INFO: task hung in blkdev_put
11 views
Skip to first unread message
syzbot
Jul 23, 2020, 5:33:22 PM7/23/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 20b3a3df Linux 4.19.134
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161f5ee8900000
kernel config: https://syzkaller.appspot.com/x/.config?x=7c76c572c403b9ac
dashboard link: https://syzkaller.appspot.com/bug?extid=cded3bd87b0c7c49c717
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cded3b...@syzkaller.appspotmail.com
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
INFO: task systemd-udevd:9009 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd D27512 9009 3699 0x00000100
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1829
blkdev_close+0x86/0xb0 fs/block_dev.c:1878
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f2e4fc1a270
Code: Bad RIP value.
RSP: 002b:00007ffda9f3dac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000000000f RCX: 00007f2e4fc1a270
RDX: 00007f2e4fc04b58 RSI: 0000000000000000 RDI: 000000000000000f
RBP: 00007f2e50ad3710 R08: 00005581ca740080 R09: 0000000000000009
R10: 7bc5fdac0f8aea53 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00005581ca72d970 R15: 000000000000000f
INFO: task syz-executor.3:10629 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28528 10629 6758 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
__rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309
call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
__down_read arch/x86/include/asm/rwsem.h:83 [inline]
down_read+0x44/0x80 kernel/locking/rwsem.c:26
__get_super.part.0+0x209/0x2e0 fs/super.c:698
__get_super include/linux/spinlock.h:329 [inline]
get_super+0x2b/0x50 fs/super.c:727
fsync_bdev+0x14/0xc0 fs/block_dev.c:483
invalidate_partition+0x74/0xb0 block/genhd.c:1580
drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454
rescan_partitions+0xab/0x970 block/partition-generic.c:527
__blkdev_reread_part+0x189/0x220 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:645 [inline]
loop_set_status+0x1035/0x1860 drivers/block/loop.c:1327
loop_set_status64+0xb2/0x110 drivers/block/loop.c:1447
lo_ioctl+0x41f/0x20e0 drivers/block/loop.c:1590
__blkdev_driver_ioctl block/ioctl.c:303 [inline]
blkdev_ioctl+0x5cb/0x1a7e block/ioctl.c:601
block_ioctl+0xe9/0x130 fs/block_dev.c:1896
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c0c7
Code: Bad RIP value.
RSP: 002b:00007f59c52b69f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f59c52b76d4 RCX: 000000000045c0c7
RDX: 00007f59c52b6ab0 RSI: 0000000000004c04 RDI: 0000000000000004
RBP: 0000000000000003 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000003
R13: 00007f59c52b76d4 R14: 0000000000000004 R15: 000000000078bf0c
INFO: task syz-executor.3:10662 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28816 10662 6758 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x415f71
Code: Bad RIP value.
RSP: 002b:00007f59c52959f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f59c52966d4 RCX: 0000000000415f71
RDX: 00007f59c5295baa RSI: 0000000000000002 RDI: 00007f59c5295ba0
RBP: 0000000000000003 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003
R13: 00007f59c52966d4 R14: 00007f59c52969c0 R15: 000000000078bfac
Showing all locks held in the system:
1 lock held by khungtaskd/1083:
#0: 0000000060cfca80 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by in:imklog/6135:
#0: 0000000077327aea (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
2 locks held by agetty/6138:
#0: 00000000093ae99b (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
#1: 00000000e4cebde4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
1 lock held by systemd-udevd/9009:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1829
2 locks held by syz-executor.1/10617:
2 locks held by syz-executor.3/10629:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
#1: 00000000cbd0f3b9 (&type->s_umount_key#72){.+.+}, at: __get_super.part.0+0x209/0x2e0 fs/super.c:698
1 lock held by syz-executor.3/10662:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1083 Comm: khungtaskd Not tainted 4.19.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 45 Comm: kworker/u4:2 Not tainted 4.19.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_purge_orig
RIP: 0010:mark_irqflags kernel/locking/lockdep.c:3005 [inline]
RIP: 0010:__lock_acquire+0xd8e/0x3ff0 kernel/locking/lockdep.c:3372
Code: 3c 10 00 0f 85 a1 27 00 00 48 83 3d e3 18 81 07 00 0f 84 eb 16 00 00 48 c7 c7 40 28 8c 8b e8 a9 ba 00 00 66 90 e9 60 fb ff ff <85> d2 0f 85 c5 02 00 00 41 8b 85 74 08 00 00 85 c0 0f 84 f6 f7 ff
RSP: 0018:ffff8880a96279d0 EFLAGS: 00000046
RAX: 0000000000000004 RBX: 0000000000000005 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 1ffff110152c1da2 RDI: ffff8880a960ed39
RBP: ffff8880a960ed3a R08: 00000000000005fb R09: 0000000000000002
R10: ffff8880a960ed18 R11: 0000000000000000 R12: 00000000000405fb
R13: ffff8880a960e440 R14: ffff8880a960ed30 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff50fff1028 CR3: 00000000a2cb8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
batadv_purge_orig_ref+0x16d/0x1110 net/batman-adv/originator.c:1363
batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1392
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 20b3a3df Linux 4.19.134
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161f5ee8900000
kernel config: https://syzkaller.appspot.com/x/.config?x=7c76c572c403b9ac
dashboard link: https://syzkaller.appspot.com/bug?extid=cded3bd87b0c7c49c717
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cded3b...@syzkaller.appspotmail.com
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
INFO: task systemd-udevd:9009 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd D27512 9009 3699 0x00000100
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1829
blkdev_close+0x86/0xb0 fs/block_dev.c:1878
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f2e4fc1a270
Code: Bad RIP value.
