From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Qianchang Zhao <pioooooooooip@gmail.com>,
Zhitong Liu <liuzhitong1993@gmail.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 6.17 04/60] ksmbd: ipc: fix use-after-free in ipc_msg_send_request
Date: Wed, 10 Dec 2025 16:29:34 +0900 [thread overview]
Message-ID: <20251210072947.955740226@linuxfoundation.org> (raw)
In-Reply-To: <20251210072947.850479903@linuxfoundation.org>
6.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qianchang Zhao <pioooooooooip@gmail.com>
commit 1fab1fa091f5aa97265648b53ea031deedd26235 upstream.
ipc_msg_send_request() waits for a generic netlink reply using an
ipc_msg_table_entry on the stack. The generic netlink handler
(handle_generic_event()/handle_response()) fills entry->response under
ipc_msg_table_lock, but ipc_msg_send_request() used to validate and free
entry->response without holding the same lock.
Under high concurrency this allows a race where handle_response() is
copying data into entry->response while ipc_msg_send_request() has just
freed it, leading to a slab-use-after-free reported by KASAN in
handle_generic_event():
BUG: KASAN: slab-use-after-free in handle_generic_event+0x3c4/0x5f0 [ksmbd]
Write of size 12 at addr ffff888198ee6e20 by task pool/109349
...
Freed by task:
kvfree
ipc_msg_send_request [ksmbd]
ksmbd_rpc_open -> ksmbd_session_rpc_open [ksmbd]
Fix by:
- Taking ipc_msg_table_lock in ipc_msg_send_request() while validating
entry->response, freeing it when invalid, and removing the entry from
ipc_msg_table.
- Returning the final entry->response pointer to the caller only after
the hash entry is removed under the lock.
- Returning NULL in the error path, preserving the original API
semantics.
This makes all accesses to entry->response consistent with
handle_response(), which already updates and fills the response buffer
under ipc_msg_table_lock, and closes the race that allowed the UAF.
Cc: stable@vger.kernel.org
Reported-by: Qianchang Zhao <pioooooooooip@gmail.com>
Reported-by: Zhitong Liu <liuzhitong1993@gmail.com>
Signed-off-by: Qianchang Zhao <pioooooooooip@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/server/transport_ipc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -553,12 +553,16 @@ static void *ipc_msg_send_request(struct
up_write(&ipc_msg_table_lock);
ret = ipc_msg_send(msg);
- if (ret)
+ if (ret) {
+ down_write(&ipc_msg_table_lock);
goto out;
+ }
ret = wait_event_interruptible_timeout(entry.wait,
entry.response != NULL,
IPC_WAIT_TIMEOUT);
+
+ down_write(&ipc_msg_table_lock);
if (entry.response) {
ret = ipc_validate_msg(&entry);
if (ret) {
@@ -567,7 +571,6 @@ static void *ipc_msg_send_request(struct
}
}
out:
- down_write(&ipc_msg_table_lock);
hash_del(&entry.ipc_table_hlist);
up_write(&ipc_msg_table_lock);
return entry.response;
next prev parent reply other threads:[~2025-12-10 7:33 UTC|newest]
Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 7:29 [PATCH 6.17 00/60] 6.17.12-rc1 review Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 01/60] Documentation: process: Also mention Sasha Levin as stable tree maintainer Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 02/60] jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 03/60] ext4: refresh inline data size before write operations Greg Kroah-Hartman
2025-12-10 7:29 ` Greg Kroah-Hartman [this message]
2025-12-10 7:29 ` [PATCH 6.17 05/60] locking/spinlock/debug: Fix data-race in do_raw_write_lock Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 06/60] crypto: zstd - fix double-free in per-CPU stream cleanup Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 07/60] ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 08/60] comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 09/60] KVM: SVM: Dont skip unrelated instruction if INT3/INTO is replaced Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 10/60] USB: serial: option: add Foxconn T99W760 Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 11/60] USB: serial: option: add Telit Cinterion FE910C04 new compositions Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 12/60] USB: serial: option: move Telit 0x10c7 composition in the right place Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 13/60] USB: serial: ftdi_sio: match on interface number for jtag Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 14/60] serial: add support of CPCI cards Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 15/60] dt-bindings: serial: rsci: Drop "uart-has-rtscts: false" Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 16/60] serial: sh-sci: Fix deadlock during RSCI FIFO overrun error Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 17/60] USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 18/60] USB: serial: kobil_sct: " Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 19/60] ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 20/60] spi: xilinx: increase number of retries before declaring stall Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 21/60] spi: imx: keep dma request disabled before dma transfer setup Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 22/60] ACPI: MRRM: Fix memory leaks and improve error handling Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 