From: Wolfgang Walter <linux@stwm.de>
To: linux-kernel@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Subject: kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_
Date: Thu, 16 Jan 2020 20:29:19 +0000 [thread overview]
Message-ID: <3228186.u84BEOoAb4@stwm.de> (raw)
SGVsbG8sCgp3aXRoIDUuNC41IGFuZCBsYXRlciAoYnV0IGRpZG4ndCB0ZXN0IGxvd2VyIDUuNCB2
ZXJzaW9ucykgSSBnZXQgdGhlIGZvbGxvd2luZyBrZXJuZWwgZmFpbHVyZToKCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTIyMV0gLS0tLS0tLS0tLS0tWyBjdXQg
aGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTIyOF0gcmVmY291bnRfdDogaW5jcmVtZW50IG9uIDA7IHVzZS1hZnRlci1mcmVlLgpK
YW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODkyNzFdIFdBUk5JTkc6
IENQVTogMSBQSUQ6IDI4ODEzIGF0IGxpYi9yZWZjb3VudC5jOjE1NiByZWZjb3VudF9pbmNfY2hl
Y2tlZCsweDI2LzB4MzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTg5MjczXSBNb2R1bGVzIGxpbmtlZCBpbjogcnBjc2VjX2dzc19rcmI1KEUpIG5mc3Y0KEUpIGRu
c19yZXNvbHZlcihFKSBuZnMoRSkgbG9ja2QoRSkgZ3JhY2UoRSkgZnNjYWNoZShFKSBiaW5mbXRf
bWlzYyhFKSBpbnRlbF9yYXBsX21zcihFKSBpbnRlbF9yYXBsX2NvbW1vbihFKSBrdm1faW50ZWwo
RSkga3ZtKEUpIGlycWJ5cGFzcyhFKSBjcmN0MTBkaWZfcGNsbXVsKEUpIGNyYzMyX3BjbG11bChF
KSBnaGFzaF9jbG11bG5pX2ludGVsKEUpIGFlc25pX2ludGVsKEUpIGNyeXB0b19zaW1kKEUpIGNy
eXB0ZChFKSBnbHVlX2hlbHBlcihFKSBzbmRfaGRhX2NvZGVjX2dlbmVyaWMoRSkgbGVkdHJpZ19h
dWRpbyhFKSBzbmRfaGRhX2ludGVsKEUpIHNuZF9pbnRlbF9uaGx0KEUpIHNuZF9oZGFfY29kZWMo
RSkgc25kX2hkYV9jb3JlKEUpIHNuZF9od2RlcChFKSBjaXJydXMoRSkgc25kX3BjbShFKSBldmRl
dihFKSBqb3lkZXYoRSkgc25kX3RpbWVyKEUpIHNlcmlvX3JhdyhFKSB2aXJ0aW9fYmFsbG9vbihF
KSBzbmQoRSkgZHJtX2ttc19oZWxwZXIoRSkgc291bmRjb3JlKEUpIHBjc3BrcihFKSBkcm0oRSkg
YnV0dG9uKEUpIGF1dGhfcnBjZ3NzKEUpIHN1bnJwYyhFKSB2aXJ0aW9fcm5nKEUpIHJuZ19jb3Jl
KEUpIGlwX3RhYmxlcyhFKSB4X3RhYmxlcyhFKSBhdXRvZnM0KEUpIGV4dDQoRSkgY3JjMzJjX2dl
bmVyaWMoRSkgY3JjMTYoRSkgbWJjYWNoZShFKSBqYmQyKEUpIGhpZF9nZW5lcmljKEUpIHVzYmhp
ZChFKSBoaWQoRSkgYXRhX2dlbmVyaWMoRSkgdmlydGlvX25ldChFKSBuZXRfZmFpbG92ZXIoRSkg
ZmFpbG92ZXIoRSkgdmlydGlvX2JsayhFKSB1aGNpX2hjZChFKSBlaGNpX2hjZChFKSBhaGNpKEUp
IGxpYmFoY2koRSkgYXRhX3BpaXgoRSkgY3JjMzJjX2ludGVsKEUpIHBzbW91c2UoRSkgaTJjX3Bp
aXg0KEUpIHVzYmNvcmUoRSkgdmlydGlvX3BjaShFKSBsaWJhdGEoRSkgdmlydGlvX3JpbmcoRSkg
dmlydGlvKEUpIHNjc2lfbW9kKEUpIGZsb3BweShFKQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41ODk0OTZdIENQVTogMSBQSUQ6IDI4ODEzIENvbW06IHRsam9iLmV4
ZSBUYWludGVkOiBHICAgICAgICAgICAgRSAgICAgNS40LjUtZGViaWFuNjQuYWxsKzEuMSAjMQpK
YW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk0OTddIEhhcmR3YXJl
IG5hbWU6IEJvY2hzIEJvY2hzLCBCSU9TIEJvY2hzIDAxLzAxLzIwMTEKSmFuIDEzIDE3OjMyOjIz
IGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NTAxXSBSSVA6IDAwMTA6cmVmY291bnRfaW5j
X2NoZWNrZWQrMHgyNi8weDMwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTUwM10gQ29kZTogMDAgMDAgMDAgMDAgZTggOWIgZmYgZmYgZmYgODQgYzAgNzQgMDEg
YzMgODAgM2QgNmUgZjkgY2UgMDAgMDAgNzUgZjYgNDggYzcgYzcgZjAgYjEgOGQgOWQgYzYgMDUg
NWUgZjkgY2UgMDAgMDEgZTggYTggMzIgYzcgZmYgPDBmPiAwYiBjMyAwZiAxZiA4MCAwMCAwMCAw
MCAwMCA0MSA1NCA4YiAwNiA4MyBmOCBmZiA3NCAxZCAzMSBjOSAzOQpKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1MDVdIFJTUDogMDAxODpmZmZmYjVmMzgwOWUz
NzY4IEVGTEFHUzogMDAwMTAyODYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIw
NzI5MTYuNTg5NTA3XSBSQVg6IDAwMDAwMDAwMDAwMDAwMDAgUkJYOiBmZmZmYjVmMzgwOWUzODA4
IFJDWDogMDAwMDAwMDAwMDAwMDAwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBb
MjA3MjkxNi41ODk1MDhdIFJEWDogMDAwMDAwMDAwMDAwMDAwMSBSU0k6IDAwMDAwMDAwMDAwMDAw
OTYgUkRJOiAwMDAwMDAwMGZmZmZmZmZmCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU4OTUwOV0gUkJQOiBmZmZmOGYwOGJiZTNiMzAwIFIwODogMDAwMDAwMDAwMDAw
MDIwNSBSMDk6IDAwMDAwMDAwMDAwMDAwMDQKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5l
bDogWzIwNzI5MTYuNTg5NTEwXSBSMTA6IDAwMDAwMDAwMDAwMDAwMDAgUjExOiAwMDAwMDAwMDAw
MDAwMDAxIFIxMjogZmZmZjhmMDhiZDc4ZmMwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2Vy
bmVsOiBbMjA3MjkxNi41ODk1MTFdIFIxMzogMDAwMDAwMDAwMDAwMDAwMCBSMTQ6IDAwMDAwMDAw
MDAwMDAwMDAgUjE1OiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBr
ZXJuZWw6IFsyMDcyOTE2LjU4OTUxM10gRlM6ICAwMDAwMDAwMDAwM2Y0MDAwKDAwNmIpIEdTOmZm
ZmY4ZjA4YmRiMDAwMDAoMDA2Mykga25sR1M6MDAwMDAwMDAwMjg5M2I0MApKYW4gMTMgMTc6MzI6
MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1MTVdIENTOiAgMDAxMCBEUzogMDAyYiBF
UzogMDAyYiBDUjA6IDAwMDAwMDAwODAwNTAwMzMKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtl
cm5lbDogWzIwNzI5MTYuNTg5NTI4XSBDUjI6IDAwMDAwMDAwMTAwMjg2MDAgQ1IzOiAwMDAwMDAw
MDI2ZWNlMDAwIENSNDogMDAwMDAwMDAwMDA0MDZlMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41ODk1MzRdIERSMDogMDAwMDAwMDAwMDAwMDAwMCBEUjE6IDAwMDAw
MDAwMDAwMDAwMDAgRFIyOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFu
eiBrZXJuZWw6IFsyMDcyOTE2LjU4OTUzNV0gRFIzOiAwMDAwMDAwMDAwMDAwMDAwIERSNjogMDAw
MDAwMDBmZmZlMGZmMCBEUjc6IDAwMDAwMDAwMDAwMDA0MDAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0
YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NTM3XSBDYWxsIFRyYWNlOgpKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1NzldICBrZXlyaW5nX3NlYXJjaF9yY3UrMHg4
Ny8weDkwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTYwOV0g
IHNlYXJjaF9jcmVkX2tleXJpbmdzX3JjdSsweDJmLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25z
dGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTYxNF0gIHNlYXJjaF9wcm9jZXNzX2tleXJpbmdzX3Jj
dSsweDExLzB4YzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5
NjE4XSAgcmVxdWVzdF9rZXlfYW5kX2xpbmsrMHgxMTYvMHg3NjAKSmFuIDEzIDE3OjMyOjIzIGtv
bnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NjIyXSAgPyBrZXlyaW5nX2FsbG9jKzB4NzAvMHg3
MApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk2MjRdICA/IGtl
eV9kZWZhdWx0X2NtcCsweDIwLzB4MjAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDog
WzIwNzI5MTYuNTg5NjI3XSAgcmVxdWVzdF9rZXlfdGFnKzB4NDQvMHhhMApKYW4gMTMgMTc6MzI6
MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk3MTddICBuZnNfaWRtYXBfZ2V0X2tleSsw
