* kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_
@ 2020-01-16 20:29 ` Wolfgang Walter
0 siblings, 0 replies; 2+ messages in thread
From: Wolfgang Walter @ 2020-01-16 20:29 UTC (permalink / raw)
To: linux-kernel; +Cc: David Howells, keyrings
SGVsbG8sCgp3aXRoIDUuNC41IGFuZCBsYXRlciAoYnV0IGRpZG4ndCB0ZXN0IGxvd2VyIDUuNCB2
ZXJzaW9ucykgSSBnZXQgdGhlIGZvbGxvd2luZyBrZXJuZWwgZmFpbHVyZToKCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTIyMV0gLS0tLS0tLS0tLS0tWyBjdXQg
aGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTIyOF0gcmVmY291bnRfdDogaW5jcmVtZW50IG9uIDA7IHVzZS1hZnRlci1mcmVlLgpK
YW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODkyNzFdIFdBUk5JTkc6
IENQVTogMSBQSUQ6IDI4ODEzIGF0IGxpYi9yZWZjb3VudC5jOjE1NiByZWZjb3VudF9pbmNfY2hl
Y2tlZCsweDI2LzB4MzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTg5MjczXSBNb2R1bGVzIGxpbmtlZCBpbjogcnBjc2VjX2dzc19rcmI1KEUpIG5mc3Y0KEUpIGRu
c19yZXNvbHZlcihFKSBuZnMoRSkgbG9ja2QoRSkgZ3JhY2UoRSkgZnNjYWNoZShFKSBiaW5mbXRf
bWlzYyhFKSBpbnRlbF9yYXBsX21zcihFKSBpbnRlbF9yYXBsX2NvbW1vbihFKSBrdm1faW50ZWwo
RSkga3ZtKEUpIGlycWJ5cGFzcyhFKSBjcmN0MTBkaWZfcGNsbXVsKEUpIGNyYzMyX3BjbG11bChF
KSBnaGFzaF9jbG11bG5pX2ludGVsKEUpIGFlc25pX2ludGVsKEUpIGNyeXB0b19zaW1kKEUpIGNy
eXB0ZChFKSBnbHVlX2hlbHBlcihFKSBzbmRfaGRhX2NvZGVjX2dlbmVyaWMoRSkgbGVkdHJpZ19h
dWRpbyhFKSBzbmRfaGRhX2ludGVsKEUpIHNuZF9pbnRlbF9uaGx0KEUpIHNuZF9oZGFfY29kZWMo
RSkgc25kX2hkYV9jb3JlKEUpIHNuZF9od2RlcChFKSBjaXJydXMoRSkgc25kX3BjbShFKSBldmRl
dihFKSBqb3lkZXYoRSkgc25kX3RpbWVyKEUpIHNlcmlvX3JhdyhFKSB2aXJ0aW9fYmFsbG9vbihF
KSBzbmQoRSkgZHJtX2ttc19oZWxwZXIoRSkgc291bmRjb3JlKEUpIHBjc3BrcihFKSBkcm0oRSkg
YnV0dG9uKEUpIGF1dGhfcnBjZ3NzKEUpIHN1bnJwYyhFKSB2aXJ0aW9fcm5nKEUpIHJuZ19jb3Jl
KEUpIGlwX3RhYmxlcyhFKSB4X3RhYmxlcyhFKSBhdXRvZnM0KEUpIGV4dDQoRSkgY3JjMzJjX2dl
bmVyaWMoRSkgY3JjMTYoRSkgbWJjYWNoZShFKSBqYmQyKEUpIGhpZF9nZW5lcmljKEUpIHVzYmhp
ZChFKSBoaWQoRSkgYXRhX2dlbmVyaWMoRSkgdmlydGlvX25ldChFKSBuZXRfZmFpbG92ZXIoRSkg
ZmFpbG92ZXIoRSkgdmlydGlvX2JsayhFKSB1aGNpX2hjZChFKSBlaGNpX2hjZChFKSBhaGNpKEUp
IGxpYmFoY2koRSkgYXRhX3BpaXgoRSkgY3JjMzJjX2ludGVsKEUpIHBzbW91c2UoRSkgaTJjX3Bp
aXg0KEUpIHVzYmNvcmUoRSkgdmlydGlvX3BjaShFKSBsaWJhdGEoRSkgdmlydGlvX3JpbmcoRSkg
dmlydGlvKEUpIHNjc2lfbW9kKEUpIGZsb3BweShFKQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41ODk0OTZdIENQVTogMSBQSUQ6IDI4ODEzIENvbW06IHRsam9iLmV4
ZSBUYWludGVkOiBHICAgICAgICAgICAgRSAgICAgNS40LjUtZGViaWFuNjQuYWxsKzEuMSAjMQpK
YW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk0OTddIEhhcmR3YXJl
IG5hbWU6IEJvY2hzIEJvY2hzLCBCSU9TIEJvY2hzIDAxLzAxLzIwMTEKSmFuIDEzIDE3OjMyOjIz
IGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NTAxXSBSSVA6IDAwMTA6cmVmY291bnRfaW5j
X2NoZWNrZWQrMHgyNi8weDMwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTUwM10gQ29kZTogMDAgMDAgMDAgMDAgZTggOWIgZmYgZmYgZmYgODQgYzAgNzQgMDEg
YzMgODAgM2QgNmUgZjkgY2UgMDAgMDAgNzUgZjYgNDggYzcgYzcgZjAgYjEgOGQgOWQgYzYgMDUg
NWUgZjkgY2UgMDAgMDEgZTggYTggMzIgYzcgZmYgPDBmPiAwYiBjMyAwZiAxZiA4MCAwMCAwMCAw
MCAwMCA0MSA1NCA4YiAwNiA4MyBmOCBmZiA3NCAxZCAzMSBjOSAzOQpKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1MDVdIFJTUDogMDAxODpmZmZmYjVmMzgwOWUz
NzY4IEVGTEFHUzogMDAwMTAyODYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIw
NzI5MTYuNTg5NTA3XSBSQVg6IDAwMDAwMDAwMDAwMDAwMDAgUkJYOiBmZmZmYjVmMzgwOWUzODA4
IFJDWDogMDAwMDAwMDAwMDAwMDAwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBb
MjA3MjkxNi41ODk1MDhdIFJEWDogMDAwMDAwMDAwMDAwMDAwMSBSU0k6IDAwMDAwMDAwMDAwMDAw
OTYgUkRJOiAwMDAwMDAwMGZmZmZmZmZmCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU4OTUwOV0gUkJQOiBmZmZmOGYwOGJiZTNiMzAwIFIwODogMDAwMDAwMDAwMDAw
MDIwNSBSMDk6IDAwMDAwMDAwMDAwMDAwMDQKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5l
bDogWzIwNzI5MTYuNTg5NTEwXSBSMTA6IDAwMDAwMDAwMDAwMDAwMDAgUjExOiAwMDAwMDAwMDAw
MDAwMDAxIFIxMjogZmZmZjhmMDhiZDc4ZmMwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2Vy
bmVsOiBbMjA3MjkxNi41ODk1MTFdIFIxMzogMDAwMDAwMDAwMDAwMDAwMCBSMTQ6IDAwMDAwMDAw
MDAwMDAwMDAgUjE1OiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBr
ZXJuZWw6IFsyMDcyOTE2LjU4OTUxM10gRlM6ICAwMDAwMDAwMDAwM2Y0MDAwKDAwNmIpIEdTOmZm
ZmY4ZjA4YmRiMDAwMDAoMDA2Mykga25sR1M6MDAwMDAwMDAwMjg5M2I0MApKYW4gMTMgMTc6MzI6
MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1MTVdIENTOiAgMDAxMCBEUzogMDAyYiBF
UzogMDAyYiBDUjA6IDAwMDAwMDAwODAwNTAwMzMKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtl
cm5lbDogWzIwNzI5MTYuNTg5NTI4XSBDUjI6IDAwMDAwMDAwMTAwMjg2MDAgQ1IzOiAwMDAwMDAw
MDI2ZWNlMDAwIENSNDogMDAwMDAwMDAwMDA0MDZlMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41ODk1MzRdIERSMDogMDAwMDAwMDAwMDAwMDAwMCBEUjE6IDAwMDAw
MDAwMDAwMDAwMDAgRFIyOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFu
eiBrZXJuZWw6IFsyMDcyOTE2LjU4OTUzNV0gRFIzOiAwMDAwMDAwMDAwMDAwMDAwIERSNjogMDAw
MDAwMDBmZmZlMGZmMCBEUjc6IDAwMDAwMDAwMDAwMDA0MDAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0
YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NTM3XSBDYWxsIFRyYWNlOgpKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk1NzldICBrZXlyaW5nX3NlYXJjaF9yY3UrMHg4
Ny8weDkwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTYwOV0g
IHNlYXJjaF9jcmVkX2tleXJpbmdzX3JjdSsweDJmLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25z
dGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTYxNF0gIHNlYXJjaF9wcm9jZXNzX2tleXJpbmdzX3Jj
dSsweDExLzB4YzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5
NjE4XSAgcmVxdWVzdF9rZXlfYW5kX2xpbmsrMHgxMTYvMHg3NjAKSmFuIDEzIDE3OjMyOjIzIGtv
bnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NjIyXSAgPyBrZXlyaW5nX2FsbG9jKzB4NzAvMHg3
MApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk2MjRdICA/IGtl
eV9kZWZhdWx0X2NtcCsweDIwLzB4MjAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDog
WzIwNzI5MTYuNTg5NjI3XSAgcmVxdWVzdF9rZXlfdGFnKzB4NDQvMHhhMApKYW4gMTMgMTc6MzI6
MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk3MTddICBuZnNfaWRtYXBfZ2V0X2tleSsw
eDExOC8weDFmMCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcy
OTE2LjU4OTc0OF0gIG5mc19pZG1hcF9sb29rdXBfaWQrMHgzMC8weDgwIFtuZnN2NF0KSmFuIDEz
IDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5NzY0XSAgbmZzX21hcF9uYW1l
X3RvX3VpZCsweDEzYi8weDE1MCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJu
ZWw6IFsyMDcyOTE2LjU4OTc3OF0gIGRlY29kZV9nZXRmYXR0cl9hdHRycysweGRiZC8weDExMTAg
W25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk3ODZd
ICA/IF9yYXdfc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSsweDIwLzB4NDAKSmFuIDEzIDE3OjMyOjIz
IGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTg5Nzg5XSAgPyBfX3dha2VfdXBfY29tbW9uX2xv
