=====================================
WARNING: bad unlock balance detected!
6.19.0-rc5-next-20260113 #1 Not tainted
-------------------------------------
syz-executor.5/286 is trying to release lock (rcu_read_lock) at:
[<ffffffff81c20365>] __wait_on_freeing_inode+0x105/0x350
but there are no more locks to release!

other info that might help us debug this:
4 locks held by syz-executor.5/286:
 #0: ffff88800f7e83f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400
 #1: ffff88801b36ecb8 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400
 #2: ffff88800f7ec950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0
 #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890

stack backtrace:
CPU: 1 UID: 0 PID: 286 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xca/0x120
 print_unlock_imbalance_bug+0x118/0x130
 lock_release+0x1ee/0x270
 __wait_on_freeing_inode+0x10a/0x350
 insert_inode_locked+0x25f/0x890
 __ext4_new_inode+0x223d/0x4cd0
 ext4_mkdir+0x331/0xb30
 vfs_mkdir+0x6d8/0xc00
 do_mkdirat+0x11a/0x440
 __x64_sys_mkdir+0x65/0x80
 do_syscall_64+0xbf/0x420
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffa41772c27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9edec138 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffc9edec1c0 RCX: 00007ffa41772c27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffc9edec1c0
RBP: 00007ffc9edec19c R08: 0000000000000000 R09: 0000000000000004
R10: 00007ffc9edebed6 R11: 0000000000000202 R12: 0000000000000032
R13: 000000000001a9d7 R14: 0000000000000002 R15: 00007ffc9edec200
 </TASK>
------------[ cut here ]------------
WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#1: syz-executor.5/286
Modules linked in:
CPU: 1 UID: 0 PID: 286 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__rcu_read_unlock+0x25f/0x5c0
Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 a6 bb de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 89 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 61 f9 73 03 e8 0c 88 56 00 e9
RSP: 0018:ffff888019b279e0 EFLAGS: 00010286
RAX: 00000000ffffffff RBX: ffff888017950000 RCX: ffffffff815664c7
RDX: 0000000000000000 RSI: ffffffff815664d0 RDI: ffff8880179503fc
RBP: ffff888017950000 R08: 0000000000000000 R09: fffffbfff0ba6ff4
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888017950000
R13: 0000000000000001 R14: ffffffff85c10e40 R15: ffff888043aa1fb0
FS:  00005555823ca400(0000) GS:ffff8880e5442000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555823d3c58 CR3: 000000000e0ca000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __wait_on_freeing_inode+0x10f/0x350
 insert_inode_locked+0x25f/0x890
 __ext4_new_inode+0x223d/0x4cd0
 ext4_mkdir+0x331/0xb30
 vfs_mkdir+0x6d8/0xc00
 do_mkdirat+0x11a/0x440
 __x64_sys_mkdir+0x65/0x80
 do_syscall_64+0xbf/0x420
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffa41772c27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9edec138 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffc9edec1c0 RCX: 00007ffa41772c27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffc9edec1c0
RBP: 00007ffc9edec19c R08: 0000000000000000 R09: 0000000000000004
R10: 00007ffc9edebed6 R11: 0000000000000202 R12: 0000000000000032
R13: 000000000001a9d7 R14: 0000000000000002 R15: 00007ffc9edec200
 </TASK>
irq event stamp: 202149
hardirqs last  enabled at (202149): [<ffffffff84d14a2c>] _raw_spin_unlock_irqrestore+0x2c/0x50
hardirqs last disabled at (202148): [<ffffffff84d14783>] _raw_spin_lock_irqsave+0x53/0x60
softirqs last  enabled at (202144): [<ffffffff812cdb99>] kernel_fpu_end+0x59/0x70
softirqs last disabled at (202142): [<ffffffff812cea6b>] kernel_fpu_begin_mask+0x1bb/0x300
---[ end trace 0000000000000000 ]---
capability: warning: `syz-executor.5' uses deprecated v2 capabilities in a way that may be insecure
audit: type=1326 audit(1768292143.817:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292143.829:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292143.834:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292143.834:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292143.844:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
perf: interrupt took too long (2592 > 2500), lowering kernel.perf_event_max_sample_rate to 77000
perf: interrupt took too long (4153 > 4125), lowering kernel.perf_event_max_sample_rate to 48000
audit: type=1326 audit(1768292143.845:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292143.857:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f530b346a04 code=0x7ffc0000
audit: type=1326 audit(1768292143.858:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4110 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 2087 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
Buffer I/O error on dev sr0, logical block 0, lost async page write
Buffer I/O error on dev sr0, logical block 1, lost async page write
Buffer I/O error on dev sr0, logical block 2, lost async page write
Buffer I/O error on dev sr0, logical block 3, lost async page write
Buffer I/O error on dev sr0, logical block 4, lost async page write
Buffer I/O error on dev sr0, logical block 5, lost async page write
Buffer I/O error on dev sr0, logical block 6, lost async page write
Buffer I/O error on dev sr0, logical block 7, lost async page write
Buffer I/O error on dev sr0, logical block 8, lost async page write
Buffer I/O error on dev sr0, logical block 9, lost async page write
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 127 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 254 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 381 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 508 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 635 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 762 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 889 op 0x1:(WRITE) flags 0x804800 phys_seg 127 prio class 2
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 fc 00 00 0c 00
perf: interrupt took too long (5391 > 5191), lowering kernel.perf_event_max_sample_rate to 37000
perf: interrupt took too long (6802 > 6738), lowering kernel.perf_event_max_sample_rate to 29000
perf: interrupt took too long (8547 > 8502), lowering kernel.perf_event_max_sample_rate to 23000
perf: interrupt took too long (10774 > 10683), lowering kernel.perf_event_max_sample_rate to 18000
kauditd_printk_skb: 10 callbacks suppressed
audit: type=1326 audit(1768292144.877:28): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4153 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292144.877:29): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4153 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292144.914:30): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4153 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292144.914:31): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4153 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292144.914:32): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4153 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530b393b19 code=0x7ffc0000
audit: type=1326 audit(1768292145.098:33): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4169 comm="syz-executor.1" exe="/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8807170b19 code=0x7ffc0000
audit: type=1326 audit(1768292145.099:34): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4169 comm="syz-executor.1" exe="/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8807170b19 code=0x7ffc0000
audit: type=1326 audit(1768292145.099:35): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4170 comm="syz-executor.0" exe="/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6629eb19 code=0x7ffc0000
audit: type=1326 audit(1768292145.100:36): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4169 comm="syz-executor.1" exe="/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8807170b19 code=0x7ffc0000
audit: type=1326 audit(1768292145.100:37): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4169 comm="syz-executor.1" exe="/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8807170b19 code=0x7ffc0000
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 fc 00 00 0c 00
perf: interrupt took too long (13538 > 13467), lowering kernel.perf_event_max_sample_rate to 14000
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 fc 00 00 0c 00
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 01 fc 00 00 0c 00
faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
syz-executor.1 (4261) used greatest stack depth: 22840 bytes left
faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
loop2: detected capacity change from 0 to 592
faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
loop2: detected capacity change from 0 to 592
loop2: detected capacity change from 0 to 592
loop2: detected capacity change from 0 to 592
UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
No source specified
No source specified
No source specified
No source specified
No source specified
loop0: detected capacity change from 0 to 64
FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop4: detected capacity change from 0 to 64
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop7: detected capacity change from 0 to 64
FAT-fs (loop7): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop5: detected capacity change from 0 to 64
FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop3: detected capacity change from 0 to 64
FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop6: detected capacity change from 0 to 64
FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
loop1: detected capacity change from 0 to 64
FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)