eDExOC8weDFmMCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTc0OF0gIG5mc19pZG1hcF9sb29rdXBfaWQrMHgzMC8weDgwIFtuZnN2NF0KSmFuIDEz
IDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NzY0XSAgbmZzX21hcF9uYW1l
X3RvX3VpZCsweDEzYi8weDE1MCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJu
ZWw6IFsyMDcyOTE2LjU4OTc3OF0gIGRlY29kZV9nZXRmYXR0cl9hdHRycysweGRiZC8weDExMTAg
W25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk3ODZd
ICA/IF9yYXdfc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSsweDIwLzB4NDAKSmFuIDEzIDE3OjMyOjIz
IGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5Nzg5XSAgPyBfX3dha2VfdXBfY29tbW9uX2xv
Y2srMHg4YS8weGMwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4
OTgwM10gIG5mczRfZGVjb2RlX2RpcmVudCsweDE3My8weDJiMCBbbmZzdjRdCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTg2OF0gIG5mc19yZWFkZGlyX3BhZ2Vf
ZmlsbGVyKzB4MTYxLzB4NjUwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU4OTg5MF0gIG5mc19yZWFkZGlyX3hkcl90b19hcnJheSsweDIwYy8weDNkMCBb
bmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk4OTRdICA/
IHhhc19zdG9yZSsweDFiNy8weDVlMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBb
MjA3MjkxNi41ODk4OTldICA/IF9fYWRkX3RvX3BhZ2VfY2FjaGVfbG9ja2VkKzB4MjU4LzB4MzYw
CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkwOV0gIG5mc19y
ZWFkZGlyX2ZpbGxlcisweDFlLzB4ODAgW25mc10KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtl
cm5lbDogWzIwNzI5MTYuNTg5OTExXSAgZG9fcmVhZF9jYWNoZV9wYWdlKzB4MmU0LzB4ODEwCkph
biAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkyMl0gID8gbmZzX3Jl
YWRkaXJfeGRyX3RvX2FycmF5KzB4M2QwLzB4M2QwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25z
dGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkyNl0gID8gdmVyaWZ5X2RpcmVudF9uYW1lKzB4MTYv
MHgzMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5MjhdICA/
IGZpbGxkaXI2NCsweDNhLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsy
MDcyOTE2LjU4OTkzOF0gIG5mc19yZWFkZGlyKzB4MTIyLzB4NGUwIFtuZnNdCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTk1M10gID8gbmZzNF94ZHJfZGVjX2xv
b2t1cHArMHhkMC8weGQwIFtuZnN2NF0KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDog
WzIwNzI5MTYuNTg5OTU2XSAgaXRlcmF0ZV9kaXIrMHg5Mi8weDFhMApKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NjBdICBrc3lzX2dldGRlbnRzNjQrMHg5Yy8w
eDEzMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NjNdICA/
IGZpbGxkaXIrMHgxNzAvMHgxNzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIw
NzI5MTYuNTg5OTY2XSAgX19pYTMyX3N5c19nZXRkZW50czY0KzB4MTUvMHgyMApKYW4gMTMgMTc6
MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NzBdICBkb19mYXN0X3N5c2NhbGxf
MzIrMHg5YS8weDIxNgpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
ODk5NzldICBlbnRyeV9TWVNFTlRFUl9jb21wYXQrMHg3Zi8weDkxCkphbiAxMyAxNzozMjoyMyBr
b25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTk5Ml0gLS0tWyBlbmQgdHJhY2UgMTQ5ZWRiNDMx
ZjEyMzViOCBdLS0tCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDAyMF0gLS0tLS0tLS0tLS0tWyBjdXQgaGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDAyMV0gcmVmY291bnRfdDogdW5kZXJmbG93
OyB1c2UtYWZ0ZXItZnJlZS4KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5
MTYuNTkwMDM4XSBXQVJOSU5HOiBDUFU6IDEgUElEOiAyODgxMyBhdCBsaWIvcmVmY291bnQuYzox
OTAgcmVmY291bnRfc3ViX2FuZF90ZXN0X2NoZWNrZWQrMHg1NS8weDYwCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDAzOV0gTW9kdWxlcyBsaW5rZWQgaW46IHJw
Y3NlY19nc3Nfa3JiNShFKSBuZnN2NChFKSBkbnNfcmVzb2x2ZXIoRSkgbmZzKEUpIGxvY2tkKEUp
IGdyYWNlKEUpIGZzY2FjaGUoRSkgYmluZm10X21pc2MoRSkKIGludGVsX3JhcGxfbXNyKEUpIGlu
dGVsX3JhcGxfY29tbW9uKEUpIGt2bV9pbnRlbChFKSBrdm0oRSkgaXJxYnlwYXNzKEUpIGNyY3Qx
MGRpZl9wY2xtdWwoRSkgY3JjMzJfcGNsbXVsKEUpIGdoYXNoX2NsbXVsbmlfaW50ZWwoRSkgYWVz
bmlfaW50ZWwoRSkgY3J5cHRvX3NpbWQoRSkgYwpyeXB0ZChFKSBnbHVlX2hlbHBlcihFKSBzbmRf
aGRhX2NvZGVjX2dlbmVyaWMoRSkgbGVkdHJpZ19hdWRpbyhFKSBzbmRfaGRhX2ludGVsKEUpIHNu
ZF9pbnRlbF9uaGx0KEUpIHNuZF9oZGFfY29kZWMoRSkgc25kX2hkYV9jb3JlKEUpIHNuZF9od2Rl
cChFKSBjaXJydXMoRSkgc25kX3BjCm0oRSkgZXZkZXYoRSkgam95ZGV2KEUpIHNuZF90aW1lcihF
KSBzZXJpb19yYXcoRSkgdmlydGlvX2JhbGxvb24oRSkgc25kKEUpIGRybV9rbXNfaGVscGVyKEUp
IHNvdW5kY29yZShFKSBwY3Nwa3IoRSkgZHJtKEUpIGJ1dHRvbihFKSBhdXRoX3JwY2dzcyhFKSBz
dW5ycGMoRSkgdmlydGkKb19ybmcoRSkgcm5nX2NvcmUoRSkgaXBfdGFibGVzKEUpIHhfdGFibGVz
KEUpIGF1dG9mczQoRSkgZXh0NChFKSBjcmMzMmNfZ2VuZXJpYyhFKSBjcmMxNihFKSBtYmNhY2hl
KEUpIGpiZDIoRSkgaGlkX2dlbmVyaWMoRSkgdXNiaGlkKEUpIGhpZChFKSBhdGFfZ2VuZXJpYyhF
KSB2aXJ0aW9fbmV0KEUpIG5ldF9mYWlsb3ZlcihFKSBmYWlsb3ZlcihFKSB2aXJ0aW9fYmxrKEUp
IHVoY2lfaGNkKEUpIGVoY2lfaGNkKEUpIGFoY2koRSkgbGliYWhjaShFKSBhdGFfcGlpeChFKSBj
cmMzMmNfaW50ZWwoRSkgcHNtb3VzZShFKSBpMmNfcGlpeDQoRSkgdXNiY29yZShFKSB2aXJ0aW9f
cGNpKEUpIGxpYmF0YShFKSB2aXJ0aW9fcmluZyhFKSB2aXJ0aW8oRSkgc2NzaV9tb2QoRSkgZmxv
cHB5KEUpCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDA2OV0g
Q1BVOiAxIFBJRDogMjg4MTMgQ29tbTogdGxqb2IuZXhlIFRhaW50ZWQ6IEcgICAgICAgIFcgICBF
ICAgICA1LjQuNS1kZWJpYW42NC5hbGwrMS4xICMxCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBr
ZXJuZWw6IFsyMDcyOTE2LjU5MDA3MF0gSGFyZHdhcmUgbmFtZTogQm9jaHMgQm9jaHMsIEJJT1Mg
Qm9jaHMgMDEvMDEvMjAxMQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3Mjkx
Ni41OTAwNzNdIFJJUDogMDAxMDpyZWZjb3VudF9zdWJfYW5kX3Rlc3RfY2hlY2tlZCsweDU1LzB4
NjAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMDc1XSBDb2Rl
OiBlMCA0MSA1YyBjMyA0NCA4OSBlMCA0MSA1YyBjMyA0NCAwZiBiNiAyNSAxMSBmOSBjZSAwMCA0
NSA4NCBlNCA3NSBlNCA0OCBjNyBjNyAyMCBiMiA4ZCA5ZCBjNiAwNSBmZSBmOCBjZSAwMCAwMSBl
OCA0OSAzMiBjNyBmZiA8MGY+IDBiIGViIGQwIDBmIDFmIDgwIDAwIDAwIDAwIDAwIDQ4IDg5IGZl
IGJmIDAxIDAwIDAwIDAwIGViIDk2IDY2CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU5MDA3Nl0gUlNQOiAwMDE4OmZmZmZiNWYzODA5ZTM4ZTggRUZMQUdTOiAwMDAx
MDI4MgpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAwNzhdIFJB
WDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IDAwMDAwMDAwMDAwMDAwMWMgUkNYOiAwMDAwMDAwMDAw
MDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDA3OV0g