Y2srMHg4YS8weGMwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4
OTgwM10gIG5mczRfZGVjb2RlX2RpcmVudCsweDE3My8weDJiMCBbbmZzdjRdCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTg2OF0gIG5mc19yZWFkZGlyX3BhZ2Vf
ZmlsbGVyKzB4MTYxLzB4NjUwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU4OTg5MF0gIG5mc19yZWFkZGlyX3hkcl90b19hcnJheSsweDIwYy8weDNkMCBb
bmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk4OTRdICA/
IHhhc19zdG9yZSsweDFiNy8weDVlMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBb
MjA3MjkxNi41ODk4OTldICA/IF9fYWRkX3RvX3BhZ2VfY2FjaGVfbG9ja2VkKzB4MjU4LzB4MzYw
CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkwOV0gIG5mc19y
ZWFkZGlyX2ZpbGxlcisweDFlLzB4ODAgW25mc10KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtl
cm5lbDogWzIwNzI5MTYuNTg5OTExXSAgZG9fcmVhZF9jYWNoZV9wYWdlKzB4MmU0LzB4ODEwCkph
biAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkyMl0gID8gbmZzX3Jl
YWRkaXJfeGRyX3RvX2FycmF5KzB4M2QwLzB4M2QwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25z
dGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTkyNl0gID8gdmVyaWZ5X2RpcmVudF9uYW1lKzB4MTYv
MHgzMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5MjhdICA/
IGZpbGxkaXI2NCsweDNhLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsy
MDcyOTE2LjU4OTkzOF0gIG5mc19yZWFkZGlyKzB4MTIyLzB4NGUwIFtuZnNdCkphbiAxMyAxNzoz
MjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTk1M10gID8gbmZzNF94ZHJfZGVjX2xv
b2t1cHArMHhkMC8weGQwIFtuZnN2NF0KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDog
WzIwNzI5MTYuNTg5OTU2XSAgaXRlcmF0ZV9kaXIrMHg5Mi8weDFhMApKYW4gMTMgMTc6MzI6MjMg
a29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NjBdICBrc3lzX2dldGRlbnRzNjQrMHg5Yy8w
eDEzMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NjNdICA/
IGZpbGxkaXIrMHgxNzAvMHgxNzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIw
NzI5MTYuNTg5OTY2XSAgX19pYTMyX3N5c19nZXRkZW50czY0KzB4MTUvMHgyMApKYW4gMTMgMTc6
MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41ODk5NzBdICBkb19mYXN0X3N5c2NhbGxf
MzIrMHg5YS8weDIxNgpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
ODk5NzldICBlbnRyeV9TWVNFTlRFUl9jb21wYXQrMHg3Zi8weDkxCkphbiAxMyAxNzozMjoyMyBr
b25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU4OTk5Ml0gLS0tWyBlbmQgdHJhY2UgMTQ5ZWRiNDMx
ZjEyMzViOCBdLS0tCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDAyMF0gLS0tLS0tLS0tLS0tWyBjdXQgaGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDAyMV0gcmVmY291bnRfdDogdW5kZXJmbG93
OyB1c2UtYWZ0ZXItZnJlZS4KSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5
MTYuNTkwMDM4XSBXQVJOSU5HOiBDUFU6IDEgUElEOiAyODgxMyBhdCBsaWIvcmVmY291bnQuYzox
OTAgcmVmY291bnRfc3ViX2FuZF90ZXN0X2NoZWNrZWQrMHg1NS8weDYwCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDAzOV0gTW9kdWxlcyBsaW5rZWQgaW46IHJw
Y3NlY19nc3Nfa3JiNShFKSBuZnN2NChFKSBkbnNfcmVzb2x2ZXIoRSkgbmZzKEUpIGxvY2tkKEUp
IGdyYWNlKEUpIGZzY2FjaGUoRSkgYmluZm10X21pc2MoRSkKIGludGVsX3JhcGxfbXNyKEUpIGlu
dGVsX3JhcGxfY29tbW9uKEUpIGt2bV9pbnRlbChFKSBrdm0oRSkgaXJxYnlwYXNzKEUpIGNyY3Qx
MGRpZl9wY2xtdWwoRSkgY3JjMzJfcGNsbXVsKEUpIGdoYXNoX2NsbXVsbmlfaW50ZWwoRSkgYWVz
bmlfaW50ZWwoRSkgY3J5cHRvX3NpbWQoRSkgYwpyeXB0ZChFKSBnbHVlX2hlbHBlcihFKSBzbmRf
aGRhX2NvZGVjX2dlbmVyaWMoRSkgbGVkdHJpZ19hdWRpbyhFKSBzbmRfaGRhX2ludGVsKEUpIHNu
ZF9pbnRlbF9uaGx0KEUpIHNuZF9oZGFfY29kZWMoRSkgc25kX2hkYV9jb3JlKEUpIHNuZF9od2Rl
cChFKSBjaXJydXMoRSkgc25kX3BjCm0oRSkgZXZkZXYoRSkgam95ZGV2KEUpIHNuZF90aW1lcihF
KSBzZXJpb19yYXcoRSkgdmlydGlvX2JhbGxvb24oRSkgc25kKEUpIGRybV9rbXNfaGVscGVyKEUp
IHNvdW5kY29yZShFKSBwY3Nwa3IoRSkgZHJtKEUpIGJ1dHRvbihFKSBhdXRoX3JwY2dzcyhFKSBz
dW5ycGMoRSkgdmlydGkKb19ybmcoRSkgcm5nX2NvcmUoRSkgaXBfdGFibGVzKEUpIHhfdGFibGVz
KEUpIGF1dG9mczQoRSkgZXh0NChFKSBjcmMzMmNfZ2VuZXJpYyhFKSBjcmMxNihFKSBtYmNhY2hl
KEUpIGpiZDIoRSkgaGlkX2dlbmVyaWMoRSkgdXNiaGlkKEUpIGhpZChFKSBhdGFfZ2VuZXJpYyhF
KSB2aXJ0aW9fbmV0KEUpIG5ldF9mYWlsb3ZlcihFKSBmYWlsb3ZlcihFKSB2aXJ0aW9fYmxrKEUp
IHVoY2lfaGNkKEUpIGVoY2lfaGNkKEUpIGFoY2koRSkgbGliYWhjaShFKSBhdGFfcGlpeChFKSBj
cmMzMmNfaW50ZWwoRSkgcHNtb3VzZShFKSBpMmNfcGlpeDQoRSkgdXNiY29yZShFKSB2aXJ0aW9f
cGNpKEUpIGxpYmF0YShFKSB2aXJ0aW9fcmluZyhFKSB2aXJ0aW8oRSkgc2NzaV9tb2QoRSkgZmxv
cHB5KEUpCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDA2OV0g
Q1BVOiAxIFBJRDogMjg4MTMgQ29tbTogdGxqb2IuZXhlIFRhaW50ZWQ6IEcgICAgICAgIFcgICBF
ICAgICA1LjQuNS1kZWJpYW42NC5hbGwrMS4xICMxCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBr
ZXJuZWw6IFsyMDcyOTE2LjU5MDA3MF0gSGFyZHdhcmUgbmFtZTogQm9jaHMgQm9jaHMsIEJJT1Mg
Qm9jaHMgMDEvMDEvMjAxMQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3Mjkx
Ni41OTAwNzNdIFJJUDogMDAxMDpyZWZjb3VudF9zdWJfYW5kX3Rlc3RfY2hlY2tlZCsweDU1LzB4
NjAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMDc1XSBDb2Rl
OiBlMCA0MSA1YyBjMyA0NCA4OSBlMCA0MSA1YyBjMyA0NCAwZiBiNiAyNSAxMSBmOSBjZSAwMCA0
NSA4NCBlNCA3NSBlNCA0OCBjNyBjNyAyMCBiMiA4ZCA5ZCBjNiAwNSBmZSBmOCBjZSAwMCAwMSBl
OCA0OSAzMiBjNyBmZiA8MGY+IDBiIGViIGQwIDBmIDFmIDgwIDAwIDAwIDAwIDAwIDQ4IDg5IGZl
IGJmIDAxIDAwIDAwIDAwIGViIDk2IDY2CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU5MDA3Nl0gUlNQOiAwMDE4OmZmZmZiNWYzODA5ZTM4ZTggRUZMQUdTOiAwMDAx
MDI4MgpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAwNzhdIFJB
WDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IDAwMDAwMDAwMDAwMDAwMWMgUkNYOiAwMDAwMDAwMDAw
MDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDA3OV0g
UkRYOiAwMDAwMDAwMDAwMDAwMDAxIFJTSTogMDAwMDAwMDAwMDAwMDA5MiBSREk6IDAwMDAwMDAw
ZmZmZmZmZmYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMDgw
XSBSQlA6IGZmZmY4ZjA4Njc0MDYyMDAgUjA4OiAwMDAwMDAwMDAwMDAwMjM5IFIwOTogMDAwMDAw
MDAwMDAwMDAwNApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAw
ODFdIFIxMDogMDAwMDAwMDAwMDAwMDAwMCBSMTE6IDAwMDAwMDAwMDAwMDAwMDEgUjEyOiAwMDAw
MDAwMDAwMDAwMDAwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDA4Ml0gUjEzOiBmZmZmZmZmZmMwYWVkOGE4IFIxNDogZmZmZjhmMDg2NzQwNjIwMCBSMTU6IGZm
ZmY4ZjA4NzRjMjg0YzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTkwMDg0XSBGUzogIDAwMDAwMDAwMDAzZjQwMDAoMDA2YikgR1M6ZmZmZjhmMDhiZGIwMDAwMCgw
MDYzKSBrbmxHUzowMDAwMDAwMDAyODkzYjQwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJu
ZWw6IFsyMDcyOTE2LjU5MDA4NV0gQ1M6ICAwMDEwIERTOiAwMDJiIEVTOiAwMDJiIENSMDogMDAw
MDAwMDA4MDA1MDAzMwpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
OTAwODZdIENSMjogMDAwMDAwMDAxMDAyODYwMCBDUjM6IDAwMDAwMDAwMjZlY2UwMDAgQ1I0OiAw
MDAwMDAwMDAwMDQwNmUwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2
LjU5MDA5MV0gRFIwOiAwMDAwMDAwMDAwMDAwMDAwIERSMTogMDAwMDAwMDAwMDAwMDAwMCBEUjI6
IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5
MTYuNTkwMDkyXSBEUjM6IDAwMDAwMDAwMDAwMDAwMDAgRFI2OiAwMDAwMDAwMGZmZmUwZmYwIERS
NzogMDAwMDAwMDAwMDAwMDQwMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3
MjkxNi41OTAwOTNdIENhbGwgVHJhY2U6CkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6
IFsyMDcyOTE2LjU5MDA5Nl0gIGtleV9wdXQrMHhmLzB4MzAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0
YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTEzXSAgbmZzX2lkbWFwX2dldF9rZXkrMHgxYWMvMHgx
ZjAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAx
MjddICBuZnNfaWRtYXBfbG9va3VwX2lkKzB4MzAvMHg4MCBbbmZzdjRdCkphbiAxMyAxNzozMjoy
MyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5MDEzOV0gIG5mc19tYXBfbmFtZV90b191aWQr
MHgxM2IvMHgxNTAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3
MjkxNi41OTAxNTFdICBkZWNvZGVfZ2V0ZmF0dHJfYXR0cnMrMHhkYmQvMHgxMTEwIFtuZnN2NF0K
SmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTU1XSAgPyBfcmF3
X3NwaW5fdW5sb2NrX2lycXJlc3RvcmUrMHgyMC8weDQwCkphbiAxMyAxNzozMjoyMyBrb25zdGFu
eiBrZXJuZWw6IFsyMDcyOTE2LjU5MDE1N10gID8gX193YWtlX3VwX2NvbW1vbl9sb2NrKzB4OGEv
MHhjMApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAxNjhdICBu
ZnM0X2RlY29kZV9kaXJlbnQrMHgxNzMvMHgyYjAgW25mc3Y0XQpKYW4gMTMgMTc6MzI6MjMga29u
c3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAxNzhdICBuZnNfcmVhZGRpcl9wYWdlX2ZpbGxlcisw
eDE2MS8weDY1MCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3Mjkx
Ni41OTAxOTBdICBuZnNfcmVhZGRpcl94ZHJfdG9fYXJyYXkrMHgyMGMvMHgzZDAgW25mc10KSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMTkzXSAgPyB4YXNfc3Rv
cmUrMHgxYjcvMHg1ZTAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYu
NTkwMTk2XSAgPyBfX2FkZF90b19wYWdlX2NhY2hlX2xvY2tlZCsweDI1OC8weDM2MApKYW4gMTMg
MTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyMDRdICBuZnNfcmVhZGRpcl9m
aWxsZXIrMHgxZS8weDgwIFtuZnNdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsy
MDcyOTE2LjU5MDIwN10gIGRvX3JlYWRfY2FjaGVfcGFnZSsweDJlNC8weDgxMApKYW4gMTMgMTc6
MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyMTVdICA/IG5mc19yZWFkZGlyX3hk
cl90b19hcnJheSsweDNkMC8weDNkMCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2Vy
bmVsOiBbMjA3MjkxNi41OTAyMThdICA/IHZlcmlmeV9kaXJlbnRfbmFtZSsweDE2LzB4MzAKSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjIwXSAgPyBmaWxsZGly
NjQrMHgzYS8weDE3MApKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnoga2VybmVsOiBbMjA3MjkxNi41
OTAyMjhdICBuZnNfcmVhZGRpcisweDEyMi8weDRlMCBbbmZzXQpKYW4gMTMgMTc6MzI6MjMga29u
c3Rhbnoga2VybmVsOiBbMjA3MjkxNi41OTAyNDBdICA/IG5mczRfeGRyX2RlY19sb29rdXBwKzB4
ZDAvMHhkMCBbbmZzdjRdCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2
LjU5MDI0M10gIGl0ZXJhdGVfZGlyKzB4OTIvMHgxYTAKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56
IGtlcm5lbDogWzIwNzI5MTYuNTkwMjQ2XSAga3N5c19nZXRkZW50czY0KzB4OWMvMHgxMzAKSmFu
IDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjQ5XSAgPyBmaWxsZGly
KzB4MTcwLzB4MTcwCkphbiAxMyAxNzozMjoyMyBrb25zdGFueiBrZXJuZWw6IFsyMDcyOTE2LjU5
MDI1Ml0gIF9faWEzMl9zeXNfZ2V0ZGVudHM2NCsweDE1LzB4MjAKSmFuIDEzIDE3OjMyOjIzIGtv
bnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjU1XSAgZG9fZmFzdF9zeXNjYWxsXzMyKzB4OWEv
MHgyMTYKSmFuIDEzIDE3OjMyOjIzIGtvbnN0YW56IGtlcm5lbDogWzIwNzI5MTYuNTkwMjU3XSAg
ZW50cnlfU1lTRU5URVJfY29tcGF0KzB4N2YvMHg5MQpKYW4gMTMgMTc6MzI6MjMga29uc3Rhbnog
a2VybmVsOiBbMjA3MjkxNi41OTAyNjFdIC0tLVsgZW5kIHRyYWNlIDE0OWVkYjQzMWYxMjM1Yjkg
XS0tLQoKCgoKCkhlcmUgd2l0aCA1LjQuMTI6CgoKCkphbiAxNiAyMDoyNjoxOCBrb25zdGFueiBr
ZXJuZWw6IFsgICAgNS41NDgxMTddIEtleSB0eXBlIGlkX3Jlc29sdmVyIHJlZ2lzdGVyZWQKSmFu
IDE2IDIwOjI2OjE4IGtvbnN0YW56IGtlcm5lbDogWyAgICA1LjU0ODExOF0gS2V5IHR5cGUgaWRf
bGVnYWN5IHJlZ2lzdGVyZWQKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0
LjA5MDk2MF0gLS0tLS0tLS0tLS0tWyBjdXQgaGVyZSBdLS0tLS0tLS0tLS0tCkphbiAxNiAyMDo0
MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTA5NjVdIHJlZmNvdW50X3Q6IGluY3JlbWVu
dCBvbiAwOyB1c2UtYWZ0ZXItZnJlZS4KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDog
WyAgOTI0LjA5MTAwMV0gV0FSTklORzogQ1BVOiAxIFBJRDogMTI0NyBhdCBsaWIvcmVmY291bnQu
YzoxNTYgcmVmY291bnRfaW5jX2NoZWNrZWQrMHgyNi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTEwMDNdIE1vZHVsZXMgbGlua2VkIGluOiBycGNzZWNfZ3Nz
X2tyYjUoRSkgbmZzdjQoRSkgZG5zX3Jlc29sdmVyKEUpIG5mcyhFKSBsb2NrZChFKSBncmFjZShF
KSBmc2NhY2hlKEUpIGludGVsX3JhcGxfbXNyKEUpIGludGVsX3JhcGxfY29tbW9uKEUpIGt2bV9p
bnRlbChFKSBrdm0oRSkgaXJxYnlwYXNzKEUpIGJpbmZtdF9taXNjKEUpIGNyY3QxMGRpZl9wY2xt
dWwoRSkgY3JjMzJfcGNsbXVsKEUpIGdoYXNoX2NsbXVsbmlfaW50ZWwoRSkgYWVzbmlfaW50ZWwo
RSkgY3J5cHRvX3NpbWQoRSkgY3J5cHRkKEUpIGdsdWVfaGVscGVyKEUpIHNuZF9oZGFfY29kZWNf
Z2VuZXJpYyhFKSBsZWR0cmlnX2F1ZGlvKEUpIHNuZF9oZGFfaW50ZWwoRSkgc25kX2ludGVsX25o
bHQoRSkgc25kX2hkYV9jb2RlYyhFKSBjaXJydXMoRSkgc25kX2hkYV9jb3JlKEUpIGRybV9rbXNf
aGVscGVyKEUpIHNuZF9od2RlcChFKSBzbmRfcGNtKEUpIHNuZF90aW1lcihFKSBzbmQoRSkgZXZk
ZXYoRSkgam95ZGV2KEUpIHNlcmlvX3JhdyhFKSBwY3Nwa3IoRSkgc291bmRjb3JlKEUpIHZpcnRp
b19iYWxsb29uKEUpIGRybShFKSBidXR0b24oRSkgYXV0aF9ycGNnc3MoRSkgc3VucnBjKEUpIHZp
cnRpb19ybmcoRSkgcm5nX2NvcmUoRSkgaXBfdGFibGVzKEUpIHhfdGFibGVzKEUpIGF1dG9mczQo
RSkgZXh0NChFKSBjcmMzMmNfZ2VuZXJpYyhFKSBjcmMxNihFKSBtYmNhY2hlKEUpIGpiZDIoRSkg
aGlkX2dlbmVyaWMoRSkgdXNiaGlkKEUpIGhpZChFKSBhdGFfZ2VuZXJpYyhFKSB2aXJ0aW9fbmV0
KEUpIG5ldF9mYWlsb3ZlcihFKSBmYWlsb3ZlcihFKSB2aXJ0aW9fYmxrKEUpIHVoY2lfaGNkKEUp
IGFoY2koRSkgZWhjaV9oY2QoRSkgYXRhX3BpaXgoRSkgbGliYWhjaShFKSB2aXJ0aW9fcGNpKEUp
IHZpcnRpb19yaW5nKEUpIGNyYzMyY19pbnRlbChFKSBwc21vdXNlKEUpIHZpcnRpbyhFKSBsaWJh
dGEoRSkgaTJjX3BpaXg0KEUpIHVzYmNvcmUoRSkgc2NzaV9tb2QoRSkgZmxvcHB5KEUpCkphbiAx
NiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyMDVdIENQVTogMSBQSUQ6IDEy
NDcgQ29tbTogdGxqb2IuZXhlIFRhaW50ZWQ6IEcgICAgICAgICAgICBFICAgICA1LjQuMTItZGVi
aWFuNjQuYWxsKzEuMSAjMQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxMjA1XSBIYXJkd2FyZSBuYW1lOiBCb2NocyBCb2NocywgQklPUyBCb2NocyAwMS8wMS8yMDEx
CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyMDddIFJJUDogMDAx
MDpyZWZjb3VudF9pbmNfY2hlY2tlZCsweDI2LzB4MzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTIxMF0gQ29kZTogMDAgMDAgMDAgMDAgZTggOWIgZmYgZmYgZmYg
ODQgYzAgNzQgMDEgYzMgODAgM2QgN2UgZjEgY2UgMDAgMDAgNzUgZjYgNDggYzcgYzcgNDAgYmEg
YWQgYmQgYzYgMDUgNmUgZjEgY2UgMDAgMDEgZTggMTggMmIgYzcgZmYgPDBmPiAwYiBjMyAwZiAx
ZiA4MCAwMCAwMCAwMCAwMCA0MSA1NCA4YiAwNiA4MyBmOCBmZiA3NCAxZCAzMSBjOSAzOQpKYW4g
MTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxMjExXSBSU1A6IDAwMTg6ZmZm
