===================================== WARNING: bad unlock balance detected! 6.19.0-rc5-next-20260116 #1 Not tainted ------------------------------------- syz-executor.4/6590 is trying to release lock (rcu_read_lock) at: [] __wait_on_freeing_inode+0x105/0x350 but there are no more locks to release! other info that might help us debug this: 4 locks held by syz-executor.4/6590: #0: ffff88800f9dc3f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400 #1: ffff8880470a2078 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400 #2: ffff88800f798950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0 #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890 stack backtrace: CPU: 0 UID: 0 PID: 6590 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xca/0x120 print_unlock_imbalance_bug+0x118/0x130 lock_release+0x1ee/0x270 __wait_on_freeing_inode+0x10a/0x350 insert_inode_locked+0x25f/0x890 __ext4_new_inode+0x223d/0x4cd0 ext4_symlink+0x623/0xb40 vfs_symlink+0x44b/0x840 filename_symlinkat+0x158/0x440 __x64_sys_symlink+0x82/0x110 do_syscall_64+0xbf/0x420 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1ec0475427 Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8bd5a5c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ec0475427 RDX: ffffffffffffffbc RSI: 00007f1ec04d000e RDI: 00007f1ec04cf1dd RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff8bd5a040 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff8bd5a690 ------------[ cut here ]------------ WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#0: syz-executor.4/6590 Modules linked in: CPU: 0 UID: 0 PID: 6590 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9 RSP: 0018:ffff88806ce08cb8 EFLAGS: 00010086 RAX: 00000000ffffffff RBX: ffff888047f29b80 RCX: 0000000000000005 RDX: 0000000000000000 RSI: ffffffff85e25fc0 RDI: ffff888047f29f7c RBP: ffff888047f29b80 R08: 0000000000000000 R09: ffffffff84e98ac0 R10: 0000000000000000 R11: 0000000000000299 R12: ffff888047f29b80 R13: 0000000000000000 R14: ffff88806ce379c0 R15: ffff88806ce37a20 FS: 0000555560183400(0000) GS:ffff8880e5342000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4b6ff4c3a4 CR3: 000000004a59e000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: sched_tick+0x232/0x6e0 update_process_times+0x116/0x210 tick_nohz_handler+0x4ff/0x8c0 __hrtimer_run_queues+0x654/0xbb0 hrtimer_interrupt+0x369/0x830 __sysvec_apic_timer_interrupt+0xbb/0x300 sysvec_apic_timer_interrupt+0x6b/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__sanitizer_cov_trace_cmp8+0x8/0x20 Code: 00 00 00 e9 da fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <48> 89 f2 48 89 fe bf 06 00 00 00 e9 a8 fe ff ff 0f 1f 84 00 00 00 RSP: 0018:ffff88804a57f748 EFLAGS: 00000287 RAX: 0000000000000003 RBX: ffffffff8667b1e0 RCX: ffffffff84c54bdf RDX: 0000000000000000 RSI: ffffffff81391bf9 RDI: ffffffff815d742f RBP: ffffffff81391bf9 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff81391b67 R11: 0000000000000000 R12: ffffffff815d742f R13: dffffc0000000000 R14: 0000000000000002 R15: 000000000000000b __report_bug+0x4cf/0x5b0 report_bug+0x7c/0x120 handle_bug+0x2e8/0x4f0 exc_invalid_op+0x35/0x80 asm_exc_invalid_op+0x1a/0x20 RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9 RSP: 0018:ffff88804a57f9a0 EFLAGS: 00010286 RAX: 00000000ffffffff RBX: ffff888047f29b80 RCX: ffffffff815660f7 RDX: 0000000000000000 RSI: ffffffff81566100 RDI: ffff888047f29f7c RBP: ffff888047f29b80 R08: 0000000000000000 R09: fffffbfff0ba7040 R10: 0000000000000000 R11: 0000000000000001 R12: ffff888047f29b80 R13: 0000000000000001 R14: ffffffff85c0ca20 R15: ffff888048ca45d0 __wait_on_freeing_inode+0x10f/0x350 insert_inode_locked+0x25f/0x890 __ext4_new_inode+0x223d/0x4cd0 ext4_symlink+0x623/0xb40 vfs_symlink+0x44b/0x840 filename_symlinkat+0x158/0x440 __x64_sys_symlink+0x82/0x110 do_syscall_64+0xbf/0x420 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1ec0475427 Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8bd5a5c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ec0475427 RDX: ffffffffffffffbc RSI: 00007f1ec04d000e RDI: 00007f1ec04cf1dd RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff8bd5a040 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff8bd5a690 irq event stamp: 731 hardirqs last enabled at (731): [] _raw_spin_unlock_irqrestore+0x2c/0x50 hardirqs last disabled at (730): [] _raw_spin_lock_irqsave+0x53/0x60 softirqs last enabled at (726): [] kernel_fpu_end+0x59/0x70 softirqs last disabled at (724): [] kernel_fpu_begin_mask+0x1bb/0x300 ---[ end trace 0000000000000000 ]--- audit: type=1326 audit(1768574433.471:37): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6572 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fca47992b19 code=0x0 audit: type=1326 audit(1768574433.524:38): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6615 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666d2f0b19 code=0x0 audit: type=1326 audit(1768574433.553:39): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6612 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fca47992b19 code=0x0 audit: type=1326 audit(1768574434.453:40): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6652 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fca47992b19 code=0x0 audit: type=1326 audit(1768574434.471:41): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6655 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666d2f0b19 code=0x0 rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled audit: type=1326 audit(1768574435.374:42): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6696 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fca47992b19 code=0x0 rfkill: input handler disabled rfkill: input handler enabled audit: type=1326 audit(1768574435.418:43): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6703 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666d2f0b19 code=0x0 rfkill: input handler disabled rfkill: input handler enabled UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy misc raw-gadget: fail, usb_gadget_register_driver returned -16 UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy misc raw-gadget: fail, usb_gadget_register_driver returned -16 rfkill: input handler disabled rfkill: input handler enabled perf: interrupt took too long (7864 > 7760), lowering kernel.perf_event_max_sample_rate to 25000 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s sr 1:0:0:0: [sr0] tag#0 CDB: Service action bidirectional, sa=0x1b 9d 1b fa 35 60 6d 11 77 38 a7 0f b2 94 0a 54 59 No source specified No source specified No source specified No source specified No source specified program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO syz-executor.6 (7088) used greatest stack depth: 23808 bytes left cgroup: fork rejected by pids controller in /syz0 EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 00 00 add %al,(%rax) 2: e9 da fe ff ff jmpq 0xfffffee1 7: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) e: 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: 90 nop 20: 90 nop 21: f3 0f 1e fa endbr64 25: 48 8b 0c 24 mov (%rsp),%rcx * 29: 48 89 f2 mov %rsi,%rdx <-- trapping instruction 2c: 48 89 fe mov %rdi,%rsi 2f: bf 06 00 00 00 mov $0x6,%edi 34: e9 a8 fe ff ff jmpq 0xfffffee1 39: 0f .byte 0xf 3a: 1f (bad) 3b: 84 00 test %al,(%rax)