From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80699C43215 for ; Tue, 3 Dec 2019 22:37:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 490242073C for ; Tue, 3 Dec 2019 22:37:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=ffwll.ch header.i=@ffwll.ch header.b="f1+WC+TS" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727683AbfLCWhR (ORCPT ); Tue, 3 Dec 2019 17:37:17 -0500 Received: from mail-ot1-f67.google.com ([209.85.210.67]:45119 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727589AbfLCWhQ (ORCPT ); Tue, 3 Dec 2019 17:37:16 -0500 Received: by mail-ot1-f67.google.com with SMTP id 59so4477494otp.12 for ; Tue, 03 Dec 2019 14:37:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xqVaUbO/ym+vU3WCeVrWIW1JXkj6g9naxC6eTndGNHA=; b=f1+WC+TScutD7mihmQFo1XtA+yE7l8DbZULaZO2Yhgg8yHFVo73LD1kejD3DqDtPL9 pdMO3ax5XBNmkz+ezfp4JhE5cKm8UA9qZCdy7oj4KDAqB6rISxiUF6bpavflpjo6qirj qIGg6nIqTQqMlaOxQvUmCqfLiKx8hiu2erGBQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xqVaUbO/ym+vU3WCeVrWIW1JXkj6g9naxC6eTndGNHA=; b=F/OiDRHVYB9lcLI1VMONN8MSZZbaxyZH68M8XA7U2mt7PEbiY5wUGVw8O8Oi5UoNLE RSABWt8s13i4qF2TqxIvX/66j64jg153Oo8HfWjMq2htq+Y1Bgux3Hfv5Kyg4pfX6Kmd LD0iTRKqTOI4ZeeOYfck7bsqar59GJmymVemUJLYz1Vic1nPl8VGW33L+uOPynWmML7k RQZ7599IYOxvITa/G2/Zmdi8a2rjOHER9VP8nOvV1yVoCk+nRW2XZp0D0xHeCc1F7PKl AcHyWXOKVkiLmWYWOaPh5EUNeePTSSElafB3nwbIe2RtAa4upRluxjtYnZTmity3zZt9 3Hgw== X-Gm-Message-State: APjAAAWMYmOL84T3k5vP71XdmFN5ACPD9my4ur1tubbyNpIUlwe9dB5O 5lr/I9whFTegqeOiYCJWDdaNTrBA6J6/BYNofQFNyw== X-Google-Smtp-Source: APXvYqz335dcpVO3AFakExAzrWfwUzkTzGIElQI1GUgeB/Swk+O2wfTx7JlUxFqy9NI80IFhbKgKHuqauXtAYwkgJWI= X-Received: by 2002:a9d:1b4b:: with SMTP id l69mr152478otl.303.1575412634848; Tue, 03 Dec 2019 14:37:14 -0800 (PST) MIME-Version: 1.0 References: <0000000000002cfc3a0598d42b70@google.com> In-Reply-To: <0000000000002cfc3a0598d42b70@google.com> From: Daniel Vetter Date: Tue, 3 Dec 2019 23:37:03 +0100 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font To: syzbot , Kentaro Takeda , Tetsuo Handa , James Morris , "Serge E. Hallyn" , linux-security-module Cc: Bartlomiej Zolnierkiewicz , Daniel Thompson , dri-devel , ghalat@redhat.com, Linux Fbdev development list , Linux Kernel Mailing List , Maarten Lankhorst , Sam Ravnborg , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 3, 2019 at 11:25 PM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: 76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10bfe282e00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=dd226651cb0f364b > dashboard link: https://syzkaller.appspot.com/bug?extid=4455ca3b3291de891abc > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11181edae00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105cbb7ae00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+4455ca3b3291de891abc@syzkaller.appspotmail.com > > ================================================================== > BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:380 [inline] > BUG: KASAN: slab-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 > drivers/video/fbdev/core/fbcon.c:2465 > Read of size 16 at addr ffff888094b0aa10 by task syz-executor414/9999 So fbcon allocates some memory, security/tomoyo goes around and frees it, fbcon goes boom because the memory is gone. I'm kinda leaning towards "not an fbcon bug". Adding relevant security folks and mailing lists. But from a very quick look in tomoyo it loosk more like "machine on fire, random corruption all over". No idea what's going on here. -Daniel > > CPU: 0 PID: 9999 Comm: syz-executor414 Not tainted 5.4.