ZmI5ZWEwMTE4Mzc2OCBFRkxBR1M6IDAwMDEwMjg2CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTJdIFJBWDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IGZmZmZiOWVh
MDExODM4MDggUkNYOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTNdIFJEWDogMDAwMDAwMDAwMDAwMDAwMSBSU0k6IDAwMDAwMDAw
MDAwMDAwOTYgUkRJOiAwMDAwMDAwMGZmZmZmZmZmCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTRdIFJCUDogZmZmZjkwMThmNGE4MTEwMCBSMDg6IDAwMDAwMDAw
MDAwMDAyMDQgUjA5OiAwMDAwMDAwMDAwMDAwMDA0CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTVdIFIxMDogMDAwMDAwMDAwMDAwMDAwMCBSMTE6IDAwMDAwMDAw
MDAwMDAwMDEgUjEyOiBmZmZmOTAxOGY1MGJiOWMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTVdIFIxMzogMDAwMDAwMDAwMDAwMDAwMCBSMTQ6IDAwMDAwMDAw
MDAwMDAwMDAgUjE1OiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBr
ZXJuZWw6IFsgIDkyNC4wOTEyMTZdIEZTOiAgMDAwMDAwMDAwMDNmNDAwMCgwMDZiKSBHUzpmZmZm
OTAxOTNkYjAwMDAwKDAwNjMpIGtubEdTOjAwMDAwMDAwMDI4OTNiNDAKSmFuIDE2IDIwOjQxOjM3
IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTIxN10gQ1M6ICAwMDEwIERTOiAwMDJiIEVTOiAw
MDJiIENSMDogMDAwMDAwMDA4MDA1MDAzMwpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjE4XSBDUjI6IDAwMDA3ZmZjM2ExZDQ2NjggQ1IzOiAwMDAwMDAwMDdhYTll
MDAwIENSNDogMDAwMDAwMDAwMDA0MDZlMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIwXSBEUjA6IDAwMDAwMDAwMDAwMDAwMDAgRFIxOiAwMDAwMDAwMDAwMDAw
MDAwIERSMjogMDAwMDAwMDAwMDAwMDAwMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIxXSBEUjM6IDAwMDAwMDAwMDAwMDAwMDAgRFI2OiAwMDAwMDAwMGZmZmUw
ZmYwIERSNzogMDAwMDAwMDAwMDAwMDQwMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxMjIxXSBDYWxsIFRyYWNlOgpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxMjQxXSAga2V5cmluZ19zZWFyY2hfcmN1KzB4ODcvMHg5MApKYW4gMTYg
MjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxMjY5XSAgc2VhcmNoX2NyZWRfa2V5
cmluZ3NfcmN1KzB4MmYvMHgxNzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAg
OTI0LjA5MTI4N10gIHNlYXJjaF9wcm9jZXNzX2tleXJpbmdzX3JjdSsweDExLzB4YzAKSmFuIDE2
IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTI5MF0gIHJlcXVlc3Rfa2V5X2Fu
ZF9saW5rKzB4MTE2LzB4NzYwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDky
NC4wOTEyOTNdICA/IGtleXJpbmdfYWxsb2MrMHg3MC8weDcwCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTEyOTVdICA/IGtleV9kZWZhdWx0X2NtcCsweDIwLzB4MjAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTI5OF0gIHJlcXVlc3Rf
a2V5X3RhZysweDQ0LzB4YTAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0
LjA5MTM0OV0gIG5mc19pZG1hcF9nZXRfa2V5KzB4MTE4LzB4MWYwIFtuZnN2NF0KSmFuIDE2IDIw
OjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTM2OF0gIG5mc19pZG1hcF9sb29rdXBf
aWQrMHgzMC8weDgwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAg
OTI0LjA5MTM3OF0gIG5mc19tYXBfbmFtZV90b191aWQrMHgxM2IvMHgxNTAgW25mc3Y0XQpKYW4g
MTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNDQxXSAgPyB4ZHJfc2V0X25l
eHRfYnVmZmVyKzB4MzIvMHhhMCBbc3VucnBjXQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNDUxXSAgZGVjb2RlX2dldGZhdHRyX2F0dHJzKzB4ZGJkLzB4MTExMCBb
bmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE0ODZdICA/
IG5mc19zZXRfY2FjaGVfaW52YWxpZCsweDMzLzB4YTAgW25mc10KSmFuIDE2IDIwOjQxOjM3IGtv
bnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTQ5NF0gIG5mczRfZGVjb2RlX2RpcmVudCsweDE3My8w
eDJiMCBbbmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1
MDFdICBuZnNfcmVhZGRpcl9wYWdlX2ZpbGxlcisweDE2MS8weDY1MCBbbmZzXQpKYW4gMTYgMjA6
NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTE3XSAgbmZzX3JlYWRkaXJfeGRyX3Rv
X2FycmF5KzB4MjBjLzB4M2QwIFtuZnNdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6
IFsgIDkyNC4wOTE1MjBdICA/IHhhc19zdG9yZSsweDFiNy8weDVlMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTI0XSAgPyBfX2FkZF90b19wYWdlX2NhY2hlX2xv
Y2tlZCsweDI0OC8weDM2MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxNTMwXSAgbmZzX3JlYWRkaXJfZmlsbGVyKzB4MWUvMHg4MCBbbmZzXQpKYW4gMTYgMjA6NDE6
Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTMxXSAgZG9fcmVhZF9jYWNoZV9wYWdlKzB4
MmU0LzB4ODEwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1Mzhd
ICA/IG5mc19yZWFkZGlyX3hkcl90b19hcnJheSsweDNkMC8weDNkMCBbbmZzXQpKYW4gMTYgMjA6
NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTQwXSAgPyB2ZXJpZnlfZGlyZW50X25h
bWUrMHgxNi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1
NDJdICA/IGZpbGxkaXI2NCsweDNhLzB4MTcwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJu
ZWw6IFsgIDkyNC4wOTE1NDhdICBuZnNfcmVhZGRpcisweDEyMi8weDRlMCBbbmZzXQpKYW4gMTYg
MjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTU2XSAgPyBuZnM0X3hkcl9kZWNf
bG9va3VwcCsweGQwLzB4ZDAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxNTU4XSAgaXRlcmF0ZV9kaXIrMHg5Mi8weDFhMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTYxXSAga3N5c19nZXRkZW50czY0KzB4OWMvMHgx
MzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTU2Ml0gID8gZmls
bGRpcisweDE3MC8weDE3MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQu
MDkxNTY0XSAgX19pYTMyX3N5c19nZXRkZW50czY0KzB4MTUvMHgyMApKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNTY3XSAgZG9fZmFzdF9zeXNjYWxsXzMyKzB4OWEv
MHgyMTYKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTU3Ml0gIGVu
dHJ5X1NZU0VOVEVSX2NvbXBhdCsweDdmLzB4OTEKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtl
cm5lbDogWyAgOTI0LjA5MTU4MF0gLS0tWyBlbmQgdHJhY2UgNDMwOTg2NDZiNTk1ZDQ5MiBdLS0t
CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE1OTldIC0tLS0tLS0t
LS0tLVsgY3V0IGhlcmUgXS0tLS0tLS0tLS0tLQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNTk5XSByZWZjb3VudF90OiB1bmRlcmZsb3c7IHVzZS1hZnRlci1mcmVl
LgpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNjA5XSBXQVJOSU5H
OiBDUFU6IDEgUElEOiAxMjQ3IGF0IGxpYi9yZWZjb3VudC5jOjE5MCByZWZjb3VudF9zdWJfYW5k
X3Rlc3RfY2hlY2tlZCsweDU1LzB4NjAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDog
WyAgOTI0LjA5MTYwOV0gTW9kdWxlcyBsaW5rZWQgaW46IHJwY3NlY19nc3Nfa3JiNShFKSBuZnN2
NChFKSBkbnNfcmVzb2x2ZXIoRSkgbmZzKEUpIGxvY2tkKEUpIGdyYWNlKEUpIGZzY2FjaGUoRSkg
aW50ZWxfcmFwbF9tc3IoRSkgaW50ZWxfcmFwbF9jb21tb24oRSkga3ZtX2ludGVsKEUpIGt2bShF
KSBpcnFieXBhc3MoRSkgYmluZm10X21pc2MoRSkgY3JjdDEwZGlmX3BjbG11bChFKSBjcmMzMl9w
Y2xtdWwoRSkgZ2hhc2hfY2xtdWxuaV9pbnRlbChFKSBhZXNuaV9pbnRlbChFKSBjcnlwdG9fc2lt
ZChFKSBjcnlwdGQoRSkgZ2x1ZV9oZWxwZXIoRSkgc25kX2hkYV9jb2RlY19nZW5lcmljKEUpIGxl
ZHRyaWdfYXVkaW8oRSkgc25kX2hkYV9pbnRlbChFKSBzbmRfaW50ZWxfbmhsdChFKSBzbmRfaGRh
X2NvZGVjKEUpIGNpcnJ1cyhFKSBzbmRfaGRhX2NvcmUoRSkgZHJtX2ttc19oZWxwZXIoRSkgc25k
X2h3ZGVwKEUpIHNuZF9wY20oRSkgc25kX3RpbWVyKEUpIHNuZChFKSBldmRldihFKSBqb3lkZXYo
RSkgc2VyaW9fcmF3KEUpIHBjc3BrcihFKSBzb3VuZGNvcmUoRSkgdmlydGlvX2JhbGxvb24oRSkg
