Warning: Permanently added '[localhost]:56772' (ECDSA) to the list of known hosts.
2026/01/18 16:35:26 fuzzer started
syzkaller login: [   50.212260] 
[   50.212577] =====================================
[   50.213281] WARNING: bad unlock balance detected!
[   50.213972] 6.19.0-rc5-next-20260116 #1 Not tainted
[   50.214680] -------------------------------------
[   50.218332] gcc/261 is trying to release lock (rcu_read_lock) at:
[   50.221802] [<ffffffff81c1dee5>] __wait_on_freeing_inode+0x105/0x350
[   50.222741] but there are no more locks to release!
[   50.223447] 
[   50.223447] other info that might help us debug this:
[   50.224384] 4 locks held by gcc/261:
[   50.224928]  #0: ffff88800faa03f8 (sb_writers#3){.+.+}-{0:0}, at: path_openat+0x1764/0x2d60
[   50.226176]  #1: ffff88801845b388 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: path_openat+0xe32/0x2d60
[   50.227549]  #2: ffff88800faa4950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0
[   50.228879]  #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890
[   50.230242] 
[   50.230242] stack backtrace:
[   50.230898] CPU: 1 UID: 0 PID: 261 Comm: gcc Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[   50.230924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   50.230936] Call Trace:
[   50.230943]  <TASK>
[   50.230951]  dump_stack_lvl+0xca/0x120
[   50.230986]  ? __wait_on_freeing_inode+0x105/0x350
[   50.231012]  print_unlock_imbalance_bug+0x118/0x130
[   50.231039]  ? __wait_on_freeing_inode+0x105/0x350
[   50.231065]  lock_release+0x1ee/0x270
[   50.231092]  __wait_on_freeing_inode+0x10a/0x350
[   50.231118]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[   50.231147]  ? __pfx_var_wake_function+0x10/0x10
[   50.231178]  ? lock_is_held_type+0x9e/0x120
[   50.231199]  insert_inode_locked+0x25f/0x890
[   50.231229]  __ext4_new_inode+0x223d/0x4cd0
[   50.231260]  ? __pfx___ext4_new_inode+0x10/0x10
[   50.231286]  ? __pfx___dquot_initialize+0x10/0x10
[   50.231320]  ? d_splice_alias_ops+0x14b/0x830
[   50.231353]  ext4_create+0x2e2/0x4e0
[   50.231385]  ? __pfx_ext4_create+0x10/0x10
[   50.231413]  ? security_inode_create+0x75/0xe0
[   50.231437]  ? may_o_create+0x2d0/0x360
[   50.231463]  ? __pfx_ext4_create+0x10/0x10
[   50.231491]  lookup_open.isra.0+0xc03/0x1030
[   50.231525]  ? __pfx_lookup_open.isra.0+0x10/0x10
[   50.231562]  ? __pfx_down_write+0x10/0x10
[   50.231584]  ? mnt_get_write_access+0x7f/0x2c0
[   50.231614]  path_openat+0xea4/0x2d60
[   50.231640]  ? __pfx_path_openat+0x10/0x10
[   50.231661]  ? __lock_acquire+0x451/0x2250
[   50.231689]  do_file_open+0x209/0x460
[   50.231710]  ? __pfx_do_file_open+0x10/0x10
[   50.231735]  ? find_held_lock+0x2b/0x80
[   50.231767]  ? alloc_fd+0x2c1/0x560
[   50.231786]  ? lock_release+0xc8/0x270
[   50.231813]  ? alloc_fd+0x2c1/0x560
[   50.231835]  do_sys_openat2+0xe7/0x210
[   50.231862]  ? __pfx_do_sys_openat2+0x10/0x10
[   50.231890]  ? __up_read+0x26f/0x710
[   50.231921]  __x64_sys_openat+0x142/0x200
[   50.231948]  ? __pfx___x64_sys_openat+0x10/0x10
[   50.231976]  ? irqentry_exit+0xee/0x650
[   50.231994]  ? trace_hardirqs_on_prepare+0xe3/0x110
[   50.232022]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[   50.232048]  ? irqentry_exit+0xf3/0x650
[   50.232068]  do_syscall_64+0xbf/0x420
[   50.232092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.232114] RIP: 0033:0x7fdb05a64be7
[   50.232130] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   50.232149] RSP: 002b:00007ffd489f12d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.232169] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb05a64be7
[   50.232183] RDX: 00000000000000c2 RSI: 0000000007b0de30 RDI: 00000000ffffff9c