UkRYOiAwMDAwMDAwMDAwMDAwMDAxIFJTSTogMDAwMDAwMDAwMDAwMDA5MiBSREk6IDAwMDAwMDAw
ZmZmZmZmZmYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMDgw
XSBSQlA6IGZmZmY4ZjA4Njc0MDYyMDAgUjA4OiAwMDAwMDAwMDAwMDAwMjM5IFIwOTogMDAwMDAw
MDAwMDAwMDAwNApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAw
ODFdIFIxMDogMDAwMDAwMDAwMDAwMDAwMCBSMTE6IDAwMDAwMDAwMDAwMDAwMDEgUjEyOiAwMDAw
MDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDA4Ml0gUjEzOiBmZmZmZmZmZmMwYWVkOGE4IFIxNDogZmZmZjhmMDg2NzQwNjIwMCBSMTU6IGZm
ZmY4ZjA4NzRjMjg0YzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTkwMDg0XSBGUzogIDAwMDAwMDAwMDAzZjQwMDAoMDA2YikgR1M6ZmZmZjhmMDhiZGIwMDAwMCgw
MDYzKSBrbmxHUzowMDAwMDAwMDAyODkzYjQwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJu
ZWw6IFsyMDcyOTE2LjU5MDA4NV0gQ1M6ICAwMDEwIERTOiAwMDJiIEVTOiAwMDJiIENSMDogMDAw
MDAwMDA4MDA1MDAzMwpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
OTAwODZdIENSMjogMDAwMDAwMDAxMDAyODYwMCBDUjM6IDAwMDAwMDAwMjZlY2UwMDAgQ1I0OiAw
MDAwMDAwMDAwMDQwNmUwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2
LjU5MDA5MV0gRFIwOiAwMDAwMDAwMDAwMDAwMDAwIERSMTogMDAwMDAwMDAwMDAwMDAwMCBEUjI6
IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5
MTYuNTkwMDkyXSBEUjM6IDAwMDAwMDAwMDAwMDAwMDAgRFI2OiAwMDAwMDAwMGZmZmUwZmYwIERS
NzogMDAwMDAwMDAwMDAwMDQwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3
MjkxNi41OTAwOTNdIENhbGwgVHJhY2U6CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU5MDA5Nl0gIGtleV9wdXQrMHhmLzB4MzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0
YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTEzXSAgbmZzX2lkbWFwX2dldF9rZXkrMHgxYWMvMHgx
ZjAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAx
MjddICBuZnNfaWRtYXBfbG9va3VwX2lkKzB4MzAvMHg4MCBbbmZzdjRdCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDEzOV0gIG5mc19tYXBfbmFtZV90b191aWQr
MHgxM2IvMHgxNTAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3
MjkxNi41OTAxNTFdICBkZWNvZGVfZ2V0ZmF0dHJfYXR0cnMrMHhkYmQvMHgxMTEwIFtuZnN2NF0K
SmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTU1XSAgPyBfcmF3
X3NwaW5fdW5sb2NrX2lycXJlc3RvcmUrMHgyMC8weDQwCkphbiAxMyAxNzozMjoyMyBrb25zdGFu
eiBrZXJuZWw6IFsyMDcyOTE2LjU5MDE1N10gID8gX193YWtlX3VwX2NvbW1vbl9sb2NrKzB4OGEv
MHhjMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAxNjhdICBu
ZnM0X2RlY29kZV9kaXJlbnQrMHgxNzMvMHgyYjAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29u
c3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAxNzhdICBuZnNfcmVhZGRpcl9wYWdlX2ZpbGxlcisw
eDE2MS8weDY1MCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3Mjkx
Ni41OTAxOTBdICBuZnNfcmVhZGRpcl94ZHJfdG9fYXJyYXkrMHgyMGMvMHgzZDAgW25mc10KSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTkzXSAgPyB4YXNfc3Rv
cmUrMHgxYjcvMHg1ZTAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTkwMTk2XSAgPyBfX2FkZF90b19wYWdlX2NhY2hlX2xvY2tlZCsweDI1OC8weDM2MApKYW4gMTMg
MTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyMDRdICBuZnNfcmVhZGRpcl9m
aWxsZXIrMHgxZS8weDgwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsy
MDcyOTE2LjU5MDIwN10gIGRvX3JlYWRfY2FjaGVfcGFnZSsweDJlNC8weDgxMApKYW4gMTMgMTc6
MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyMTVdICA/IG5mc19yZWFkZGlyX3hk
cl90b19hcnJheSsweDNkMC8weDNkMCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2Vy
bmVsOiBbMjA3MjkxNi41OTAyMThdICA/IHZlcmlmeV9kaXJlbnRfbmFtZSsweDE2LzB4MzAKSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjIwXSAgPyBmaWxsZGly
NjQrMHgzYS8weDE3MApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
OTAyMjhdICBuZnNfcmVhZGRpcisweDEyMi8weDRlMCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29u
c3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyNDBdICA/IG5mczRfeGRyX2RlY19sb29rdXBwKzB4
ZDAvMHhkMCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2
LjU5MDI0M10gIGl0ZXJhdGVfZGlyKzB4OTIvMHgxYTAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56
IGtlcm5lbDogWzIwNzI5MTYuNTkwMjQ2XSAga3N5c19nZXRkZW50czY0KzB4OWMvMHgxMzAKSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjQ5XSAgPyBmaWxsZGly
KzB4MTcwLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDI1Ml0gIF9faWEzMl9zeXNfZ2V0ZGVudHM2NCsweDE1LzB4MjAKSmFuIDEzIDE3OjMyOjIzIGtv
bnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjU1XSAgZG9fZmFzdF9zeXNjYWxsXzMyKzB4OWEv
MHgyMTYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjU3XSAg
ZW50cnlfU1lTRU5URVJfY29tcGF0KzB4N2YvMHg5MQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41OTAyNjFdIC0tLVsgZW5kIHRyYWNlIDE0OWVkYjQzMWYxMjM1Yjkg
XS0tLQoKCgoKCkhlcmUgd2l0aCA1LjQuMTI6CgoKCkphbiAxNiAyMDoyNjoxOCBrb25zdGFueiBr
ZXJuZWw6IFsgICAgNS41NDgxMTddIEtleSB0eXBlIGlkX3Jlc29sdmVyIHJlZ2lzdGVyZWQKSmFu
IDE2IDIwOjI2OjE4IGtvbnN0YW56IGtlcm5lbDogWyAgICA1LjU0ODExOF0gS2V5IHR5cGUgaWRf
bGVnYWN5IHJlZ2lzdGVyZWQKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0
LjA5MDk2MF0gLS0tLS0tLS0tLS0tWyBjdXQgaGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxNiAyMDo0
MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTA5NjVdIHJlZmNvdW50X3Q6IGluY3JlbWVu
dCBvbiAwOyB1c2UtYWZ0ZXItZnJlZS4KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDog
WyAgOTI0LjA5MTAwMV0gV0FSTklORzogQ1BVOiAxIFBJRDogMTI0NyBhdCBsaWIvcmVmY291bnQu
YzoxNTYgcmVmY291bnRfaW5jX2NoZWNrZWQrMHgyNi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTEwMDNdIE1vZHVsZXMgbGlua2VkIGluOiBycGNzZWNfZ3Nz
X2tyYjUoRSkgbmZzdjQoRSkgZG5zX3Jlc29sdmVyKEUpIG5mcyhFKSBsb2NrZChFKSBncmFjZShF
KSBmc2NhY2hlKEUpIGludGVsX3JhcGxfbXNyKEUpIGludGVsX3JhcGxfY29tbW9uKEUpIGt2bV9p
bnRlbChFKSBrdm0oRSkgaXJxYnlwYXNzKEUpIGJpbmZtdF9taXNjKEUpIGNyY3QxMGRpZl9wY2xt
dWwoRSkgY3JjMzJfcGNsbXVsKEUpIGdoYXNoX2NsbXVsbmlfaW50ZWwoRSkgYWVzbmlfaW50ZWwo
RSkgY3J5cHRvX3NpbWQoRSkgY3J5cHRkKEUpIGdsdWVfaGVscGVyKEUpIHNuZF9oZGFfY29kZWNf
Z2VuZXJpYyhFKSBsZWR0cmlnX2F1ZGlvKEUpIHNuZF9oZGFfaW50ZWwoRSkgc25kX2ludGVsX25o
bHQoRSkgc25kX2hkYV9jb2RlYyhFKSBjaXJydXMoRSkgc25kX2hkYV9jb3JlKEUpIGRybV9rbXNf