RSP: 002b:00007ffda9f3dac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000000000f RCX: 00007f2e4fc1a270
RDX: 00007f2e4fc04b58 RSI: 0000000000000000 RDI: 000000000000000f
RBP: 00007f2e50ad3710 R08: 00005581ca740080 R09: 0000000000000009
R10: 7bc5fdac0f8aea53 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00005581ca72d970 R15: 000000000000000f
INFO: task syz-executor.3:10629 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28528 10629 6758 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
__rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309
call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
__down_read arch/x86/include/asm/rwsem.h:83 [inline]
down_read+0x44/0x80 kernel/locking/rwsem.c:26
__get_super.part.0+0x209/0x2e0 fs/super.c:698
__get_super include/linux/spinlock.h:329 [inline]
get_super+0x2b/0x50 fs/super.c:727
fsync_bdev+0x14/0xc0 fs/block_dev.c:483
invalidate_partition+0x74/0xb0 block/genhd.c:1580
drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454
rescan_partitions+0xab/0x970 block/partition-generic.c:527
__blkdev_reread_part+0x189/0x220 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:645 [inline]
loop_set_status+0x1035/0x1860 drivers/block/loop.c:1327
loop_set_status64+0xb2/0x110 drivers/block/loop.c:1447
lo_ioctl+0x41f/0x20e0 drivers/block/loop.c:1590
__blkdev_driver_ioctl block/ioctl.c:303 [inline]
blkdev_ioctl+0x5cb/0x1a7e block/ioctl.c:601
block_ioctl+0xe9/0x130 fs/block_dev.c:1896
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c0c7
Code: Bad RIP value.
RSP: 002b:00007f59c52b69f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f59c52b76d4 RCX: 000000000045c0c7
RDX: 00007f59c52b6ab0 RSI: 0000000000004c04 RDI: 0000000000000004
RBP: 0000000000000003 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000003
R13: 00007f59c52b76d4 R14: 0000000000000004 R15: 000000000078bf0c
INFO: task syz-executor.3:10662 blocked for more than 140 seconds.
Not tainted 4.19.134-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28816 10662 6758 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x415f71
Code: Bad RIP value.