[   50.232196] RBP: 0000000007b0de30 R08: 0000000000000014 R09: 00007fdb05b41000
[   50.232209] R10: 0000000000000180 R11: 0000000000000246 R12: 00000000000000c2
[   50.232222] R13: 00007fdb05b03ca0 R14: 00007ffd489f1370 R15: 8421084210842109
[   50.232242]  </TASK>
[   50.271529] ------------[ cut here ]------------
[   50.272220] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#1: gcc/261
[   50.306770] Modules linked in:
[   50.307317] CPU: 1 UID: 0 PID: 261 Comm: gcc Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[   50.317378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   50.318709] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0
[   50.319631] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9
[   50.322368] RSP: 0018:ffff88801ab574f8 EFLAGS: 00010286
[   50.323207] RAX: 00000000ffffffff RBX: ffff88800f820000 RCX: ffffffff815660f7
[   50.324300] RDX: 0000000000000000 RSI: ffffffff81566100 RDI: ffff88800f8203fc
[   50.325486] RBP: ffff88800f820000 R08: 0000000000000000 R09: fffffbfff0ba7040
[   50.326571] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f820000
[   50.327683] R13: 0000000000000001 R14: ffffffff85c0f310 R15: ffff88801adbbc48
[   50.328769] FS:  00007fdb05b3c5c0(0000) GS:ffff8880e5442000(0000) knlGS:0000000000000000
[   50.329997] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.330910] CR2: 00007fdb05b41000 CR3: 000000000df8c000 CR4: 0000000000350ef0
[   50.332029] Call Trace:
[   50.332543]  <TASK>
[   50.333807]  __wait_on_freeing_inode+0x10f/0x350
[   50.335083]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[   50.337144]  ? __pfx_var_wake_function+0x10/0x10
[   50.339529]  ? lock_is_held_type+0x9e/0x120
[   50.341614]  insert_inode_locked+0x25f/0x890
[   50.344678]  __ext4_new_inode+0x223d/0x4cd0
[   50.349337]  ? __pfx___ext4_new_inode+0x10/0x10
[   50.351717]  ? __pfx___dquot_initialize+0x10/0x10
[   50.354386]  ? d_splice_alias_ops+0x14b/0x830
[   50.356597]  ext4_create+0x2e2/0x4e0
[   50.359912]  ? __pfx_ext4_create+0x10/0x10
[   50.361652]  ? security_inode_create+0x75/0xe0
[   50.363200]  ? may_o_create+0x2d0/0x360
[   50.364322]  ? __pfx_ext4_create+0x10/0x10
[   50.366074]  lookup_open.isra.0+0xc03/0x1030
[   50.369166]  ? __pfx_lookup_open.isra.0+0x10/0x10
[   50.374765]  ? __pfx_down_write+0x10/0x10
[   50.375577]  ? mnt_get_write_access+0x7f/0x2c0
[   50.378636]  path_openat+0xea4/0x2d60
[   50.383229]  ? __pfx_path_openat+0x10/0x10
[   50.384970]  ? __lock_acquire+0x451/0x2250
[   50.388137]  do_file_open+0x209/0x460
[   50.389293]  ? __pfx_do_file_open+0x10/0x10
[   50.393222]  ? find_held_lock+0x2b/0x80
[   50.394356]  ? alloc_fd+0x2c1/0x560
[   50.395513]  ? lock_release+0xc8/0x270
[   50.398064]  ? alloc_fd+0x2c1/0x560
[   50.401755]  do_sys_openat2+0xe7/0x210
[   50.403031]  ? __pfx_do_sys_openat2+0x10/0x10
[   50.405168]  ? __up_read+0x26f/0x710
[   50.407932]  __x64_sys_openat+0x142/0x200
[   50.409155]  ? __pfx___x64_sys_openat+0x10/0x10
[   50.410808]  ? irqentry_exit+0xee/0x650
[   50.411759]  ? trace_hardirqs_on_prepare+0xe3/0x110
[   50.412709]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[   50.413851]  ? irqentry_exit+0xf3/0x650
[   50.416233]  do_syscall_64+0xbf/0x420
[   50.417827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.418850] RIP: 0033:0x7fdb05a64be7
[   50.419603] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   50.422358] RSP: 002b:00007ffd489f12d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.423550] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb05a64be7
[   50.424661] RDX: 00000000000000c2 RSI: 0000000007b0de30 RDI: 00000000ffffff9c
[   50.425798] RBP: 0000000007b0de30 R08: 0000000000000014 R09: 00007fdb05b41000