aGVscGVyKEUpIHNuZF9od2RlcChFKSBzbmRfcGNtKEUpIHNuZF90aW1lcihFKSBzbmQoRSkgZXZk
ZXYoRSkgam95ZGV2KEUpIHNlcmlvX3JhdyhFKSBwY3Nwa3IoRSkgc291bmRjb3JlKEUpIHZpcnRp
b19iYWxsb29uKEUpIGRybShFKSBidXR0b24oRSkgYXV0aF9ycGNnc3MoRSkgc3VucnBjKEUpIHZp
cnRpb19ybmcoRSkgcm5nX2NvcmUoRSkgaXBfdGFibGVzKEUpIHhfdGFibGVzKEUpIGF1dG9mczQo
RSkgZXh0NChFKSBjcmMzMmNfZ2VuZXJpYyhFKSBjcmMxNihFKSBtYmNhY2hlKEUpIGpiZDIoRSkg
aGlkX2dlbmVyaWMoRSkgdXNiaGlkKEUpIGhpZChFKSBhdGFfZ2VuZXJpYyhFKSB2aXJ0aW9fbmV0
KEUpIG5ldF9mYWlsb3ZlcihFKSBmYWlsb3ZlcihFKSB2aXJ0aW9fYmxrKEUpIHVoY2lfaGNkKEUp
IGFoY2koRSkgZWhjaV9oY2QoRSkgYXRhX3BpaXgoRSkgbGliYWhjaShFKSB2aXJ0aW9fcGNpKEUp
IHZpcnRpb19yaW5nKEUpIGNyYzMyY19pbnRlbChFKSBwc21vdXNlKEUpIHZpcnRpbyhFKSBsaWJh
dGEoRSkgaTJjX3BpaXg0KEUpIHVzYmNvcmUoRSkgc2NzaV9tb2QoRSkgZmxvcHB5KEUpCkphbiAx
NiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyMDVdIENQVTogMSBQSUQ6IDEy
NDcgQ29tbTogdGxqb2IuZXhlIFRhaW50ZWQ6IEcgICAgICAgICAgICBFICAgICA1LjQuMTItZGVi
aWFuNjQuYWxsKzEuMSAjMQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxMjA1XSBIYXJkd2FyZSBuYW1lOiBCb2NocyBCb2NocywgQklPUyBCb2NocyAwMS8wMS8yMDEx
CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyMDddIFJJUDogMDAx
MDpyZWZjb3VudF9pbmNfY2hlY2tlZCsweDI2LzB4MzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTIxMF0gQ29kZTogMDAgMDAgMDAgMDAgZTggOWIgZmYgZmYgZmYg
ODQgYzAgNzQgMDEgYzMgODAgM2QgN2UgZjEgY2UgMDAgMDAgNzUgZjYgNDggYzcgYzcgNDAgYmEg
YWQgYmQgYzYgMDUgNmUgZjEgY2UgMDAgMDEgZTggMTggMmIgYzcgZmYgPDBmPiAwYiBjMyAwZiAx
ZiA4MCAwMCAwMCAwMCAwMCA0MSA1NCA4YiAwNiA4MyBmOCBmZiA3NCAxZCAzMSBjOSAzOQpKYW4g
MTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxMjExXSBSU1A6IDAwMTg6ZmZm
ZmI5ZWEwMTE4Mzc2OCBFRkxBR1M6IDAwMDEwMjg2CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTJdIFJBWDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IGZmZmZiOWVh
MDExODM4MDggUkNYOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTNdIFJEWDogMDAwMDAwMDAwMDAwMDAwMSBSU0k6IDAwMDAwMDAw
MDAwMDAwOTYgUkRJOiAwMDAwMDAwMGZmZmZmZmZmCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTRdIFJCUDogZmZmZjkwMThmNGE4MTEwMCBSMDg6IDAwMDAwMDAw
MDAwMDAyMDQgUjA5OiAwMDAwMDAwMDAwMDAwMDA0CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTVdIFIxMDogMDAwMDAwMDAwMDAwMDAwMCBSMTE6IDAwMDAwMDAw
MDAwMDAwMDEgUjEyOiBmZmZmOTAxOGY1MGJiOWMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTVdIFIxMzogMDAwMDAwMDAwMDAwMDAwMCBSMTQ6IDAwMDAwMDAw
MDAwMDAwMDAgUjE1OiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTZdIEZTOiAgMDAwMDAwMDAwMDNmNDAwMCgwMDZiKSBHUzpmZmZm
OTAxOTNkYjAwMDAwKDAwNjMpIGtubEdTOjAwMDAwMDAwMDI4OTNiNDAKSmFuIDE2IDIwOjQxOjM3
IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTIxN10gQ1M6ICAwMDEwIERTOiAwMDJiIEVTOiAw
MDJiIENSMDogMDAwMDAwMDA4MDA1MDAzMwpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjE4XSBDUjI6IDAwMDA3ZmZjM2ExZDQ2NjggQ1IzOiAwMDAwMDAwMDdhYTll
MDAwIENSNDogMDAwMDAwMDAwMDA0MDZlMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIwXSBEUjA6IDAwMDAwMDAwMDAwMDAwMDAgRFIxOiAwMDAwMDAwMDAwMDAw
MDAwIERSMjogMDAwMDAwMDAwMDAwMDAwMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIxXSBEUjM6IDAwMDAwMDAwMDAwMDAwMDAgRFI2OiAwMDAwMDAwMGZmZmUw
ZmYwIERSNzogMDAwMDAwMDAwMDAwMDQwMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIxXSBDYWxsIFRyYWNlOgpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxMjQxXSAga2V5cmluZ19zZWFyY2hfcmN1KzB4ODcvMHg5MApKYW4gMTYg
MjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxMjY5XSAgc2VhcmNoX2NyZWRfa2V5
cmluZ3NfcmN1KzB4MmYvMHgxNzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAg
OTI0LjA5MTI4N10gIHNlYXJjaF9wcm9jZXNzX2tleXJpbmdzX3JjdSsweDExLzB4YzAKSmFuIDE2
IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTI5MF0gIHJlcXVlc3Rfa2V5X2Fu
ZF9saW5rKzB4MTE2LzB4NzYwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDky
NC4wOTEyOTNdICA/IGtleXJpbmdfYWxsb2MrMHg3MC8weDcwCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyOTVdICA/IGtleV9kZWZhdWx0X2NtcCsweDIwLzB4MjAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTI5OF0gIHJlcXVlc3Rf
a2V5X3RhZysweDQ0LzB4YTAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0
LjA5MTM0OV0gIG5mc19pZG1hcF9nZXRfa2V5KzB4MTE4LzB4MWYwIFtuZnN2NF0KSmFuIDE2IDIw
OjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTM2OF0gIG5mc19pZG1hcF9sb29rdXBf
aWQrMHgzMC8weDgwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAg
OTI0LjA5MTM3OF0gIG5mc19tYXBfbmFtZV90b191aWQrMHgxM2IvMHgxNTAgW25mc3Y0XQpKYW4g
MTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNDQxXSAgPyB4ZHJfc2V0X25l
eHRfYnVmZmVyKzB4MzIvMHhhMCBbc3VucnBjXQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNDUxXSAgZGVjb2RlX2dldGZhdHRyX2F0dHJzKzB4ZGJkLzB4MTExMCBb
bmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE0ODZdICA/
IG5mc19zZXRfY2FjaGVfaW52YWxpZCsweDMzLzB4YTAgW25mc10KSmFuIDE2IDIwOjQxOjM3IGtv
bnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTQ5NF0gIG5mczRfZGVjb2RlX2RpcmVudCsweDE3My8w
eDJiMCBbbmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1
MDFdICBuZnNfcmVhZGRpcl9wYWdlX2ZpbGxlcisweDE2MS8weDY1MCBbbmZzXQpKYW4gMTYgMjA6
NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTE3XSAgbmZzX3JlYWRkaXJfeGRyX3Rv
X2FycmF5KzB4MjBjLzB4M2QwIFtuZnNdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6
IFsgIDkyNC4wOTE1MjBdICA/IHhhc19zdG9yZSsweDFiNy8weDVlMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTI0XSAgPyBfX2FkZF90b19wYWdlX2NhY2hlX2xv
Y2tlZCsweDI0OC8weDM2MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxNTMwXSAgbmZzX3JlYWRkaXJfZmlsbGVyKzB4MWUvMHg4MCBbbmZzXQpKYW4gMTYgMjA6NDE6
Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTMxXSAgZG9fcmVhZF9jYWNoZV9wYWdlKzB4
MmU0LzB4ODEwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1Mzhd
ICA/IG5mc19yZWFkZGlyX3hkcl90b19hcnJheSsweDNkMC8weDNkMCBbbmZzXQpKYW4gMTYgMjA6
NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTQwXSAgPyB2ZXJpZnlfZGlyZW50X25h
bWUrMHgxNi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1
