EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. loop1: detected capacity change from 0 to 1024 loop5: detected capacity change from 0 to 4096 ===================================== WARNING: bad unlock balance detected! 6.16.0-next-20250801 #1 Not tainted ------------------------------------- syz-executor.3/7208 is trying to release lock (&sighand->siglock) at: [] copy_process+0x5f89/0x73e0 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor.3/7208: #0: ffffffff85c5c690 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x418a/0x73e0 stack backtrace: CPU: 1 UID: 0 PID: 7208 Comm: syz-executor.3 Not tainted 6.16.0-next-20250801 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xca/0x120 print_unlock_imbalance_bug+0x118/0x130 lock_release+0x208/0x290 _raw_spin_unlock+0x16/0x40 copy_process+0x5f89/0x73e0 kernel_clone+0xea/0x7f0 __do_sys_clone+0xce/0x120 do_syscall_64+0xbf/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9faa77bf41 Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 RSP: 002b:00007fff15323ea8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f9fa7cf0700 RCX: 00007f9faa77bf41 RDX: 00007f9fa7cf09d0 RSI: 00007f9fa7cf02f0 RDI: 00000000003d0f00 RBP: 00007fff153240e0 R08: 00007f9fa7cf0700 R09: 00007f9fa7cf0700 R10: 00007f9fa7cf09d0 R11: 0000000000000206 R12: 00007fff15323f5e R13: 00007fff15323f5f R14: 00007f9fa7cf0300 R15: 0000000000022000 BUG: sleeping function called from invalid context at kernel/nsproxy.c:233 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 7208, name: syz-executor.3 preempt_count: 7ffffffe, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. CPU: 1 UID: 0 PID: 7208 Comm: syz-executor.3 Not tainted 6.16.0-next-20250801 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xfa/0x120 __might_resched+0x2f3/0x510 switch_task_namespaces+0x2d/0x100 copy_process+0x2756/0x73e0 kernel_clone+0xea/0x7f0 __do_sys_clone+0xce/0x120 do_syscall_64+0xbf/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9faa77bf41 Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 RSP: 002b:00007fff15323ea8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f9fa7cf0700 RCX: 00007f9faa77bf41 RDX: 00007f9fa7cf09d0 RSI: 00007f9fa7cf02f0 RDI: 00000000003d0f00 RBP: 00007fff153240e0 R08: 00007f9fa7cf0700 R09: 00007f9fa7cf0700 R10: 00007f9fa7cf09d0 R11: 0000000000000206 R12: 00007fff15323f5e R13: 00007fff15323f5f R14: 00007f9fa7cf0300 R15: 0000000000022000 BUG: scheduling while atomic: syz-executor.3/7208/0x7fffffff INFO: lockdep is turned off. Modules linked in: CPU: 1 UID: 0 PID: 7208 Comm: syz-executor.3 Tainted: G W 6.16.0-next-20250801 #1 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xfa/0x120 __schedule_bug+0xb9/0x100 __schedule+0x24f3/0x3590 schedule+0xdb/0x390 exit_to_user_mode_loop+0x69/0x100 do_syscall_64+0x2f7/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9faa77bf41 Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 RSP: 002b:00007fff15323ea8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: fffffffffffffff4 RBX: 00007f9fa7cf0700 RCX: 00007f9faa77bf41 RDX: 00007f9fa7cf09d0 RSI: 00007f9fa7cf02f0 RDI: 00000000003d0f00 RBP: 00007fff153240e0 R08: 00007f9fa7cf0700 R09: 00007f9fa7cf0700 R10: 00007f9fa7cf09d0 R11: 0000000000000206 R12: 00007fff15323f5e R13: 00007fff15323f5f R14: 00007f9fa7cf0300 R15: 0000000000022000 EXT4-fs (loop1): bad geometry: block count 256 exceeds size of device (128 blocks) EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. loop2: detected capacity change from 0 to 4096 EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. loop6: detected capacity change from 0 to 4096 EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. loop2: detected capacity change from 0 to 4096 EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. loop6: detected capacity change from 0 to 4096 EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. loop5: detected capacity change from 0 to 4096 loop1: detected capacity change from 0 to 1024 loop4: detected capacity change from 0 to 4096 EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. loop2: detected capacity change from 0 to 4096 EXT4-fs (loop1): bad geometry: block count 256 exceeds size of device (128 blocks) Quota error (device loop5): find_block_dqentry: Quota for id 0 referenced but not present Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 