23/60] drm/vmwgfx: Use kref in vmw_bo_dirty Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 24/60] arm64: Reject modules with internal alternative callbacks Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 25/60] ALSA: hda/tas2781: Add new quirk for HP new projects Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 26/60] Bluetooth: btrtl: Avoid loading the config file on security chips Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 27/60] ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 28/60] smb: fix invalid username check in smb3_fs_context_parse_param() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.17 29/60] drm/amdkfd: Fix GPU mappings for APU after prefetch Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 31/60] HID: lenovo: fixup Lenovo Yoga Slim 7x Keyboard rdesc Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 32/60] bfs: Reconstruct file type when loading from disk Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 33/60] HID: hid-input: Extend Elan ignore battery quirk to USB Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 34/60] platform/x86/amd/pmc: Add support for Van Gogh SoC Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 35/60] platform/x86: hp-wmi: mark Victus 16-r0 and 16-s0 for victus_s fan and thermal profile support Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 36/60] nvme: fix admin request_queue lifetime Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 37/60] pinctrl: qcom: msm: Fix deadlock in pinmux configuration Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 38/60] platform/x86: acer-wmi: Ignore backlight event Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 39/60] HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 40/60] platform/x86: huawei-wmi: add keys for HONOR models Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 41/60] platform/x86: intel-uncore-freq: Add additional client processors Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 42/60] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 43/60] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 44/60] sched_ext: Fix possible deadlock in the deferred_irq_workfn() Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 45/60] platform/x86/intel/hid: Add Nova Lake support Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 46/60] HID: elecom: Add support for ELECOM M-XT3URBK (018F) Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 47/60] sched_ext: Use IRQ_WORK_INIT_HARD() to initialize rq->scx.kick_cpus_irq_work Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 48/60] LoongArch: Mask all interrupts during kexec/kdump Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 49/60] samples: work around glibc redefining some of our defines wrong Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 50/60] platform/x86: hp-wmi: Add Omen 16-wf1xxx fan support Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 51/60] platform/x86: hp-wmi: Add Omen MAX 16-ah0xx fan support and thermal profile Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 52/60] wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 53/60] wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U " Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 54/60] iio: adc: ad4080: fix chip identification Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 55/60] comedi: c6xdigio: Fix invalid PNP driver unregistration Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 56/60] comedi: multiq3: sanitize config options in multiq3_attach() Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 57/60] comedi: check devices attached status in compat ioctls Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 58/60] staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 59/60] staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 60/60] staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR " Greg Kroah-Hartman
2025-12-10 10:15 ` [PATCH 6.17 00/60] 6.17.12-rc1 review Brett A C Sheffield
2025-12-10 10:52 ` Jeffrin Thalakkottoor
2025-12-10 12:47 ` Greg Kroah-Hartman
2025-12-10 13:43 ` Jeffrin Thalakkottoor
2025-12-10 19:04 ` Brett A C Sheffield
2025-12-11 15:39 ` Jeffrin Thalakkottoor
2025-12-11 16:41 ` Brett A C Sheffield
2025-12-11 17:11 ` Jeffrin Thalakkottoor
2025-12-11 17:36 ` Jeffrin Thalakkottoor
2025-12-10 12:47 ` Achill Gilgenast
2025-12-10 13:00 ` Peter Schneider
2025-12-10 19:41 ` Florian Fainelli
2025-12-10 22:01 ` Ron Economos
2025-12-11 6:23 ` Naresh Kamboju
2025-12-11 9:11 ` Mark Brown
2025-12-11 10:02 ` Dileep malepu
2025-12-12 9:09 ` Jon Hunter
-- strict thread matches above, loose matches on Subject: below --