NDJdICA/IGZpbGxkaXI2NCsweDNhLzB4MTcwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJu
ZWw6IFsgIDkyNC4wOTE1NDhdICBuZnNfcmVhZGRpcisweDEyMi8weDRlMCBbbmZzXQpKYW4gMTYg
MjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTU2XSAgPyBuZnM0X3hkcl9kZWNf
bG9va3VwcCsweGQwLzB4ZDAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxNTU4XSAgaXRlcmF0ZV9kaXIrMHg5Mi8weDFhMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTYxXSAga3N5c19nZXRkZW50czY0KzB4OWMvMHgx
MzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTU2Ml0gID8gZmls
bGRpcisweDE3MC8weDE3MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxNTY0XSAgX19pYTMyX3N5c19nZXRkZW50czY0KzB4MTUvMHgyMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTY3XSAgZG9fZmFzdF9zeXNjYWxsXzMyKzB4OWEv
MHgyMTYKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTU3Ml0gIGVu
dHJ5X1NZU0VOVEVSX2NvbXBhdCsweDdmLzB4OTEKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtl
cm5lbDogWyAgOTI0LjA5MTU4MF0gLS0tWyBlbmQgdHJhY2UgNDMwOTg2NDZiNTk1ZDQ5MiBdLS0t
CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1OTldIC0tLS0tLS0t
LS0tLVsgY3V0IGhlcmUgXS0tLS0tLS0tLS0tLQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNTk5XSByZWZjb3VudF90OiB1bmRlcmZsb3c7IHVzZS1hZnRlci1mcmVl
LgpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNjA5XSBXQVJOSU5H
OiBDUFU6IDEgUElEOiAxMjQ3IGF0IGxpYi9yZWZjb3VudC5jOjE5MCByZWZjb3VudF9zdWJfYW5k
X3Rlc3RfY2hlY2tlZCsweDU1LzB4NjAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDog
WyAgOTI0LjA5MTYwOV0gTW9kdWxlcyBsaW5rZWQgaW46IHJwY3NlY19nc3Nfa3JiNShFKSBuZnN2
NChFKSBkbnNfcmVzb2x2ZXIoRSkgbmZzKEUpIGxvY2tkKEUpIGdyYWNlKEUpIGZzY2FjaGUoRSkg
aW50ZWxfcmFwbF9tc3IoRSkgaW50ZWxfcmFwbF9jb21tb24oRSkga3ZtX2ludGVsKEUpIGt2bShF
KSBpcnFieXBhc3MoRSkgYmluZm10X21pc2MoRSkgY3JjdDEwZGlmX3BjbG11bChFKSBjcmMzMl9w
Y2xtdWwoRSkgZ2hhc2hfY2xtdWxuaV9pbnRlbChFKSBhZXNuaV9pbnRlbChFKSBjcnlwdG9fc2lt
ZChFKSBjcnlwdGQoRSkgZ2x1ZV9oZWxwZXIoRSkgc25kX2hkYV9jb2RlY19nZW5lcmljKEUpIGxl
ZHRyaWdfYXVkaW8oRSkgc25kX2hkYV9pbnRlbChFKSBzbmRfaW50ZWxfbmhsdChFKSBzbmRfaGRh
X2NvZGVjKEUpIGNpcnJ1cyhFKSBzbmRfaGRhX2NvcmUoRSkgZHJtX2ttc19oZWxwZXIoRSkgc25k
X2h3ZGVwKEUpIHNuZF9wY20oRSkgc25kX3RpbWVyKEUpIHNuZChFKSBldmRldihFKSBqb3lkZXYo
RSkgc2VyaW9fcmF3KEUpIHBjc3BrcihFKSBzb3VuZGNvcmUoRSkgdmlydGlvX2JhbGxvb24oRSkg
ZHJtKEUpIGJ1dHRvbihFKSBhdXRoX3JwY2dzcyhFKSBzdW5ycGMoRSkgdmlydGlvX3JuZyhFKSBy
bmdfY29yZShFKSBpcF90YWJsZXMoRSkgeF90YWJsZXMoRSkgYXV0b2ZzNChFKSBleHQ0KEUpIGNy
YzMyY19nZW5lcmljKEUpIGNyYzE2KEUpIG1iY2FjaGUoRSkgamJkMihFKSBoaWRfZ2VuZXJpYyhF
KSB1c2JoaWQoRSkgaGlkKEUpIGF0YV9nZW5lcmljKEUpIHZpcnRpb19uZXQoRSkgbmV0X2ZhaWxv
dmVyKEUpIGZhaWxvdmVyKEUpIHZpcnRpb19ibGsoRSkgdWhjaV9oY2QoRSkgYWhjaShFKSBlaGNp
X2hjZChFKSBhdGFfcGlpeChFKSBsaWJhaGNpKEUpIHZpcnRpb19wY2koRSkgdmlydGlvX3Jpbmco
RSkgY3JjMzJjX2ludGVsKEUpIHBzbW91c2UoRSkgdmlydGlvKEUpIGxpYmF0YShFKSBpMmNfcGlp
eDQoRSkgdXNiY29yZShFKSBzY3NpX21vZChFKSBmbG9wcHkoRSkKSmFuIDE2IDIwOjQxOjM3IGtv
bnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTY0MF0gQ1BVOiAxIFBJRDogMTI0NyBDb21tOiB0bGpv
Yi5leGUgVGFpbnRlZDogRyAgICAgICAgVyAgIEUgICAgIDUuNC4xMi1kZWJpYW42NC5hbGwrMS4x
ICMxCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE2NDFdIEhhcmR3
YXJlIG5hbWU6IEJvY2hzIEJvY2hzLCBCSU9TIEJvY2hzIDAxLzAxLzIwMTEKSmFuIDE2IDIwOjQx
OjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTY0M10gUklQOiAwMDEwOnJlZmNvdW50X3N1
Yl9hbmRfdGVzdF9jaGVja2VkKzB4NTUvMHg2MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNjU5XSBDb2RlOiBlMCA0MSA1YyBjMyA0NCA4OSBlMCA0MSA1YyBjMyA0
NCAwZiBiNiAyNSAyMSBmMSBjZSAwMCA0NSA4NCBlNCA3NSBlNCA0OCBjNyBjNyA3MCBiYSBhZCBi
ZCBjNiAwNSAwZSBmMSBjZSAwMCAwMSBlOCBiOSAyYSBjNyBmZiA8MGY+IDBiIGViIGQwIDBmIDFm
IDgwIDAwIDAwIDAwIDAwIDQ4IDg5IGZlIGJmIDAxIDAwIDAwIDAwIGViIDk2IDY2CkphbiAxNiAy
MDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE2NjBdIFJTUDogMDAxODpmZmZmYjll
YTAxMTgzOGU4IEVGTEFHUzogMDAwMTAyODIKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2MV0gUkFYOiAwMDAwMDAwMDAwMDAwMDAwIFJCWDogMDAwMDAwMDAwMDAw
MDAxYiBSQ1g6IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2Ml0gUkRYOiAwMDAwMDAwMDAwMDAwMDAxIFJTSTogMDAwMDAwMDAwMDAw
MDA5MiBSREk6IDAwMDAwMDAwZmZmZmZmZmYKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2M10gUkJQOiBmZmZmOTAxOTNjMjliZjAwIFIwODogMDAwMDAwMDAwMDAw
MDIzOCBSMDk6IDAwMDAwMDAwMDAwMDAwMDQKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2M10gUjEwOiAwMDAwMDAwMDAwMDAwMDAwIFIxMTogMDAwMDAwMDAwMDAw
MDAwMSBSMTI6IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2NF0gUjEzOiBmZmZmZmZmZmMwYmUxOGE4IFIxNDogZmZmZjkwMTkzYzI5
YmYwMCBSMTU6IGZmZmY5MDE5M2FlNjkwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2NV0gRlM6ICAwMDAwMDAwMDAwM2Y0MDAwKDAwNmIpIEdTOmZmZmY5MDE5
M2RiMDAwMDAoMDA2Mykga25sR1M6MDAwMDAwMDAwMjg5M2I0MApKYW4gMTYgMjA6NDE6Mzcga29u
c3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNjY2XSBDUzogIDAwMTAgRFM6IDAwMmIgRVM6IDAwMmIg
Q1IwOiAwMDAwMDAwMDgwMDUwMDMzCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2NjddIENSMjogMDAwMDdmZmMzYTFkNDY2OCBDUjM6IDAwMDAwMDAwN2FhOWUwMDAg
Q1I0OiAwMDAwMDAwMDAwMDQwNmUwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODRdIERSMDogMDAwMDAwMDAwMDAwMDAwMCBEUjE6IDAwMDAwMDAwMDAwMDAwMDAg
RFIyOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODVdIERSMzogMDAwMDAwMDAwMDAwMDAwMCBEUjY6IDAwMDAwMDAwZmZmZTBmZjAg
RFI3OiAwMDAwMDAwMDAwMDAwNDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODVdIENhbGwgVHJhY2U6CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6
IFsgIDkyNC4wOTE2ODhdICBrZXlfcHV0KzB4Zi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFu
eiBrZXJuZWw6IFsgIDkyNC4wOTE2OTddICBuZnNfaWRtYXBfZ2V0X2tleSsweDFhYy8weDFmMCBb
bmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3MDVdICBu
ZnNfaWRtYXBfbG9va3VwX2lkKzB4MzAvMHg4MCBbbmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3MTNdICBuZnNfbWFwX25hbWVfdG9fdWlkKzB4MTNiLzB4
MTUwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTcy
Ml0gID8geGRyX3NldF9uZXh0X2J1ZmZlcisweDMyLzB4YTAgW3N1bnJwY10KSmFuIDE2IDIwOjQx
OjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTczMF0gIGRlY29kZV9nZXRmYXR0cl9hdHRy
cysweGRiZC8weDExMTAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBb
ICA5MjQuMDkxNzM2XSAgPyBuZnNfc2V0X2NhY2hlX2ludmFsaWQrMHgzMy8weGEwIFtuZnNdCkph
biAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3NDNdICBuZnM0X2RlY29k
ZV9kaXJlbnQrMHgxNzMvMHgyYjAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNzQ4XSAgbmZzX3JlYWRkaXJfcGFnZV9maWxsZXIrMHgxNjEvMHg2NTAg
W25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc1NF0gIG5m
c19yZWFkZGlyX3hkcl90b19hcnJheSsweDIwYy8weDNkMCBbbmZzXQpKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNzU2XSAgPyB4YXNfc3RvcmUrMHgxYjcvMHg1ZTAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc1OF0gID8gX19hZGRf
dG9fcGFnZV9jYWNoZV9sb2NrZWQrMHgyNDgvMHgzNjAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTc2M10gIG5mc19yZWFkZGlyX2ZpbGxlcisweDFlLzB4ODAgW25m
c10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc2NF0gIGRvX3Jl
YWRfY2FjaGVfcGFnZSsweDJlNC8weDgxMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxNzY5XSAgPyBuZnNfcmVhZGRpcl94ZHJfdG9fYXJyYXkrMHgzZDAvMHgzZDAg
W25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc3MV0gID8g
dmVyaWZ5X2RpcmVudF9uYW1lKzB4MTYvMHgzMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNzcyXSAgPyBmaWxsZGlyNjQrMHgzYS8weDE3MApKYW4gMTYgMjA6NDE6
Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNzkyXSAgbmZzX3JlYWRkaXIrMHgxMjIvMHg0
ZTAgW25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc5OV0g
ID8gbmZzNF94ZHJfZGVjX2xvb2t1cHArMHhkMC8weGQwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3
IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwMV0gIGl0ZXJhdGVfZGlyKzB4OTIvMHgxYTAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwM10gIGtzeXNfZ2V0
ZGVudHM2NCsweDljLzB4MTMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDky
NC4wOTE4MDVdICA/IGZpbGxkaXIrMHgxNzAvMHgxNzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTgwN10gIF9faWEzMl9zeXNfZ2V0ZGVudHM2NCsweDE1LzB4MjAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwOV0gIGRvX2Zhc3Rf
c3lzY2FsbF8zMisweDlhLzB4MjE2CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE4MTBdICBlbnRyeV9TWVNFTlRFUl9jb21wYXQrMHg3Zi8weDkxCkphbiAxNiAyMDo0
MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE4MTJdIC0tLVsgZW5kIHRyYWNlIDQzMDk4
NjQ2YjU5NWQ0OTMgXS0tLQoKCgo0LjE5Ljk2IHdvcmtzIGZpbmUuCgpSZWdhcmRzLAotLSAKV29s
ZmdhbmcgV2FsdGVyClN0dWRlbnRlbndlcmsgTfxuY2hlbgpBbnN0YWx0IGRlcyD2ZmZlbnRsaWNo
ZW4gUmVjaHRz
WARNING: multiple messages have this Message-ID (diff)
From: Wolfgang Walter <linux@stwm.de>
To: linux-kernel@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Subject: kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_lookup)
Date: Thu, 16 Jan 2020 21:29:19 +0100 [thread overview]
Message-ID: <3228186.u84BEOoAb4@stwm.de> (raw)
Hello,
with 5.4.5 and later (but didn't test lower 5.4 versions) I get the following kernel failure:
Jan 13 17:32:23 konstanz kernel: [2072916.589221] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.589228] refcount_t: increment on 0; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.589271] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589273] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pcm(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.589496] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.589497] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.589501] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589503] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 6e f9 ce 00 00 75 f6 48 c7 c7 f0 b1 8d 9d c6 05 5e f9 ce 00 01 e8 a8 32 c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 13 17:32:23 konstanz kernel: [2072916.589505] RSP: 0018:ffffb5f3809e3768 EFLAGS: 00010286
Jan 13 17:32:23 konstanz kernel: [2072916.589507] RAX: 0000000000000000 RBX: ffffb5f3809e3808 RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589508] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.589509] RBP: ffff8f08bbe3b300 R08: 0000000000000205 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.589510] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f08bd78fc00
Jan 13 17:32:23 konstanz kernel: [2072916.589511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589513] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.589515] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.589528] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.589534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.589537] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.589579] keyring_search_rcu+0x87/0x90
Jan 13 17:32:23 konstanz kernel: [2072916.589609] search_cred_keyrings_rcu+0x2f/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589614] search_process_keyrings_rcu+0x11/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589618] request_key_and_link+0x116/0x760
Jan 13 17:32:23 konstanz kernel: [2072916.589622] ? keyring_alloc+0x70/0x70
Jan 13 17:32:23 konstanz kernel: [2072916.589624] ? key_default_cmp+0x20/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589627] request_key_tag+0x44/0xa0