RSP: 002b:00007f59c52959f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f59c52966d4 RCX: 0000000000415f71
RDX: 00007f59c5295baa RSI: 0000000000000002 RDI: 00007f59c5295ba0
RBP: 0000000000000003 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003
R13: 00007f59c52966d4 R14: 00007f59c52969c0 R15: 000000000078bfac
Showing all locks held in the system:
1 lock held by khungtaskd/1083:
#0: 0000000060cfca80 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by in:imklog/6135:
#0: 0000000077327aea (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
2 locks held by agetty/6138:
#0: 00000000093ae99b (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
#1: 00000000e4cebde4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
1 lock held by systemd-udevd/9009:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1829
2 locks held by syz-executor.1/10617:
2 locks held by syz-executor.3/10629:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
#1: 00000000cbd0f3b9 (&type->s_umount_key#72){.+.+}, at: __get_super.part.0+0x209/0x2e0 fs/super.c:698
1 lock held by syz-executor.3/10662:
#0: 00000000d2bba361 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1083 Comm: khungtaskd Not tainted 4.19.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 45 Comm: kworker/u4:2 Not tainted 4.19.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_purge_orig
RIP: 0010:mark_irqflags kernel/locking/lockdep.c:3005 [inline]
RIP: 0010:__lock_acquire+0xd8e/0x3ff0 kernel/locking/lockdep.c:3372
Code: 3c 10 00 0f 85 a1 27 00 00 48 83 3d e3 18 81 07 00 0f 84 eb 16 00 00 48 c7 c7 40 28 8c 8b e8 a9 ba 00 00 66 90 e9 60 fb ff ff <85> d2 0f 85 c5 02 00 00 41 8b 85 74 08 00 00 85 c0 0f 84 f6 f7 ff
RSP: 0018:ffff8880a96279d0 EFLAGS: 00000046
RAX: 0000000000000004 RBX: 0000000000000005 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 1ffff110152c1da2 RDI: ffff8880a960ed39
RBP: ffff8880a960ed3a R08: 00000000000005fb R09: 0000000000000002
R10: ffff8880a960ed18 R11: 0000000000000000 R12: 00000000000405fb
R13: ffff8880a960e440 R14: ffff8880a960ed30 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff50fff1028 CR3: 00000000a2cb8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
batadv_purge_orig_ref+0x16d/0x1110 net/batman-adv/originator.c:1363
batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1392
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 21, 2020, 5:05:22 PM11/21/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2c746135 Linux 4.19.158
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1711f525500000
kernel config: https://syzkaller.appspot.com/x/.config?x=c19abec6250dfe36
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=121f21f5500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cded3b...@syzkaller.appspotmail.com
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
INFO: task syz-executor478:8302 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8319 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8323 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8324 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
release_journal_dev fs/reiserfs/journal.c:2601 [inline]
free_journal_ram+0x44b/0x600 fs/reiserfs/journal.c:1904
journal_init+0x3f2/0x6020 fs/reiserfs/journal.c:2904
reiserfs_fill_super+0xac5/0x2ce4 fs/reiserfs/super.c:2035
mount_bdev+0x2fc/0x3b0 fs/super.c:1158
mount_fs+0xa3/0x30c fs/super.c:1261
vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2469 [inline]
do_mount+0x113c/0x2f10 fs/namespace.c:2799
ksys_mount+0xcf/0x130 fs/namespace.c:3015
__do_sys_mount fs/namespace.c:3029 [inline]
__se_sys_mount fs/namespace.c:3026 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3026
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44f1ea
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00c68 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd8ae00cc0 RCX: 000000000044f1ea
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd8ae00c80
RBP: 0000000000000005 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
R13: 00007ffd8ae00c80 R14: 0000000000000000 R15: 00000000200002a0
INFO: task systemd-udevd:8340 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
Code: Bad RIP value.
RSP: 002b:00007ffc403a1a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000000000f RCX: 00007fe98cf02270
RDX: 00007fe98ceecb58 RSI: 0000000000000000 RDI: 000000000000000f
RBP: 00007fe98ddbb710 R08: 000055570224ae90 R09: 0000000000000000
R10: 0000000000000116 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffc403a1a88 R14: 0000555702245a50 R15: 000000000000000f
INFO: task syz-executor478:8342 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
loop_set_status_old+0x1bb/0x250 drivers/block/loop.c:1440
lo_ioctl+0x3b5/0x20e0 drivers/block/loop.c:1584
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000044c7b9
RDX: 0000000020000280 RSI: 0000000000004c02 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000000
R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8349 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
Code: Bad RIP value.