[   50.426914] R10: 0000000000000180 R11: 0000000000000246 R12: 00000000000000c2
[   50.428035] R13: 00007fdb05b03ca0 R14: 00007ffd489f1370 R15: 8421084210842109
[   50.433044]  </TASK>
[   50.433486] irq event stamp: 3363
[   50.433999] hardirqs last  enabled at (3363): [<ffffffff84d19a7c>] _raw_spin_unlock_irqrestore+0x2c/0x50
[   50.435560] hardirqs last disabled at (3362): [<ffffffff84d197d3>] _raw_spin_lock_irqsave+0x53/0x60
[   50.437085] softirqs last  enabled at (3358): [<ffffffff812cda79>] kernel_fpu_end+0x59/0x70
[   50.438493] softirqs last disabled at (3356): [<ffffffff812ce94b>] kernel_fpu_begin_mask+0x1bb/0x300
[   50.440017] ---[ end trace 0000000000000000 ]---
2026/01/18 16:35:26 dialing manager at localhost:42157
[   50.651675] cgroup: Unknown subsys name 'net'
[   50.708691] cgroup: Unknown subsys name 'cpuset'
[   50.732226] cgroup: Unknown subsys name 'rlimit'
2026/01/18 16:35:36 syscalls: 2214
2026/01/18 16:35:36 code coverage: enabled
2026/01/18 16:35:36 comparison tracing: enabled
2026/01/18 16:35:36 extra coverage: enabled
2026/01/18 16:35:36 setuid sandbox: enabled
2026/01/18 16:35:36 namespace sandbox: enabled
2026/01/18 16:35:36 Android sandbox: enabled
2026/01/18 16:35:36 fault injection: enabled
2026/01/18 16:35:36 leak checking: enabled
2026/01/18 16:35:36 net packet injection: enabled
2026/01/18 16:35:36 net device setup: enabled
2026/01/18 16:35:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2026/01/18 16:35:36 devlink PCI setup: PCI device 0000:00:10.0 is not available
2026/01/18 16:35:36 USB emulation: enabled
2026/01/18 16:35:36 hci packet injection: enabled
2026/01/18 16:35:36 wifi device emulation: enabled
2026/01/18 16:35:36 802.15.4 emulation: enabled

VM DIAGNOSIS:
16:35:26  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84d1a2ce RDX=fffffbfff0b82d11
RSI=0000000000000004 RDI=ffffffff85c16880 RBP=ffffffff85c16880 RSP=ffff88800f95fb38
R8 =0000000000000000 R9 =fffffbfff0b82d10 R10=ffffffff85c16883 R11=0000000000000000
R12=1ffff11001f2bf69 R13=0000000000000003 R14=fffffbfff0b82d10 R15=ffff88800f95fb78
RIP=ffffffff81b3d818 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd20d5065c0 00000000 00000000
GS =0000 ffff8880e5342000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd20d3a9c70 CR3=000000001f307000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11
XMM02=0000000000000000333bebdfd0a6a21d XMM03=505f434c00534547415353454d5f434c
XMM04=000000000000000000000000348a5d68 XMM05=00007ffec7167fd000007ffec7167f8e
XMM06=00007ffec7167f5f00007ffec7167f34 XMM07=00000000000000000000000000000000
XMM08=6d726574206e6f6974616c69706d6f63 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=0000000000000000000000e40fe2c1fc
info registers vcpu 1
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82975135 RDI=ffffffff889c19e0 RBP=ffffffff889c19a0 RSP=ffff88801ab57000
R8 =0000000000000000 R9 =ffffed100176e046 R10=000000000000005b R11=203136322f636367
R12=000000000000005b R13=0000000000000010 R14=ffffffff889c19a0 R15=ffffffff82975120
RIP=ffffffff8297518d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fdb05b3c5c0 00000000 00000000
GS =0000 ffff8880e5442000 00000000 00000000
LDT=0000 fffffe5e00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdb05b41000 CR3=000000000df8c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11
XMM02=0000000000000000333bebdfd0a6a21d XMM03=0000000000000000000000000000732e
XMM04=7b253a32336d7b250000000000007d7d XMM05=504152575f4f544c5f5443454c4c4f43
XMM06=3a253a32336d61250000000000007570 XMM07=00000000000000000000000000000000
XMM08=313d544c55414645445f544547524154 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000002000614007
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=0000000000000000000000e40fe2c1fc