Jan 13 17:32:23 konstanz kernel: [2072916.589717] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589748] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589764] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589778] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589786] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.589789] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589803] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589868] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589890] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589894] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.589899] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.589909] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589911] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.589922] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589926] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589928] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589938] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589953] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589956] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.589960] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.589963] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589966] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589970] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.589979] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.589992] ---[ end trace 149edb431f1235b8 ]---
Jan 13 17:32:23 konstanz kernel: [2072916.590020] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.590021] refcount_t: underflow; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.590038] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590039] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E)
intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) c
ryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pc
m(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virti
o_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.590069] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G W E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.590070] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.590073] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590075] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 11 f9 ce 00 45 84 e4 75 e4 48 c7 c7 20 b2 8d 9d c6 05 fe f8 ce 00 01 e8 49 32 c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 13 17:32:23 konstanz kernel: [2072916.590076] RSP: 0018:ffffb5f3809e38e8 EFLAGS: 00010282
Jan 13 17:32:23 konstanz kernel: [2072916.590078] RAX: 0000000000000000 RBX: 000000000000001c RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590079] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.590080] RBP: ffff8f0867406200 R08: 0000000000000239 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.590081] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590082] R13: ffffffffc0aed8a8 R14: ffff8f0867406200 R15: ffff8f0874c284c0
Jan 13 17:32:23 konstanz kernel: [2072916.590084] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.590085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.590086] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.590091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.590093] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.590096] key_put+0xf/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590113] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590127] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590139] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590151] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590155] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.590157] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.590168] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590178] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590190] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590193] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.590196] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.590204] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590207] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.590215] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590218] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590220] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590228] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590240] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590243] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.590246] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.590249] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590252] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.590255] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.590257] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.590261] ---[ end trace 149edb431f1235b9 ]---
Here with 5.4.12:
Jan 16 20:26:18 konstanz kernel: [ 5.548117] Key type id_resolver registered
Jan 16 20:26:18 konstanz kernel: [ 5.548118] Key type id_legacy registered
Jan 16 20:41:37 konstanz kernel: [ 924.090960] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.090965] refcount_t: increment on 0; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091001] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091003] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091205] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091205] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091207] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091210] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 7e f1 ce 00 00 75 f6 48 c7 c7 40 ba ad bd c6 05 6e f1 ce 00 01 e8 18 2b c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 16 20:41:37 konstanz kernel: [ 924.091211] RSP: 0018:ffffb9ea01183768 EFLAGS: 00010286
Jan 16 20:41:37 konstanz kernel: [ 924.091212] RAX: 0000000000000000 RBX: ffffb9ea01183808 RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091213] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091214] RBP: ffff9018f4a81100 R08: 0000000000000204 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9018f50bb9c0
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091216] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091217] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091218] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091220] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091221] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091241] keyring_search_rcu+0x87/0x90
