R10: 0000000000004c00 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffefe26bbaf R14: 00007f7f93b4d300 R15: 0000000000022000 kobject_add_internal failed for 7:0-fuseblk with -EEXIST, don't try to register things with the same name in the same directory. watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:28459] Modules linked in: irq event stamp: 4521905 hardirqs last enabled at (4521904): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (4521905): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (2152328): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (2152331): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (2152331): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 28459 Comm: syz-executor.4 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184 Code: 48 c7 c0 c8 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d fc 5e d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 3b 19 e7 f8 eb c0 0f 0b 0f 0b 48 c7 c7 c8 RSP: 0018:ffff8880ba007c28 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3059 RBX: 0000000000000286 RCX: 1ffff1100844293f RDX: dffffc0000000000 RSI: ffff8880422149d8 RDI: 0000000000000286 RBP: ffff8880ba022b40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000022b40 R14: 0000000000000000 R15: ffff8880ba022b40 FS: 00007f7f93b4d700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6fd9e57718 CR3: 000000002de69000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __mod_timer kernel/time/timer.c:1071 [inline] mod_timer+0x4ea/0x1010 kernel/time/timer.c:1114 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:console_unlock+0xe7b/0x1110 kernel/printk/printk.c:2468 Code: ff df 48 c1 e8 03 80 3c 08 00 0f 85 66 02 00 00 48 83 3d af b5 a3 08 00 0f 84 9e 00 00 00 e8 9c c5 14 00 48 8b 7c 24 30 57 9d <0f> 1f 44 00 00 e9 9b fc ff ff e8 86 c5 14 00 0f 0b e8 7f c5 14 00 RSP: 0018:ffff888030237488 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc9000e564000 RDX: 0000000000040000 RSI: ffffffff814dcd24 RDI: 0000000000000246 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8446e8f0 R13: 0000000000000090 R14: 0000000000000000 R15: ffffffff8a6dcf90 vprintk_emit+0x2d1/0x740 kernel/printk/printk.c:1965 vprintk_func+0x79/0x180 kernel/printk/printk_safe.c:405 printk+0xba/0xed kernel/printk/printk.c:2040 kobject_add_internal.cold+0x3a/0xc0 lib/kobject.c:255 kobject_add_varg lib/kobject.c:382 [inline] kobject_add+0x150/0x1c0 lib/kobject.c:426 device_add+0x37b/0x16d0 drivers/base/core.c:2122 device_create_groups_vargs+0x1f4/0x270 drivers/base/core.c:2788 device_create_vargs drivers/base/core.c:2828 [inline] device_create+0xdf/0x120 drivers/base/core.c:2864 bdi_register_va.part.0+0x4c/0x750 mm/backing-dev.c:884 bdi_register_va+0x63/0x80 mm/backing-dev.c:900 super_setup_bdi_name+0x13c/0x250 fs/super.c:1321 fuse_bdi_init fs/fuse/inode.c:997 [inline] fuse_fill_super+0xa5f/0x16f0 fs/fuse/inode.c:1131 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7f93b4d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000020004300 RSI: 0000000020002040 RDI: 0000000020000000 RBP: 00000000004bfcc4 R08: 0000000020000280 R09: 0000000000000000 R10: 0000000000004c00 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffefe26bbaf R14: 00007f7f93b4d300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 28486 Comm: syz-executor.2 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:100 Code: e8 11 d3 35 00 e9 ab fe ff ff 4c 89 ef e8 04 d3 35 00 e9 23 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 8b 34 24 <65> 48 8b 04 25 c0 df 01 00 65 8b 15 7c 4c 9f 7e 81 e2 00 01 1f 00 RSP: 0018:ffff8880ba107ce8 EFLAGS: 00000206 RAX: ffff88804b14a180 RBX: 00000000000000c8 RCX: 0000000000000000 RDX: 0000000000000100 RSI: ffffffff8152edc4 RDI: 00000000000000c8 RBP: 0000000000000101 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 3ffffffffffffffe R13: 1ffff11017420fa7 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f6fd9e78700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbd896ee080 CR3: 0000000056026000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __msecs_to_jiffies+0x14/0x50 kernel/time/time.c:594 msecs_to_jiffies include/linux/jiffies.h:370 [inline] mrp_join_timer_arm+0x19/0x80 net/802/mrp.c:598 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:unwind_next_frame+0xe2b/0x1400 arch/x86/kernel/unwind_orc.c:571 Code: 8d 7e 40 4c 8b a4 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 03 00 00 4d 89 66 40 <48> b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 0f b6 04 02 84 RSP: 0018:ffff888032b27320 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000001 RBX: 1ffff11006564e6d RCX: 0000000000000000 RDX: dffffc0000000000 RSI: ffff888032b272b0 RDI: ffff888032b27d40 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 R10: ffff888032b274af R11: 0000000000074071 R12: ffff888032b27d70 R13: ffff888032b27485 R14: ffff888032b27450 R15: ffffffff8b9be058 __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 __do_kmalloc_node mm/slab.c:3689 [inline] __kmalloc_node+0x4c/0x70 mm/slab.c:3696 kmalloc_node include/linux/slab.h:557 [inline] kvmalloc_node+0x61/0xf0 mm/util.c:423 kvmalloc include/linux/mm.h:577 [inline] kvmalloc_array include/linux/mm.h:595 [inline] get_pages_array lib/iov_iter.c:1240 [inline] pipe_get_pages_alloc lib/iov_iter.c:1266 [inline] iov_iter_get_pages_alloc+0x562/0x1150 lib/iov_iter.c:1287 default_file_splice_read+0x191/0xa00 fs/splice.c:391 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6fd9e78188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 4000000000010046 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe4df1453f R14: 00007f6fd9e78300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 48 c7 c0 c8 82 f1 89 mov $0xffffffff89f182c8,%rax 7: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx e: fc ff df 11: 48 c1 e8 03 shr $0x3,%rax 15: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 19: 75 2f jne 0x4a 1b: 48 83 3d fc 5e d8 01 cmpq $0x0,0x1d85efc(%rip) # 0x1d85f1f 22: 00 23: 74 15 je 0x3a 25: 48 89 df mov %rbx,%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: eb b2 jmp 0xffffffe3 31: e8 3b 19 e7 f8 callq 0xf8e71971 36: eb c0 jmp 0xfffffff8 38: 0f 0b ud2 3a: 0f 0b ud2 3c: 48 rex.W 3d: c7 .byte 0xc7 3e: c7 (bad) 3f: c8 .byte 0xc8