2025-12-10 7:29 [PATCH 6.12 00/49] 6.12.62-rc1 review Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 01/49] xfrm: delete x->tunnel as we delete x Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 02/49] Revert "xfrm: destroy xfrm_state synchronously on net exit path" Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 03/49] xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 04/49] xfrm: flush all states in xfrm_state_fini Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 05/49] Documentation: process: Also mention Sasha Levin as stable tree maintainer Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 06/49] jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 07/49] ext4: refresh inline data size before write operations Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 08/49] ksmbd: ipc: fix use-after-free in ipc_msg_send_request Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 09/49] locking/spinlock/debug: Fix data-race in do_raw_write_lock Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 10/49] ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 11/49] comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 12/49] KVM: SVM: Dont skip unrelated instruction if INT3/INTO is replaced Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 13/49] USB: serial: option: add Foxconn T99W760 Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 14/49] USB: serial: option: add Telit Cinterion FE910C04 new compositions Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 15/49] USB: serial: option: move Telit 0x10c7 composition in the right place Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 16/49] USB: serial: ftdi_sio: match on interface number for jtag Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 17/49] serial: add support of CPCI cards Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 18/49] USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.17 30/60] ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 19/49] USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 20/49] ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 21/49] spi: xilinx: increase number of retries before declaring stall Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 22/49] spi: imx: keep dma request disabled before dma transfer setup Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 23/49] drm/vmwgfx: Use kref in vmw_bo_dirty Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 24/49] Bluetooth: btrtl: Avoid loading the config file on security chips Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 25/49] smb: fix invalid username check in smb3_fs_context_parse_param() Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 26/49] drm/amdkfd: Fix GPU mappings for APU after prefetch Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 27/49] ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 28/49] bfs: Reconstruct file type when loading from disk Greg Kroah-Hartman
2025-12-10 7:29 ` [PATCH 6.12 29/49] HID: hid-input: Extend Elan ignore battery quirk to USB Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 30/49] nvme: fix admin request_queue lifetime Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 31/49] pinctrl: qcom: msm: Fix deadlock in pinmux configuration Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 32/49] platform/x86: acer-wmi: Ignore backlight event Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 33/49] HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 34/49] platform/x86: huawei-wmi: add keys for HONOR models Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 35/49] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 36/49] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 37/49] HID: elecom: Add support for ELECOM M-XT3URBK (018F) Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 38/49] LoongArch: Mask all interrupts during kexec/kdump Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 39/49] samples: work around glibc redefining some of our defines wrong Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 40/49] wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 41/49] wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U " Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 42/49] comedi: c6xdigio: Fix invalid PNP driver unregistration Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 43/49] comedi: multiq3: sanitize config options in multiq3_attach() Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 44/49] comedi: check devices attached status in compat ioctls Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 45/49] staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 46/49] staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 47/49] staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR " Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 48/49] bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Greg Kroah-Hartman
2025-12-10 7:30 ` [PATCH 6.12 49/49] bus: mhi: host: pci_generic: Add Telit FN990B40 " Greg Kroah-Hartman
2025-12-10 10:15 ` [PATCH 6.12 00/49] 6.12.62-rc1 review Brett A C Sheffield
2025-12-10 11:22 ` Jeffrin Thalakkottoor
2025-12-10 12:33 ` Peter Schneider
2025-12-10 19:26 ` Florian Fainelli
2025-12-10 20:12 ` Brett Mastbergen
2025-12-10 20:40 ` Hardik Garg
2025-12-10 22:11 ` Ron Economos
2025-12-11 6:55 ` Naresh Kamboju
2025-12-11 9:06 ` Mark Brown
2025-12-11 10:31 ` Dileep malepu
2025-12-12 9:09 ` Jon Hunter
2025-12-13 16:31 ` Guenter Roeck
2025-12-14 1:24 ` Huacai Chen
2025-12-16 10:20 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251210072947.955740226@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linkinjeon@kernel.org \
--cc=liuzhitong1993@gmail.com \
--cc=patches@lists.linux.dev \
--cc=pioooooooooip@gmail.com \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).