0000000000352ef0
Call Trace:
<TASK>
inode_unlock_shared include/linux/fs.h:1053 [inline]
lookup_slow+0x5e/0x70 fs/namei.c:1934
walk_component fs/namei.c:2279 [inline]
link_path_walk+0xd1e/0x18d0 fs/namei.c:2647
path_parentat fs/namei.c:2851 [inline]
__filename_parentat+0x27f/0x6f0 fs/namei.c:2875
filename_parentat fs/namei.c:2893 [inline]
filename_create+0xd9/0x370 fs/namei.c:4903
filename_mkdirat+0xd2/0x510 fs/namei.c:5259
__do_sys_mkdirat fs/namei.c:5287 [inline]
__se_sys_mkdirat+0x35/0x150 fs/namei.c:5284
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f30e179c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f30ddbb2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f30e1a16180 RCX: 00007f30e179c799
RDX: 00000000000001c0 RSI: 0000200000000240 RDI: ffffffffffffff9c
RBP: 00007f30e1832c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f30e1a16218 R14: 00007f30e1a16180 R15: 00007ffd62fe7148
</TASK>
----------------
Code disassembly (best guess):
0: ec in (%dx),%al
1: cc int3
2: 8b 49 c7 mov -0x39(%rcx),%ecx
5: c2 a0 ec ret $0xeca0
8: cc int3
9: 8b 4c 0f 44 mov 0x44(%rdi,%rcx,1),%ecx
d: d0 48 8b rorb $1,-0x75(%rax)
10: 7c 24 jl 0x36
12: 28 48 c7 sub %cl,-0x39(%rax)
15: c6 40 ec cc movb $0xcc,-0x14(%rax)
19: 8b 48 89 mov -0x77(%rax),%ecx
1c: da 48 8b fimull -0x75(%rax)
1f: 4c 24 20 rex.WR and $0x20,%al
22: 4d 89 f0 mov %r14,%r8
25: 4d 89 f9 mov %r15,%r9
28: 41 52 push %r10
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 48 83 c4 08 add $0x8,%rsp
33: e8 f8 ff 0b 03 call 0x30c0030
38: 4c 8b 7c 24 18 mov 0x18(%rsp),%r15
3d: e9 .byte 0xe9
3e: 32 fb xor %bl,%bh