ZHJtKEUpIGJ1dHRvbihFKSBhdXRoX3JwY2dzcyhFKSBzdW5ycGMoRSkgdmlydGlvX3JuZyhFKSBy
bmdfY29yZShFKSBpcF90YWJsZXMoRSkgeF90YWJsZXMoRSkgYXV0b2ZzNChFKSBleHQ0KEUpIGNy
YzMyY19nZW5lcmljKEUpIGNyYzE2KEUpIG1iY2FjaGUoRSkgamJkMihFKSBoaWRfZ2VuZXJpYyhF
KSB1c2JoaWQoRSkgaGlkKEUpIGF0YV9nZW5lcmljKEUpIHZpcnRpb19uZXQoRSkgbmV0X2ZhaWxv
dmVyKEUpIGZhaWxvdmVyKEUpIHZpcnRpb19ibGsoRSkgdWhjaV9oY2QoRSkgYWhjaShFKSBlaGNp
X2hjZChFKSBhdGFfcGlpeChFKSBsaWJhaGNpKEUpIHZpcnRpb19wY2koRSkgdmlydGlvX3Jpbmco
RSkgY3JjMzJjX2ludGVsKEUpIHBzbW91c2UoRSkgdmlydGlvKEUpIGxpYmF0YShFKSBpMmNfcGlp
eDQoRSkgdXNiY29yZShFKSBzY3NpX21vZChFKSBmbG9wcHkoRSkKSmFuIDE2IDIwOjQxOjM3IGtv
bnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTY0MF0gQ1BVOiAxIFBJRDogMTI0NyBDb21tOiB0bGpv
Yi5leGUgVGFpbnRlZDogRyAgICAgICAgVyAgIEUgICAgIDUuNC4xMi1kZWJpYW42NC5hbGwrMS4x
ICMxCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE2NDFdIEhhcmR3
YXJlIG5hbWU6IEJvY2hzIEJvY2hzLCBCSU9TIEJvY2hzIDAxLzAxLzIwMTEKSmFuIDE2IDIwOjQx
OjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTY0M10gUklQOiAwMDEwOnJlZmNvdW50X3N1
Yl9hbmRfdGVzdF9jaGVja2VkKzB4NTUvMHg2MApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNjU5XSBDb2RlOiBlMCA0MSA1YyBjMyA0NCA4OSBlMCA0MSA1YyBjMyA0
NCAwZiBiNiAyNSAyMSBmMSBjZSAwMCA0NSA4NCBlNCA3NSBlNCA0OCBjNyBjNyA3MCBiYSBhZCBi
ZCBjNiAwNSAwZSBmMSBjZSAwMCAwMSBlOCBiOSAyYSBjNyBmZiA8MGY+IDBiIGViIGQwIDBmIDFm
IDgwIDAwIDAwIDAwIDAwIDQ4IDg5IGZlIGJmIDAxIDAwIDAwIDAwIGViIDk2IDY2CkphbiAxNiAy
MDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE2NjBdIFJTUDogMDAxODpmZmZmYjll
YTAxMTgzOGU4IEVGTEFHUzogMDAwMTAyODIKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2MV0gUkFYOiAwMDAwMDAwMDAwMDAwMDAwIFJCWDogMDAwMDAwMDAwMDAw
MDAxYiBSQ1g6IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2Ml0gUkRYOiAwMDAwMDAwMDAwMDAwMDAxIFJTSTogMDAwMDAwMDAwMDAw
MDA5MiBSREk6IDAwMDAwMDAwZmZmZmZmZmYKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2M10gUkJQOiBmZmZmOTAxOTNjMjliZjAwIFIwODogMDAwMDAwMDAwMDAw
MDIzOCBSMDk6IDAwMDAwMDAwMDAwMDAwMDQKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2M10gUjEwOiAwMDAwMDAwMDAwMDAwMDAwIFIxMTogMDAwMDAwMDAwMDAw
MDAwMSBSMTI6IDAwMDAwMDAwMDAwMDAwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2NF0gUjEzOiBmZmZmZmZmZmMwYmUxOGE4IFIxNDogZmZmZjkwMTkzYzI5
YmYwMCBSMTU6IGZmZmY5MDE5M2FlNjkwMDAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5l
bDogWyAgOTI0LjA5MTY2NV0gRlM6ICAwMDAwMDAwMDAwM2Y0MDAwKDAwNmIpIEdTOmZmZmY5MDE5
M2RiMDAwMDAoMDA2Mykga25sR1M6MDAwMDAwMDAwMjg5M2I0MApKYW4gMTYgMjA6NDE6Mzcga29u
c3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNjY2XSBDUzogIDAwMTAgRFM6IDAwMmIgRVM6IDAwMmIg
Q1IwOiAwMDAwMDAwMDgwMDUwMDMzCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2NjddIENSMjogMDAwMDdmZmMzYTFkNDY2OCBDUjM6IDAwMDAwMDAwN2FhOWUwMDAg
Q1I0OiAwMDAwMDAwMDAwMDQwNmUwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODRdIERSMDogMDAwMDAwMDAwMDAwMDAwMCBEUjE6IDAwMDAwMDAwMDAwMDAwMDAg
RFIyOiAwMDAwMDAwMDAwMDAwMDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODVdIERSMzogMDAwMDAwMDAwMDAwMDAwMCBEUjY6IDAwMDAwMDAwZmZmZTBmZjAg
RFI3OiAwMDAwMDAwMDAwMDAwNDAwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE2ODVdIENhbGwgVHJhY2U6CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6
IFsgIDkyNC4wOTE2ODhdICBrZXlfcHV0KzB4Zi8weDMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFu
eiBrZXJuZWw6IFsgIDkyNC4wOTE2OTddICBuZnNfaWRtYXBfZ2V0X2tleSsweDFhYy8weDFmMCBb
bmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3MDVdICBu
ZnNfaWRtYXBfbG9va3VwX2lkKzB4MzAvMHg4MCBbbmZzdjRdCkphbiAxNiAyMDo0MTozNyBrb25z
dGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3MTNdICBuZnNfbWFwX25hbWVfdG9fdWlkKzB4MTNiLzB4
MTUwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTcy
Ml0gID8geGRyX3NldF9uZXh0X2J1ZmZlcisweDMyLzB4YTAgW3N1bnJwY10KSmFuIDE2IDIwOjQx
OjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTczMF0gIGRlY29kZV9nZXRmYXR0cl9hdHRy
cysweGRiZC8weDExMTAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVsOiBb
ICA5MjQuMDkxNzM2XSAgPyBuZnNfc2V0X2NhY2hlX2ludmFsaWQrMHgzMy8weGEwIFtuZnNdCkph
biAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE3NDNdICBuZnM0X2RlY29k
ZV9kaXJlbnQrMHgxNzMvMHgyYjAgW25mc3Y0XQpKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNzQ4XSAgbmZzX3JlYWRkaXJfcGFnZV9maWxsZXIrMHgxNjEvMHg2NTAg
W25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc1NF0gIG5m
c19yZWFkZGlyX3hkcl90b19hcnJheSsweDIwYy8weDNkMCBbbmZzXQpKYW4gMTYgMjA6NDE6Mzcg
a29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNzU2XSAgPyB4YXNfc3RvcmUrMHgxYjcvMHg1ZTAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc1OF0gID8gX19hZGRf
dG9fcGFnZV9jYWNoZV9sb2NrZWQrMHgyNDgvMHgzNjAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTc2M10gIG5mc19yZWFkZGlyX2ZpbGxlcisweDFlLzB4ODAgW25m
c10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc2NF0gIGRvX3Jl
YWRfY2FjaGVfcGFnZSsweDJlNC8weDgxMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2VybmVs
OiBbICA5MjQuMDkxNzY5XSAgPyBuZnNfcmVhZGRpcl94ZHJfdG9fYXJyYXkrMHgzZDAvMHgzZDAg
W25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc3MV0gID8g
dmVyaWZ5X2RpcmVudF9uYW1lKzB4MTYvMHgzMApKYW4gMTYgMjA6NDE6Mzcga29uc3Rhbnoga2Vy
bmVsOiBbICA5MjQuMDkxNzcyXSAgPyBmaWxsZGlyNjQrMHgzYS8weDE3MApKYW4gMTYgMjA6NDE6
Mzcga29uc3Rhbnoga2VybmVsOiBbICA5MjQuMDkxNzkyXSAgbmZzX3JlYWRkaXIrMHgxMjIvMHg0
ZTAgW25mc10KSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTc5OV0g
ID8gbmZzNF94ZHJfZGVjX2xvb2t1cHArMHhkMC8weGQwIFtuZnN2NF0KSmFuIDE2IDIwOjQxOjM3
IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwMV0gIGl0ZXJhdGVfZGlyKzB4OTIvMHgxYTAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwM10gIGtzeXNfZ2V0
ZGVudHM2NCsweDljLzB4MTMwCkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDky
NC4wOTE4MDVdICA/IGZpbGxkaXIrMHgxNzAvMHgxNzAKSmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56
IGtlcm5lbDogWyAgOTI0LjA5MTgwN10gIF9faWEzMl9zeXNfZ2V0ZGVudHM2NCsweDE1LzB4MjAK
SmFuIDE2IDIwOjQxOjM3IGtvbnN0YW56IGtlcm5lbDogWyAgOTI0LjA5MTgwOV0gIGRvX2Zhc3Rf
c3lzY2FsbF8zMisweDlhLzB4MjE2CkphbiAxNiAyMDo0MTozNyBrb25zdGFueiBrZXJuZWw6IFsg
IDkyNC4wOTE4MTBdICBlbnRyeV9TWVNFTlRFUl9jb21wYXQrMHg3Zi8weDkxCkphbiAxNiAyMDo0
MTozNyBrb25zdGFueiBrZXJuZWw6IFsgIDkyNC4wOTE4MTJdIC0tLVsgZW5kIHRyYWNlIDQzMDk4
NjQ2YjU5NWQ0OTMgXS0tLQoKCgo0LjE5Ljk2IHdvcmtzIGZpbmUuCgpSZWdhcmRzLAotLSAKV29s
ZmdhbmcgV2FsdGVyClN0dWRlbnRlbndlcmsgTfxuY2hlbgpBbnN0YWx0IGRlcyD2ZmZlbnRsaWNo
ZW4gUmVjaHRz
^ permalink raw reply [flat|nested] 2+ messages in thread
* kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_lookup)