RSP: 002b:00007ffd8ae009d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000407901
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd8ae009e0
RBP: 000000000000000a R08: 000000000000000f R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
Showing all locks held in the system:
1 lock held by khungtaskd/1567:
#0: 000000007cd16e38 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by in:imklog/7793:
1 lock held by syz-executor478/8302:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
1 lock held by syz-executor478/8319:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
1 lock held by syz-executor478/8323:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
2 locks held by syz-executor478/8324:
#0: 000000000fa14dc7 (&type->s_umount_key#22/1){+.+.}, at: alloc_super fs/super.c:226 [inline]
#0: 000000000fa14dc7 (&type->s_umount_key#22/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519
#1: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xfc/0x870 fs/block_dev.c:1806
1 lock held by systemd-udevd/8340:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
2 locks held by syz-executor478/8342:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
#1: 000000000fa14dc7 (&type->s_umount_key#46){.+.+}, at: __get_super.part.0+0x209/0x2e0 fs/super.c:698
1 lock held by syz-executor478/8349:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.158-syzkaller #0
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline]
RIP: 0010:check_memory_region+0xcb/0x170 mm/kasan/kasan.c:267
Code: 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 80 38 00 <74> f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c 25 00 eb
RSP: 0018:ffff8880a0dbfac0 EFLAGS: 00000046
RAX: fffffbfff19aaacf RBX: fffffbfff19aaad0 RCX: ffffffff814c4451
RDX: fffffbfff19aaad0 RSI: 0000000000000004 RDI: ffffffff8cd55678
RBP: fffffbfff19aaacf R08: 0000000000000001 R09: fffffbfff19aaacf
R10: ffffffff8cd5567b R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880a0db65c0 R14: ffffffff8d4114a0 R15: 0000000000000001
FS: 00007f51375fc8c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
__lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3307
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
__debug_check_no_obj_freed lib/debugobjects.c:776 [inline]
debug_check_no_obj_freed+0xb5/0x482 lib/debugobjects.c:817
kfree+0xb9/0x210 mm/slab.c:3821
aa_free_file_ctx security/apparmor/include/file.h:76 [inline]
apparmor_file_free_security+0x9a/0xd0 security/apparmor/lsm.c:448
security_file_free+0x3e/0x70 security/security.c:885
file_free fs/file_table.c:54 [inline]
__fput+0x42a/0x890 fs/file_table.c:294
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffeff9c4858 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: fffffffffffffffe RBX: 00007ffeff9c4b60 RCX: 00007f5136b8c840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055bf2a2c56a0
RBP: 000000000000000d R08: 000000000000c0ff R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000055bf2a2b9040 R14: 00007ffeff9c4b20 R15: 000055bf2a2c62f0
HEAD commit: 2c746135 Linux 4.19.158
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1711f525500000
kernel config: https://syzkaller.appspot.com/x/.config?x=c19abec6250dfe36
dashboard link: https://syzkaller.appspot.com/bug?extid=cded3bd87b0c7c49c717
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1306cccd500000
compiler: gcc (GCC) 10.1.0-syz 20200507
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=121f21f5500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cded3b...@syzkaller.appspotmail.com
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
INFO: task syz-executor478:8302 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D27960 8302 8128 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1839
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4078a1
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8319 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D27960 8319 8130 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1839
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4078a1
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8323 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D27288 8323 8131 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1839
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4078a1
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8324 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D27960 8324 8126 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
__blkdev_put+0xfc/0x870 fs/block_dev.c:1806
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
release_journal_dev fs/reiserfs/journal.c:2601 [inline]
free_journal_ram+0x44b/0x600 fs/reiserfs/journal.c:1904
journal_init+0x3f2/0x6020 fs/reiserfs/journal.c:2904
reiserfs_fill_super+0xac5/0x2ce4 fs/reiserfs/super.c:2035
mount_bdev+0x2fc/0x3b0 fs/super.c:1158
mount_fs+0xa3/0x30c fs/super.c:1261
vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2469 [inline]
do_mount+0x113c/0x2f10 fs/namespace.c:2799
ksys_mount+0xcf/0x130 fs/namespace.c:3015
__do_sys_mount fs/namespace.c:3029 [inline]
__se_sys_mount fs/namespace.c:3026 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3026
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44f1ea
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00c68 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd8ae00cc0 RCX: 000000000044f1ea
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd8ae00c80
RBP: 0000000000000005 R08: 00007ffd8ae00cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
R13: 00007ffd8ae00c80 R14: 0000000000000000 R15: 00000000200002a0
INFO: task systemd-udevd:8340 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd D27760 8340 4695 0x00000100
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_put+0x30/0x520 fs/block_dev.c:1839
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
blkdev_close+0x86/0xb0 fs/block_dev.c:1888
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fe98cf02270
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffc403a1a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000000000f RCX: 00007fe98cf02270
RDX: 00007fe98ceecb58 RSI: 0000000000000000 RDI: 000000000000000f
