ci2 starts bisection 2025-10-25 20:08:41.672445748 +0000 UTC m=+267380.489823749
bisecting fixing commit since 458ce51d0356ee60c93f9f807d9827cf2a41643d
building syzkaller on 55d6f11d1578896a20515e21906295fcf2c126aa
ensuring issue is reproducible on original commit 458ce51d0356ee60c93f9f807d9827cf2a41643d

testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: aad4d04c1d387562a27de2c6dc2ff576f60a4ccae7fe314fe414afc94d0151e8
all runs: crashed: WARNING: bad unlock balance in unlock_two_nondirectories
representative crash: WARNING: bad unlock balance in unlock_two_nondirectories, types: [LOCKDEP]
check whether we can drop unnecessary instrumentation
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 47eedf9caaf43c296dbd8c850c4b89006e3577b0ee621dc8a26ec3b63a393681
all runs: crashed: WARNING: bad unlock balance in unlock_two_nondirectories
representative crash: WARNING: bad unlock balance in unlock_two_nondirectories, types: [LOCKDEP]
the bug reproduces without the instrumentation
disabling configs for [kasan atomic_sleep hang memleak ubsan bug_or_warning], they are not needed
kconfig minimization: base=3707 full=7265 leaves diff=1982
split chunks (needed=false): <1982>
split chunk #0 of len 1982 into 5 parts
testing without sub-chunk 1/5
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3a13869d11d556e3ce86bec66ead172f2d9f0d001c55e7a74fbdeed6400c38d5
all runs: crashed: WARNING: bad unlock balance in unlock_two_nondirectories
representative crash: WARNING: bad unlock balance in unlock_two_nondirectories, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [memleak ubsan bug_or_warning kasan atomic_sleep hang], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 02a8aaee9a98398cd951a0677227360499daa4f2fac50078e61b691e313ef1d4
all runs: crashed: WARNING: bad unlock balance in unlock_two_nondirectories
representative crash: WARNING: bad unlock balance in unlock_two_nondirectories, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bbe8ccec8f9125cd4a632261c2baad3bb498057b84b835ebffb778ec62840f5d
all runs: crashed: WARNING: bad unlock balance in __ext4_ioctl
representative crash: WARNING: bad unlock balance in __ext4_ioctl, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4b258741f96c7e1e8fdf8196fec11fb1da7269961be3db5746ae7d5522e9ea1b
all runs: crashed: WARNING: bad unlock balance in __ext4_ioctl
representative crash: WARNING: bad unlock balance in __ext4_ioctl, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [bug_or_warning kasan atomic_sleep hang memleak ubsan], they are not needed
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4c3a37cec692f2b112b2635c4b84d6cb31dfe2611d53506239ae21a17dc32a09
all runs: crashed: WARNING: bad unlock balance in __ext4_ioctl
representative crash: WARNING: bad unlock balance in __ext4_ioctl, types: [LOCKDEP]
the chunk can be dropped
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing current HEAD ac56c046adf41fdb64ddda46fd66090f21dc381a
testing commit ac56c046adf41fdb64ddda46fd66090f21dc381a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 26133c42acfb855896913dffa3f6ba0844c1dbcaa861b45c560e2157bd166ca8
all runs: crashed: WARNING: bad unlock balance in __ext4_ioctl
representative crash: WARNING: bad unlock balance in __ext4_ioctl, types: [LOCKDEP]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 1h35m16.132894529s (build: 1h0m54.197593955s, test: 31m9.972950729s)
crash still not fixed or there were kernel test errors
commit msg: Linux 5.15.195
crash: WARNING: bad unlock balance in __ext4_ioctl
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
=====================================
WARNING: bad unlock balance detected!
syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/1469 is trying to release lock (&type->i_mutex_dir_key) at:
[<ffffffff81323bae>] swap_inode_boot_loader fs/ext4/ioctl.c:262 [inline]
[<ffffffff81323bae>] __ext4_ioctl+0x99e/0x12e0 fs/ext4/ioctl.c:1056
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor.0/1469:
 #0: ffff88810e831438 (sb_writers#13){.+.+}-{0:0}, at: __ext4_ioctl+0x583/0x12e0 fs/ext4/ioctl.c:1053

stack backtrace:
CPU: 0 PID: 1469 Comm: syz-executor.0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 print_unlock_imbalance_bug kernel/locking/lockdep.c:5529 [inline]
 __lock_release kernel/locking/lockdep.c:5302 [inline]
 lock_release.cold+0xe/0x26 kernel/locking/lockdep.c:5643
 up_write+0x12/0xc0 kernel/locking/rwsem.c:1603
 swap_inode_boot_loader fs/ext4/ioctl.c:262 [inline]
 __ext4_ioctl+0x99e/0x12e0 fs/ext4/ioctl.c:1056
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x7b/0xb0 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x33/0x80 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa1bfa1fda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa1bf5a10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa1bfb4df80 RCX: 00007fa1bfa1fda9
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004
RBP: 00007fa1bfa6c47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007fa1bfb4df80 R15: 00007ffef47b6268
 </TASK>