@ 2020-01-16 20:29 ` Wolfgang Walter
0 siblings, 0 replies; 2+ messages in thread
From: Wolfgang Walter @ 2020-01-16 20:29 UTC (permalink / raw)
To: linux-kernel; +Cc: David Howells, keyrings
Hello,
with 5.4.5 and later (but didn't test lower 5.4 versions) I get the following kernel failure:
Jan 13 17:32:23 konstanz kernel: [2072916.589221] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.589228] refcount_t: increment on 0; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.589271] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589273] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pcm(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.589496] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.589497] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.589501] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589503] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 6e f9 ce 00 00 75 f6 48 c7 c7 f0 b1 8d 9d c6 05 5e f9 ce 00 01 e8 a8 32 c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 13 17:32:23 konstanz kernel: [2072916.589505] RSP: 0018:ffffb5f3809e3768 EFLAGS: 00010286
Jan 13 17:32:23 konstanz kernel: [2072916.589507] RAX: 0000000000000000 RBX: ffffb5f3809e3808 RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589508] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.589509] RBP: ffff8f08bbe3b300 R08: 0000000000000205 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.589510] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f08bd78fc00
Jan 13 17:32:23 konstanz kernel: [2072916.589511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589513] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.589515] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.589528] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.589534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.589535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.589537] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.589579] keyring_search_rcu+0x87/0x90
Jan 13 17:32:23 konstanz kernel: [2072916.589609] search_cred_keyrings_rcu+0x2f/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589614] search_process_keyrings_rcu+0x11/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589618] request_key_and_link+0x116/0x760
Jan 13 17:32:23 konstanz kernel: [2072916.589622] ? keyring_alloc+0x70/0x70
Jan 13 17:32:23 konstanz kernel: [2072916.589624] ? key_default_cmp+0x20/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589627] request_key_tag+0x44/0xa0
Jan 13 17:32:23 konstanz kernel: [2072916.589717] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589748] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589764] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589778] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589786] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.589789] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.589803] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589868] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589890] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589894] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.589899] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.589909] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589911] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.589922] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589926] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.589928] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589938] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.589953] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.589956] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.589960] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.589963] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.589966] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.589970] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.589979] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.589992] ---[ end trace 149edb431f1235b8 ]---
Jan 13 17:32:23 konstanz kernel: [2072916.590020] ------------[ cut here ]------------
Jan 13 17:32:23 konstanz kernel: [2072916.590021] refcount_t: underflow; use-after-free.
Jan 13 17:32:23 konstanz kernel: [2072916.590038] WARNING: CPU: 1 PID: 28813 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590039] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) binfmt_misc(E)
intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) c
ryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) snd_hda_core(E) snd_hwdep(E) cirrus(E) snd_pc
m(E) evdev(E) joydev(E) snd_timer(E) serio_raw(E) virtio_balloon(E) snd(E) drm_kms_helper(E) soundcore(E) pcspkr(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virti
o_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ehci_hcd(E) ahci(E) libahci(E) ata_piix(E) crc32c_intel(E) psmouse(E) i2c_piix4(E) usbcore(E) virtio_pci(E) libata(E) virtio_ring(E) virtio(E) scsi_mod(E) floppy(E)
Jan 13 17:32:23 konstanz kernel: [2072916.590069] CPU: 1 PID: 28813 Comm: tljob.exe Tainted: G W E 5.4.5-debian64.all+1.1 #1
Jan 13 17:32:23 konstanz kernel: [2072916.590070] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 13 17:32:23 konstanz kernel: [2072916.590073] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 13 17:32:23 konstanz kernel: [2072916.590075] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 11 f9 ce 00 45 84 e4 75 e4 48 c7 c7 20 b2 8d 9d c6 05 fe f8 ce 00 01 e8 49 32 c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 13 17:32:23 konstanz kernel: [2072916.590076] RSP: 0018:ffffb5f3809e38e8 EFLAGS: 00010282
Jan 13 17:32:23 konstanz kernel: [2072916.590078] RAX: 0000000000000000 RBX: 000000000000001c RCX: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590079] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 13 17:32:23 konstanz kernel: [2072916.590080] RBP: ffff8f0867406200 R08: 0000000000000239 R09: 0000000000000004
Jan 13 17:32:23 konstanz kernel: [2072916.590081] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590082] R13: ffffffffc0aed8a8 R14: ffff8f0867406200 R15: ffff8f0874c284c0
Jan 13 17:32:23 konstanz kernel: [2072916.590084] FS: 00000000003f4000(006b) GS:ffff8f08bdb00000(0063) knlGS:0000000002893b40
