EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 0 PID: 11839 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 register_lock_class+0x389/0x1180 kernel/locking/lockdep.c:768 __lock_acquire+0x167/0x3f20 kernel/locking/lockdep.c:3378 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 smc_close_active+0x7e2/0xbb0 net/smc/smc_close.c:207 smc_release+0x3e1/0x5d0 net/smc/af_smc.c:131 __sock_release+0xcd/0x2b0 net/socket.c:602 sock_close+0x15/0x20 net/socket.c:1139 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f7e10bdefab RSP: 002b:00007ffeaa2cf820 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f7e10bdefab RDX: 00007f7e107a1448 RSI: ffffffffffffffff RDI: 0000000000000003 RBP: 00007f7e10d4e980 R08: 0000000000000000 R09: 00007f7e107a1000 R10: 00007f7e107a1450 R11: 0000000000000293 R12: 0000000000056f52 R13: 00007ffeaa2cf920 R14: 00007f7e10d4cf80 R15: 0000000000000032 EXT4-fs (loop3): orphan cleanup on readonly fs Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0). EXT4-fs warning (device loop3): ext4_enable_quotas:5780: Failed to enable quota tracking (type=-1, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): Cannot turn on quotas: error -117 EXT4-fs (loop3): 1 truncate cleaned up EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nolazytime,barrier=0x000000007fff0038,data_err=abort,resgid=0x0000000000000000,resuid=0x0000000000000000,resgid=0x000000000000ee01,resgid=0x000000000000ee002,errors=continue F2FS-fs (loop2): Found nat_bits in checkpoint F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop3): orphan cleanup on readonly fs IPVS: ftp: loaded support on port[0] = 21 Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0). EXT4-fs warning (device loop3): ext4_enable_quotas:5780: Failed to enable quota tracking (type=-1, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): Cannot turn on quotas: error -117 EXT4-fs (loop3): 1 truncate cleaned up EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nolazytime,barrier=0x000000007fff0038,data_err=abort,resgid=0x0000000000000000,resuid=0x0000000000000000,resgid=0x000000000000ee01,resgid=0x000000000000ee002,errors=continue F2FS-fs (loop2): Found nat_bits in checkpoint F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop3): orphan cleanup on readonly fs Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0). EXT4-fs warning (device loop3): ext4_enable_quotas:5780: Failed to enable quota tracking (type=-1, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): Cannot turn on quotas: error -117 EXT4-fs (loop3): 1 truncate cleaned up EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nolazytime,barrier=0x000000007fff0038,data_err=abort,resgid=0x0000000000000000,resuid=0x0000000000000000,resgid=0x000000000000ee01,resgid=0x000000000000ee002,errors=continue *** Guest State *** CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000112250, shadow=0x0000000000112200, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GDTR: limit=0x00000000, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 EFER = 0x0000000000008000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff8116182e RSP = 0xffff88809c1079b8 EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f7e868c7700 GSBase=ffff8880ba500000 TRBase=fffffe000003e000 EXT4-fs (loop3): orphan cleanup on readonly fs GDTBase=fffffe000003c000 IDTBase=fffffe0000000000 Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0). CR0=0000000080050033 CR3=000000009b290000 CR4=00000000003426e0 Sysenter RSP=fffffe000003e000 CS:RIP=0010:ffffffff87401780 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** EXT4-fs warning (device loop3): ext4_enable_quotas:5780: Failed to enable quota tracking (type=-1, err=-117). Please run e2fsck to fix. PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 EXT4-fs (loop3): Cannot turn on quotas: error -117 EXT4-fs (loop3): 1 truncate cleaned up VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nolazytime,barrier=0x000000007fff0038,data_err=abort,resgid=0x0000000000000000,resuid=0x0000000000000000,resgid=0x000000000000ee01,resgid=0x000000000000ee002,errors=continue VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff455e3f1ceb TPR Threshold = 0x00 EPT pointer = 0x00000000af4d801e Virtual processor ID = 0x0001 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x00000000e0000031, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000002020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000002000 RSP = 0x0000000000000000 RIP = 0x0000000000009000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0050:0000000000000000 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue CS: sel=0x0050, attr=0x0a09b, limit=0xffffffff, base=0x0000000000000000 DS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 SS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 ES: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 FS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000003800 TR: sel=0x00d8, attr=0x0008b, limit=0x00000067, base=0x0000000000003a00 EFER = 0x0000000000008500 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff8116182e RSP = 0xffff8880582279b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f7e868e8700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=000000009b290000 CR4=00000000003426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401780 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b6a06dfa SecondaryExec=000040ea EntryControls=0000d3ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000001 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff44d891d2d9 TPR Threshold = 0x00 EPT pointer = 0x00000000a70eb01e Virtual