RBP: 00007fe98ddbb710 R08: 000055570224ae90 R09: 0000000000000000
R10: 0000000000000116 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffc403a1a88 R14: 0000555702245a50 R15: 000000000000000f
INFO: task syz-executor478:8342 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D28304 8342 8132 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
__rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309
call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
__down_read arch/x86/include/asm/rwsem.h:83 [inline]
down_read+0x44/0x80 kernel/locking/rwsem.c:26
__get_super.part.0+0x209/0x2e0 fs/super.c:698
__get_super include/linux/spinlock.h:329 [inline]
get_super+0x2b/0x50 fs/super.c:727
fsync_bdev+0x14/0xc0 fs/block_dev.c:483
invalidate_partition+0x74/0xb0 block/genhd.c:1580
drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454
rescan_partitions+0xab/0x970 block/partition-generic.c:527
__blkdev_reread_part+0x189/0x220 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:645 [inline]
loop_set_status+0x103e/0x1800 drivers/block/loop.c:1330
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
__rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309
call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
__down_read arch/x86/include/asm/rwsem.h:83 [inline]
down_read+0x44/0x80 kernel/locking/rwsem.c:26
__get_super.part.0+0x209/0x2e0 fs/super.c:698
__get_super include/linux/spinlock.h:329 [inline]
get_super+0x2b/0x50 fs/super.c:727
fsync_bdev+0x14/0xc0 fs/block_dev.c:483
invalidate_partition+0x74/0xb0 block/genhd.c:1580
drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454
rescan_partitions+0xab/0x970 block/partition-generic.c:527
__blkdev_reread_part+0x189/0x220 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:645 [inline]
loop_set_status_old+0x1bb/0x250 drivers/block/loop.c:1440
lo_ioctl+0x3b5/0x20e0 drivers/block/loop.c:1584
__blkdev_driver_ioctl block/ioctl.c:303 [inline]
blkdev_ioctl+0x5cb/0x1a7e block/ioctl.c:601
block_ioctl+0xe9/0x130 fs/block_dev.c:1906
blkdev_ioctl+0x5cb/0x1a7e block/ioctl.c:601
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44c7b9
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffd8ae00e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000044c7b9
RDX: 0000000020000280 RSI: 0000000000004c02 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000000
R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor478:8349 blocked for more than 140 seconds.
Not tainted 4.19.158-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor478 D28640 8349 8129 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x407901
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
__mutex_lock_common kernel/locking/mutex.c:1002 [inline]
__mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: Bad RIP value.
RSP: 002b:00007ffd8ae009d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000407901
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd8ae009e0
RBP: 000000000000000a R08: 000000000000000f R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000
Showing all locks held in the system:
#0: 000000007cd16e38 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by in:imklog/7793:
1 lock held by syz-executor478/8302:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
1 lock held by syz-executor478/8319:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
1 lock held by syz-executor478/8323:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
2 locks held by syz-executor478/8324:
#0: 000000000fa14dc7 (&type->s_umount_key#22/1){+.+.}, at: alloc_super fs/super.c:226 [inline]
#0: 000000000fa14dc7 (&type->s_umount_key#22/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519
#1: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xfc/0x870 fs/block_dev.c:1806
1 lock held by systemd-udevd/8340:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1839
2 locks held by syz-executor478/8342:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
#1: 000000000fa14dc7 (&type->s_umount_key#46){.+.+}, at: __get_super.part.0+0x209/0x2e0 fs/super.c:698
1 lock held by syz-executor478/8349:
#0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x33f/0x460 kernel/kthread.c:259
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4691 Comm: systemd-journal Not tainted 4.19.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:bytes_is_nonzero mm/kasan/kasan.c:167 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline]
RIP: 0010:check_memory_region+0xcb/0x170 mm/kasan/kasan.c:267
Code: 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 80 38 00 <74> f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c 25 00 eb
RSP: 0018:ffff8880a0dbfac0 EFLAGS: 00000046
RAX: fffffbfff19aaacf RBX: fffffbfff19aaad0 RCX: ffffffff814c4451
RDX: fffffbfff19aaad0 RSI: 0000000000000004 RDI: ffffffff8cd55678
RBP: fffffbfff19aaacf R08: 0000000000000001 R09: fffffbfff19aaacf
R10: ffffffff8cd5567b R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880a0db65c0 R14: ffffffff8d4114a0 R15: 0000000000000001
FS: 00007f51375fc8c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51349f7000 CR3: 00000000a181c000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3307
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
__debug_check_no_obj_freed lib/debugobjects.c:776 [inline]
debug_check_no_obj_freed+0xb5/0x482 lib/debugobjects.c:817
kfree+0xb9/0x210 mm/slab.c:3821
aa_free_file_ctx security/apparmor/include/file.h:76 [inline]
apparmor_file_free_security+0x9a/0xd0 security/apparmor/lsm.c:448
security_file_free+0x3e/0x70 security/security.c:885
file_free fs/file_table.c:54 [inline]
__fput+0x42a/0x890 fs/file_table.c:294
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5136b8c840
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffeff9c4858 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: fffffffffffffffe RBX: 00007ffeff9c4b60 RCX: 00007f5136b8c840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055bf2a2c56a0
RBP: 000000000000000d R08: 000000000000c0ff R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000055bf2a2b9040 R14: 00007ffeff9c4b20 R15: 000055bf2a2c62f0
Reply all
Reply to author
Forward
0 new messages