Jan 13 17:32:23 konstanz kernel: [2072916.590085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 13 17:32:23 konstanz kernel: [2072916.590086] CR2: 0000000010028600 CR3: 0000000026ece000 CR4: 00000000000406e0
Jan 13 17:32:23 konstanz kernel: [2072916.590091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 13 17:32:23 konstanz kernel: [2072916.590092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 13 17:32:23 konstanz kernel: [2072916.590093] Call Trace:
Jan 13 17:32:23 konstanz kernel: [2072916.590096] key_put+0xf/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590113] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590127] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590139] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590151] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590155] ? _raw_spin_unlock_irqrestore+0x20/0x40
Jan 13 17:32:23 konstanz kernel: [2072916.590157] ? __wake_up_common_lock+0x8a/0xc0
Jan 13 17:32:23 konstanz kernel: [2072916.590168] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590178] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590190] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590193] ? xas_store+0x1b7/0x5e0
Jan 13 17:32:23 konstanz kernel: [2072916.590196] ? __add_to_page_cache_locked+0x258/0x360
Jan 13 17:32:23 konstanz kernel: [2072916.590204] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590207] do_read_cache_page+0x2e4/0x810
Jan 13 17:32:23 konstanz kernel: [2072916.590215] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590218] ? verify_dirent_name+0x16/0x30
Jan 13 17:32:23 konstanz kernel: [2072916.590220] ? filldir64+0x3a/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590228] nfs_readdir+0x122/0x4e0 [nfs]
Jan 13 17:32:23 konstanz kernel: [2072916.590240] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 13 17:32:23 konstanz kernel: [2072916.590243] iterate_dir+0x92/0x1a0
Jan 13 17:32:23 konstanz kernel: [2072916.590246] ksys_getdents64+0x9c/0x130
Jan 13 17:32:23 konstanz kernel: [2072916.590249] ? filldir+0x170/0x170
Jan 13 17:32:23 konstanz kernel: [2072916.590252] __ia32_sys_getdents64+0x15/0x20
Jan 13 17:32:23 konstanz kernel: [2072916.590255] do_fast_syscall_32+0x9a/0x216
Jan 13 17:32:23 konstanz kernel: [2072916.590257] entry_SYSENTER_compat+0x7f/0x91
Jan 13 17:32:23 konstanz kernel: [2072916.590261] ---[ end trace 149edb431f1235b9 ]---
Here with 5.4.12:
Jan 16 20:26:18 konstanz kernel: [ 5.548117] Key type id_resolver registered
Jan 16 20:26:18 konstanz kernel: [ 5.548118] Key type id_legacy registered
Jan 16 20:41:37 konstanz kernel: [ 924.090960] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.090965] refcount_t: increment on 0; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091001] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:156 refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091003] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091205] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091205] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091207] RIP: 0010:refcount_inc_checked+0x26/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091210] Code: 00 00 00 00 e8 9b ff ff ff 84 c0 74 01 c3 80 3d 7e f1 ce 00 00 75 f6 48 c7 c7 40 ba ad bd c6 05 6e f1 ce 00 01 e8 18 2b c7 ff <0f> 0b c3 0f 1f 80 00 00 00 00 41 54 8b 06 83 f8 ff 74 1d 31 c9 39
Jan 16 20:41:37 konstanz kernel: [ 924.091211] RSP: 0018:ffffb9ea01183768 EFLAGS: 00010286
Jan 16 20:41:37 konstanz kernel: [ 924.091212] RAX: 0000000000000000 RBX: ffffb9ea01183808 RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091213] RDX: 0000000000000001 RSI: 0000000000000096 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091214] RBP: ffff9018f4a81100 R08: 0000000000000204 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9018f50bb9c0
Jan 16 20:41:37 konstanz kernel: [ 924.091215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091216] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091217] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091218] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091220] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091221] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091241] keyring_search_rcu+0x87/0x90
Jan 16 20:41:37 konstanz kernel: [ 924.091269] search_cred_keyrings_rcu+0x2f/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091287] search_process_keyrings_rcu+0x11/0xc0
Jan 16 20:41:37 konstanz kernel: [ 924.091290] request_key_and_link+0x116/0x760
Jan 16 20:41:37 konstanz kernel: [ 924.091293] ? keyring_alloc+0x70/0x70
Jan 16 20:41:37 konstanz kernel: [ 924.091295] ? key_default_cmp+0x20/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091298] request_key_tag+0x44/0xa0
Jan 16 20:41:37 konstanz kernel: [ 924.091349] nfs_idmap_get_key+0x118/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091368] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091378] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091441] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091451] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091486] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091494] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091501] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091517] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091520] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091524] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091530] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091531] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091538] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091540] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091542] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091548] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091556] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091558] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091561] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091562] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091564] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091567] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091572] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091580] ---[ end trace 43098646b595d492 ]---
Jan 16 20:41:37 konstanz kernel: [ 924.091599] ------------[ cut here ]------------
Jan 16 20:41:37 konstanz kernel: [ 924.091599] refcount_t: underflow; use-after-free.