processor ID = 0x0001 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x00000000e0000031, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000002020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000002000 RSP = 0x0000000000000000 RIP = 0x0000000000009000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0050:0000000000000000 CS: sel=0x0050, attr=0x0a09b, limit=0xffffffff, base=0x0000000000000000 DS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 SS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 ES: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 FS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000003800 TR: sel=0x00d8, attr=0x0008b, limit=0x00000067, base=0x0000000000003a00 EFER = 0x0000000000008500 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff8116182e RSP = 0xffff88809fd979b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f7e868e8700 GSBase=ffff8880ba500000 TRBase=fffffe000003e000 GDTBase=fffffe000003c000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=0000000097ed0000 CR4=00000000003426e0 Sysenter RSP=fffffe000003e000 CS:RIP=0010:ffffffff87401780 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b6a06dfa SecondaryExec=000040ea EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EntryControls=0000d3ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000001 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff44747be216 TPR Threshold = 0x00 EPT pointer = 0x00000000af55901e Virtual processor ID = 0x0001 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x00000000e0000031, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000002020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000002000 RSP = 0x0000000000000000 RIP = 0x0000000000009000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0050:0000000000000000 CS: sel=0x0050, attr=0x0a09b, limit=0xffffffff, base=0x0000000000000000 DS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 SS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 ES: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 FS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GS: sel=0x0058, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000001000 caif:caif_disconnect_client(): nothing to disconnect caif:caif_disconnect_client(): nothing to disconnect LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000003800 TR: sel=0x00d8, attr=0x0008b, limit=0x00000067, base=0x0000000000003a00 EFER = 0x0000000000008500 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 BFS-fs: bfs_iget(): Bad inode number loop4:00000002 *** Host State *** RIP = 0xffffffff8116182e RSP = 0xffff88805c62f9b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f7e868e8700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000000a9f88000 CR4=00000000003426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401780 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b6a06dfa SecondaryExec=000040ea EntryControls=0000d3ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000001 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff440fe29e33 TPR Threshold = 0x00 EPT pointer = 0x00000000920af01e Virtual processor ID = 0x0001 EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue BFS-fs: bfs_iget(): Bad inode number loop4:00000002 BFS-fs: bfs_iget(): Bad inode number loop4:00000002 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue BFS-fs: bfs_iget(): Bad inode number loop4:00000002 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue print_req_error: I/O error, dev loop5, sector 0 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 F2FS-fs (loop1): Found nat_bits in checkpoint EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue xt_hashlimit: max too large, truncated to 1048576 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 xt_hashlimit: max too large, truncated to 1048576 F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 overlayfs: failed to resolve './fi0e1': -7 xt_hashlimit: max too large, truncated to 1048576 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #1 xt_hashlimit: max too large, truncated to 1048576 attempt to access beyond end of device loop1: rw=2049, want=45104, limit=40427 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #1 F2FS-fs (loop1): Found nat_bits in checkpoint F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #0 overlayfs: failed to resolve './fi0e1': -7 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #0 UDF-fs: error (device loop3): udf_read_inode: (ino 1312) failed !bh UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #1 attempt to access beyond end of device loop1: rw=2049, want=45104, limit=40427 F2FS-fs (loop1): Found nat_bits in checkpoint F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 overlayfs: failed to resolve './fi0e1': -7 attempt to access beyond end of device loop1: rw=2049, want=45104, limit=40427 UDF-fs: error (device loop3): udf_read_inode: (ino 1312) failed !bh UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 F2FS-fs (loop1): Found nat_bits in checkpoint UDF-fs: error (device loop3): udf_read_inode: (ino 1312) failed !bh UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 overlayfs: failed to resolve './fi0e1': -7 XFS (loop2): DAX enabled. Warning: EXPERIMENTAL, use at your own risk XFS (loop2): DAX unsupported by block device. Turning off DAX. XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount XFS (loop2): Quotacheck needed: Please wait. XFS (loop2): Quotacheck: Done. attempt to access beyond end of device loop1: rw=2049, want=45104, limit=40427 syz-executor.2 (12603) used greatest stack depth: 23840 bytes left XFS (loop2): Unmounting Filesystem