EXT4-fs error (device loop5): ext4_acquire_dquot:6931: comm syz-executor.5: Failed to acquire dquot type 1 EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. loop6: detected capacity change from 0 to 4096 syz-executor.3 invoked oom-killer: gfp_mask=0x402dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN), order=2, oom_score_adj=1000 CPU: 1 UID: 0 PID: 7382 Comm: syz-executor.3 Tainted: G W 6.16.0-next-20250801 #1 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xfa/0x120 dump_header+0x107/0x950 oom_kill_process+0x278/0xa00 out_of_memory+0x34b/0x1690 mem_cgroup_out_of_memory+0x164/0x190 try_charge_memcg+0x81f/0xf30 obj_cgroup_charge_account+0xa8/0x6e0 __memcg_slab_post_alloc_hook+0x33c/0x9d0 __kvmalloc_node_noprof+0x4e8/0x590 futex_hash_allocate+0x2cf/0x10a0 futex_hash_allocate_default+0x319/0x5b0 copy_process+0x41f2/0x73e0 kernel_clone+0xea/0x7f0 __do_sys_clone+0xce/0x120 do_syscall_64+0xbf/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9faa77bf41 Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 RSP: 002b:00007fff15323ea8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f9fa7cf0700 RCX: 00007f9faa77bf41 RDX: 00007f9fa7cf09d0 RSI: 00007f9fa7cf02f0 RDI: 00000000003d0f00 RBP: 00007fff153240e0 R08: 00007f9fa7cf0700 R09: 00007f9fa7cf0700 R10: 00007f9fa7cf09d0 R11: 0000000000000206 R12: 00007fff15323f5e R13: 00007fff15323f5f R14: 00007f9fa7cf0300 R15: 0000000000022000 memory: usage 307196kB, limit 307200kB, failcnt 1268 swap: usage 0kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /syz3: anon 339968 file 312512512 kernel 1716224 kernel_stack 131072 pagetables 421888 sec_pagetables 0 percpu 192 sock 0 vmalloc 0 shmem 312512512 file_mapped 0 file_dirty 0 file_writeback 0 swapcached 0 inactive_anon 255840256 active_anon 57012224 inactive_file 0 active_file 0 unevictable 0 slab_reclaimable 904152 slab_unreclaimable 252552 slab 1156704 workingset_refault_anon 0 workingset_refault_file 1 workingset_activate_anon 0 workingset_activate_file 0 workingset_restore_anon 0 workingset_restore_file 0 workingset_nodereclaim 0 pgdemote_kswapd 0 pgdemote_direct 0 pgdemote_khugepaged 0 pgdemote_proactive 0 pgscan 250 pgsteal 9 pswpin 0 pswpout 0 pgscan_kswapd 0 pgscan_direct 250 pgscan_khugepaged 0 pgscan_proactive 0 pgsteal_kswapd 0 pgsteal_direct 9 pgsteal_khugepaged 0 pgsteal_proactive 0 pgfault 115992 pgmajfault 0 pgrefill 243 pgactivate 20015 pgdeactivate 243 pglazyfree 0 pglazyfreed 0 swpin_zero 0 swpout_zero 0 oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7382,uid=0 Memory cgroup out of memory: Killed process 7382 (syz-executor.3) total-vm:93420kB, anon-rss:300kB, file-rss:35636kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. BUG: sleeping function called from invalid context at kernel/nsproxy.c:233 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 7382, name: syz-executor.3 preempt_count: 7ffffffe, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. CPU: 1 UID: 0 PID: 7382 Comm: syz-executor.3 Tainted: G W 6.16.0-next-20250801 #1 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xfa/0x120 __might_resched+0x2f3/0x510 switch_task_namespaces+0x2d/0x100 copy_process+0x2756/0x73e0 kernel_clone+0xea/0x7f0 __do_sys_clone+0xce/0x120 do_syscall_64+0xbf/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9faa77bf41 Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 RSP: 002b:00007fff15323ea8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f9fa7cf0700 RCX: 00007f9faa77bf41 RDX: 00007f9fa7cf09d0 RSI: 00007f9fa7cf02f0 RDI: 00000000003d0f00 RBP: 00007fff153240e0 R08: 00007f9fa7cf0700 R09: 00007f9fa7cf0700 R10: 00007f9fa7cf09d0 R11: 0000000000000206 R12: 00007fff15323f5e R13: 00007fff15323f5f R14: 00007f9fa7cf0300 R15: 0000000000022000 loop1: detected capacity change from 0 to 2048 EXT4-fs warning (device loop1): read_mmp_block:114: Error -117 while reading MMP block 64 loop2: detected capacity change from 0 to 4096 EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. loop5: detected capacity change from 0 to 4096 EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. Quota error (device loop5): find_block_dqentry: Quota for id 0 referenced but not present Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 EXT4-fs error (device loop5): ext4_acquire_dquot:6931: comm syz-executor.5: Failed to acquire dquot type 1