=====================================
WARNING: bad unlock balance detected!
6.19.0-rc5-next-20260113 #1 Not tainted
-------------------------------------
syz-executor.4/285 is trying to release lock (rcu_read_lock) at:
[<ffffffff81c20365>] __wait_on_freeing_inode+0x105/0x350
but there are no more locks to release!

other info that might help us debug this:
4 locks held by syz-executor.4/285:
 #0: ffff88800f60e3f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400
 #1: ffff8880095aaa00 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400
 #2: ffff88800f5f2950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0
 #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890

stack backtrace:
CPU: 0 UID: 0 PID: 285 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xca/0x120
 print_unlock_imbalance_bug+0x118/0x130
 lock_release+0x1ee/0x270
 __wait_on_freeing_inode+0x10a/0x350
 insert_inode_locked+0x25f/0x890
 __ext4_new_inode+0x223d/0x4cd0
 ext4_mkdir+0x331/0xb30
 vfs_mkdir+0x6d8/0xc00
 do_mkdirat+0x11a/0x440
 __x64_sys_mkdir+0x65/0x80
 do_syscall_64+0xbf/0x420
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3330036c27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffec7b0b748 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffec7b0b7d0 RCX: 00007f3330036c27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffec7b0b7d0
RBP: 00007ffec7b0b7ac R08: 0000000000000000 R09: 0000000000000003
R10: 00007ffec7b0b4e7 R11: 0000000000000206 R12: 0000000000000032
R13: 00000000000218ad R14: 0000000000000002 R15: 00007ffec7b0b810
 </TASK>
------------[ cut here ]------------
WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#0: syz-executor.4/285
Modules linked in:
CPU: 0 UID: 0 PID: 285 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__rcu_read_unlock+0x25f/0x5c0
Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 a6 bb de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 89 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 61 f9 73 03 e8 0c 88 56 00 e9
RSP: 0018:ffff888016fdf9e0 EFLAGS: 00010286
RAX: 00000000ffffffff RBX: ffff88800f6d3700 RCX: ffffffff815664c7
RDX: 0000000000000000 RSI: ffffffff815664d0 RDI: ffff88800f6d3afc
RBP: ffff88800f6d3700 R08: 0000000000000000 R09: fffffbfff0ba6ff4
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f6d3700
R13: 0000000000000001 R14: ffffffff85c0e410 R15: ffff88804a128318
FS:  000055558f0f8400(0000) GS:ffff8880e5342000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffec7b09f08 CR3: 000000000d2a9000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __wait_on_freeing_inode+0x10f/0x350
 insert_inode_locked+0x25f/0x890
 __ext4_new_inode+0x223d/0x4cd0
 ext4_mkdir+0x331/0xb30
 vfs_mkdir+0x6d8/0xc00
 do_mkdirat+0x11a/0x440
 __x64_sys_mkdir+0x65/0x80
 do_syscall_64+0xbf/0x420
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3330036c27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffec7b0b748 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffec7b0b7d0 RCX: 00007f3330036c27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffec7b0b7d0
RBP: 00007ffec7b0b7ac R08: 0000000000000000 R09: 0000000000000003
R10: 00007ffec7b0b4e7 R11: 0000000000000206 R12: 0000000000000032
R13: 00000000000218ad R14: 0000000000000002 R15: 00007ffec7b0b810
 </TASK>
irq event stamp: 209327
hardirqs last  enabled at (209327): [<ffffffff84ce830b>] irqentry_exit+0x17b/0x650
hardirqs last disabled at (209326): [<ffffffff84ce700f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (209320): [<ffffffff812cdb99>] kernel_fpu_end+0x59/0x70
softirqs last disabled at (209318): [<ffffffff812cea6b>] kernel_fpu_begin_mask+0x1bb/0x300
---[ end trace 0000000000000000 ]---
loop7: detected capacity change from 0 to 2048
EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
audit: type=1400 audit(1768296172.786:11): avc:  denied  { write } for  pid=4079 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
loop7: detected capacity change from 0 to 2048
EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0
Bluetooth: hci7: Injecting HCI hardware error event
Bluetooth: hci7: hardware error 0x00
EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
loop7: detected capacity change from 0 to 2048
EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
Bluetooth: hci2: Injecting HCI hardware error event
Bluetooth: hci2: hardware error 0x00
loop7: detected capacity change from 0 to 2048
EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
Bluetooth: hci7: Opcode 0x0c03 failed: -110
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
Bluetooth: hci2: Opcode 0x0c03 failed: -110
program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
No source specified
=======================================================
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
No source specified
No source specified
No source specified
No source specified
No source specified
No source specified
No source specified
No source specified
No source specified
No source specified
loop4: detected capacity change from 0 to 136
isofs_fill_super: get root inode failed
loop4: detected capacity change from 0 to 136
isofs_fill_super: get root inode failed
loop4: detected capacity change from 0 to 136
isofs_fill_super: get root inode failed
loop4: detected capacity change from 0 to 136
isofs_fill_super: get root inode failed
EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
loop4: detected capacity change from 0 to 136
isofs_fill_super: get root inode failed
EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
audit: type=1400 audit(1768296178.012:12): avc:  denied  { tracepoint } for  pid=4623 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
Bluetooth: hci0: Opcode 0x0c1a failed: -4
mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
mac80211_hwsim hwsim11 wlan1: left promiscuous mode
loop3: detected capacity change from 0 to 2048
EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
audit: type=1400 audit(1768296179.684:13): avc:  denied  { read } for  pid=4755 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
Bluetooth: hci0: command 0x0c1a tx timeout
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
loop5: detected capacity change from 0 to 5392