Jan 16 20:41:37 konstanz kernel: [ 924.091269] search_cred_keyrings_rcu+0x2f/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091287] search_process_keyrings_rcu+0x11/0xc0
Jan 16 20:41:37 konstanz kernel: [ 924.091290] request_key_and_link+0x116/0x760
Jan 16 20:41:37 konstanz kernel: [ 924.091293] ? keyring_alloc+0x70/0x70
Jan 16 20:41:37 konstanz kernel: [ 924.091295] ? key_default_cmp+0x20/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091298] request_key_tag+0x44/0xa0
Jan 16 20:41:37 konstanz kernel: [ 924.091349] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091368] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091378] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091441] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091451] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091486] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091494] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091501] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091517] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091520] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091524] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091530] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091531] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091538] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091540] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091542] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091548] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091556] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091558] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091561] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091562] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091564] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091567] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091572] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091580] ---[ end trace 43098646b595d492 ]---
Jan 16 20:41:37 konstanz kernel: [ 924.091599] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.091599] refcount_t: underflow; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091609] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091609] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091640] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G W E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091641] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091643] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091659] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 21 f1 ce 00 45 84 e4 75 e4 48 c7 c7 70 ba ad bd c6 05 0e f1 ce 00 01 e8 b9 2a c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 16 20:41:37 konstanz kernel: [ 924.091660] RSP: 0018:ffffb9ea011838e8 EFLAGS: 00010282
Jan 16 20:41:37 konstanz kernel: [ 924.091661] RAX: 0000000000000000 RBX: 000000000000001b RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091662] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091663] RBP: ffff90193c29bf00 R08: 0000000000000238 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091663] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091664] R13: ffffffffc0be18a8 R14: ffff90193c29bf00 R15: ffff90193ae69000
Jan 16 20:41:37 konstanz kernel: [ 924.091665] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091666] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091667] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091685] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091685] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091688] key_put+0xf/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091697] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091705] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091713] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091722] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091730] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091736] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091743] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091748] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091754] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091756] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091758] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091763] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091764] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091769] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091771] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091772] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091792] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091799] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091801] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091803] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091805] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091807] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091809] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091810] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091812] ---[ end trace 43098646b595d493 ]---
4.19.96 works fine.
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
next reply other threads:[~2020-01-16 20:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 20:29 Wolfgang Walter [this message]
2020-01-16 20:29 ` kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_lookup) Wolfgang Walter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3228186.u84BEOoAb4@stwm.de \
--to=linux@stwm.de \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.