Jan 16 20:41:37 konstanz kernel: [ 924.091609] WARNING: CPU: 1 PID: 1247 at lib/refcount.c:190 refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091609] Modules linked in: rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) fscache(E) intel_rapl_msr(E) intel_rapl_common(E) kvm_intel(E) kvm(E) irqbypass(E) binfmt_misc(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_nhlt(E) snd_hda_codec(E) cirrus(E) snd_hda_core(E) drm_kms_helper(E) snd_hwdep(E) snd_pcm(E) snd_timer(E) snd(E) evdev(E) joydev(E) serio_raw(E) pcspkr(E) soundcore(E) virtio_balloon(E) drm(E) button(E) auth_rpcgss(E) sunrpc(E) virtio_rng(E) rng_core(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) hid(E) ata_generic(E) virtio_net(E) net_failover(E) failover(E) virtio_blk(E) uhci_hcd(E) ahci(E) ehci_hcd(E) ata_piix(E) libahci(E) virtio_pci(E) virtio_ring(E) crc32c_intel(E) psmouse(E) virtio(E) libata(E) i2c_piix4(E) usbcore(E) scsi_mod(E) floppy(E)
Jan 16 20:41:37 konstanz kernel: [ 924.091640] CPU: 1 PID: 1247 Comm: tljob.exe Tainted: G W E 5.4.12-debian64.all+1.1 #1
Jan 16 20:41:37 konstanz kernel: [ 924.091641] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Jan 16 20:41:37 konstanz kernel: [ 924.091643] RIP: 0010:refcount_sub_and_test_checked+0x55/0x60
Jan 16 20:41:37 konstanz kernel: [ 924.091659] Code: e0 41 5c c3 44 89 e0 41 5c c3 44 0f b6 25 21 f1 ce 00 45 84 e4 75 e4 48 c7 c7 70 ba ad bd c6 05 0e f1 ce 00 01 e8 b9 2a c7 ff <0f> 0b eb d0 0f 1f 80 00 00 00 00 48 89 fe bf 01 00 00 00 eb 96 66
Jan 16 20:41:37 konstanz kernel: [ 924.091660] RSP: 0018:ffffb9ea011838e8 EFLAGS: 00010282
Jan 16 20:41:37 konstanz kernel: [ 924.091661] RAX: 0000000000000000 RBX: 000000000000001b RCX: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091662] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 00000000ffffffff
Jan 16 20:41:37 konstanz kernel: [ 924.091663] RBP: ffff90193c29bf00 R08: 0000000000000238 R09: 0000000000000004
Jan 16 20:41:37 konstanz kernel: [ 924.091663] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091664] R13: ffffffffc0be18a8 R14: ffff90193c29bf00 R15: ffff90193ae69000
Jan 16 20:41:37 konstanz kernel: [ 924.091665] FS: 00000000003f4000(006b) GS:ffff90193db00000(0063) knlGS:0000000002893b40
Jan 16 20:41:37 konstanz kernel: [ 924.091666] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
Jan 16 20:41:37 konstanz kernel: [ 924.091667] CR2: 00007ffc3a1d4668 CR3: 000000007aa9e000 CR4: 00000000000406e0
Jan 16 20:41:37 konstanz kernel: [ 924.091684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 16 20:41:37 konstanz kernel: [ 924.091685] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 16 20:41:37 konstanz kernel: [ 924.091685] Call Trace:
Jan 16 20:41:37 konstanz kernel: [ 924.091688] key_put+0xf/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091697] nfs_idmap_get_key+0x1ac/0x1f0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091705] nfs_idmap_lookup_id+0x30/0x80 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091713] nfs_map_name_to_uid+0x13b/0x150 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091722] ? xdr_set_next_buffer+0x32/0xa0 [sunrpc]
Jan 16 20:41:37 konstanz kernel: [ 924.091730] decode_getfattr_attrs+0xdbd/0x1110 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091736] ? nfs_set_cache_invalid+0x33/0xa0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091743] nfs4_decode_dirent+0x173/0x2b0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091748] nfs_readdir_page_filler+0x161/0x650 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091754] nfs_readdir_xdr_to_array+0x20c/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091756] ? xas_store+0x1b7/0x5e0
Jan 16 20:41:37 konstanz kernel: [ 924.091758] ? __add_to_page_cache_locked+0x248/0x360
Jan 16 20:41:37 konstanz kernel: [ 924.091763] nfs_readdir_filler+0x1e/0x80 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091764] do_read_cache_page+0x2e4/0x810
Jan 16 20:41:37 konstanz kernel: [ 924.091769] ? nfs_readdir_xdr_to_array+0x3d0/0x3d0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091771] ? verify_dirent_name+0x16/0x30
Jan 16 20:41:37 konstanz kernel: [ 924.091772] ? filldir64+0x3a/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091792] nfs_readdir+0x122/0x4e0 [nfs]
Jan 16 20:41:37 konstanz kernel: [ 924.091799] ? nfs4_xdr_dec_lookupp+0xd0/0xd0 [nfsv4]
Jan 16 20:41:37 konstanz kernel: [ 924.091801] iterate_dir+0x92/0x1a0
Jan 16 20:41:37 konstanz kernel: [ 924.091803] ksys_getdents64+0x9c/0x130
Jan 16 20:41:37 konstanz kernel: [ 924.091805] ? filldir+0x170/0x170
Jan 16 20:41:37 konstanz kernel: [ 924.091807] __ia32_sys_getdents64+0x15/0x20
Jan 16 20:41:37 konstanz kernel: [ 924.091809] do_fast_syscall_32+0x9a/0x216
Jan 16 20:41:37 konstanz kernel: [ 924.091810] entry_SYSENTER_compat+0x7f/0x91
Jan 16 20:41:37 konstanz kernel: [ 924.091812] ---[ end trace 43098646b595d493 ]---
4.19.96 works fine.
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-16 20:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-16 20:29 kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_ Wolfgang Walter
2020-01-16 20:29 ` kernel 5.4: refcount_t: increment on 0; use-after-free (in keyring_search_rcu called when nfs_idmap_lookup) Wolfgang Walter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.