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x197/0x210 lib/dump_stack.c:118 > print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 > __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 > kasan_report+0x12/0x20 mm/kasan/common.c:638 > check_memory_region_inline mm/kasan/generic.c:185 [inline] > check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 > memcpy+0x24/0x50 mm/kasan/common.c:124 > memcpy include/linux/string.h:380 [inline] > fbcon_get_font+0x2b2/0x5e0 drivers/video/fbdev/core/fbcon.c:2465 > con_font_get drivers/tty/vt/vt.c:4446 [inline] > con_font_op+0x20b/0x1250 drivers/tty/vt/vt.c:4605 > vt_ioctl+0x181a/0x26d0 drivers/tty/vt/vt_ioctl.c:965 > tty_ioctl+0xa37/0x14f0 drivers/tty/tty_io.c:2658 > vfs_ioctl fs/ioctl.c:47 [inline] > file_ioctl fs/ioctl.c:545 [inline] > do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732 > ksys_ioctl+0xab/0xd0 fs/ioctl.c:749 > __do_sys_ioctl fs/ioctl.c:756 [inline] > __se_sys_ioctl fs/ioctl.c:754 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x4444d9 > Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff > ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 > RSP: 002b:00007fff6f4393b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > RAX: ffffffffffffffda RBX: 00007fff6f4393c0 RCX: 00000000004444d9 > RDX: 0000000020000440 RSI: 0000000000004b72 RDI: 0000000000000005 > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400da0 > R10: 00007fff6f438f00 R11: 0000000000000246 R12: 00000000004021e0 > R13: 0000000000402270 R14: 0000000000000000 R15: 0000000000000000 > > Allocated by task 9999: > save_stack+0x23/0x90 mm/kasan/common.c:71 > set_track mm/kasan/common.c:79 [inline] > __kasan_kmalloc mm/kasan/common.c:512 [inline] > __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:485 > kasan_kmalloc+0x9/0x10 mm/kasan/common.c:526 > __do_kmalloc mm/slab.c:3656 [inline] > __kmalloc+0x163/0x770 mm/slab.c:3665 > kmalloc include/linux/slab.h:561 [inline] > fbcon_set_font+0x32d/0x860 drivers/video/fbdev/core/fbcon.c:2663 > con_font_set drivers/tty/vt/vt.c:4538 [inline] > con_font_op+0xe18/0x1250 drivers/tty/vt/vt.c:4603 > vt_ioctl+0xd2e/0x26d0 drivers/tty/vt/vt_ioctl.c:913 > tty_ioctl+0xa37/0x14f0 drivers/tty/tty_io.c:2658 > vfs_ioctl fs/ioctl.c:47 [inline] > file_ioctl fs/ioctl.c:545 [inline] > do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732 > ksys_ioctl+0xab/0xd0 fs/ioctl.c:749 > __do_sys_ioctl fs/ioctl.c:756 [inline] > __se_sys_ioctl fs/ioctl.c:754 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > Freed by task 9771: > save_stack+0x23/0x90 mm/kasan/common.c:71 > set_track mm/kasan/common.c:79 [inline] > kasan_set_free_info mm/kasan/common.c:334 [inline] > __kasan_slab_free+0x102/0x150 mm/kasan/common.c:473 > kasan_slab_free+0xe/0x10 mm/kasan/common.c:482 > __cache_free mm/slab.c:3426 [inline] > kfree+0x10a/0x2c0 mm/slab.c:3757 > tomoyo_init_log+0x15c1/0x2070 security/tomoyo/audit.c:294 > tomoyo_supervisor+0x33f/0xef0 security/tomoyo/common.c:2095 > tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] > tomoyo_env_perm+0x18e/0x210 security/tomoyo/environ.c:63 > tomoyo_environ security/tomoyo/domain.c:670 [inline] > tomoyo_find_next_domain+0x1354/0x1f6c security/tomoyo/domain.c:876 > tomoyo_bprm_check_security security/tomoyo/tomoyo.c:107 [inline] > tomoyo_bprm_check_security+0x124/0x1a0 security/tomoyo/tomoyo.c:97 > security_bprm_check+0x63/0xb0 security/security.c:784 > search_binary_handler+0x71/0x570 fs/exec.c:1645 > exec_binprm fs/exec.c:1701 [inline] > __do_execve_file.isra.0+0x1329/0x22b0 fs/exec.c:1821 > do_execveat_common fs/exec.c:1867 [inline] > do_execve fs/exec.c:1884 [inline] > __do_sys_execve fs/exec.c:1960 [inline] > __se_sys_execve fs/exec.c:1955 [inline] > __x64_sys_execve+0x8f/0xc0 fs/exec.c:1955 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > The buggy address belongs to the object at ffff888094b0a000 > which belongs to the cache kmalloc-4k of size 4096 > The buggy address is located 2576 bytes inside of > 4096-byte region [ffff888094b0a000, ffff888094b0b000) > The buggy address belongs to the page: > page:ffffea000252c280 refcount:1 mapcount:0 mapping:ffff8880aa402000 > index:0x0 compound_mapcount: 0 > raw: 00fffe0000010200 ffffea0002a3ae08 ffffea0002a6aa88 ffff8880aa402000 > raw: 0000000000000000 ffff888094b0a000 0000000100000001 0000000000000000 > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > ffff888094b0a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ffff888094b0a980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > ffff888094b0aa00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ^ > ffff888094b0aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ffff888094b0ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ================================================================== > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Vetter Date: Tue, 03 Dec 2019 22:37:03 +0000 Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font Message-Id: List-Id: References: <0000000000002cfc3a0598d42b70@google.com> In-Reply-To: <0000000000002cfc3a0598d42b70@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: syzbot , Kentaro Takeda , Tetsuo Handa , James Morris , "Serge E. Hallyn" , linux-security-module Cc: Daniel Thompson , Bartlomiej Zolnierkiewicz , syzkaller-bugs , Linux Kernel Mailing List , dri-devel , ghalat@redhat.com, Linux Fbdev development list , Sam Ravnborg On Tue, Dec 3, 2019 at 11:25 PM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: 76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/= p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10bfe282e00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=DD226651cb0f364b > dashboard link: https://syzkaller.appspot.com/bug?extidD55ca3b3291de891abc > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11181edae00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105cbb7ae00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+4455ca3b3291de891abc@syzkaller.appspotmail.com > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:380 [inli= ne] > BUG: KASAN: slab-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 > drivers/video/fbdev/core/fbcon.c:2465 > Read of size 16 at addr ffff888094b0aa10 by task syz-executor414/9999 So fbcon allocates some memory, security/tomoyo goes around and frees it, fbcon goes boom because the memory is gone. I'm kinda leaning towards "not an fbcon bug". Adding relevant security folks and mailing lists. But from a very quick look in tomoyo it loosk more like "machine on fire, random corruption all over". No idea what's going on here. -Daniel > > CPU: 0 PID: 9999 Comm: syz-executor414 Not tainted 5.4.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x197/0x210 lib/dump_stack.c:118 > print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c= :374 > __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 > kasan_report+0x12/0x20 mm/kasan/common.c:638 > check_memory_region_inline mm/kasan/generic.c:185 [inline] > check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 > memcpy+0x24/0x50 mm/kasan/common.c:124 > memcpy include/linux/string.h:380 [inline] > fbcon_get_font+0x2b2/0x5e0 drivers/video/fbdev/core/fbcon.c:2465 > con_font_get drivers/tty/vt/vt.c:4446 [inline] > con_font_op+0x20b/0x1250 drivers/tty/vt/vt.c:4605 > vt_ioctl+0x181a/0x26d0 drivers/tty/vt/vt_ioctl.c:965 > tty_ioctl+0xa37/0x14f0 drivers/tty/tty_io.c:2658 > vfs_ioctl fs/ioctl.c:47 [inline] > file_ioctl fs/ioctl.c:545 [inline] > do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732 > ksys_ioctl+0xab/0xd0 fs/ioctl.c:749 > __do_sys_ioctl fs/ioctl.c:756 [inline] > __se_sys_ioctl fs/ioctl.c:754 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x4444d9 > Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff > ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 > RSP: 002b:00007fff6f4393b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > RAX: ffffffffffffffda RBX: 00007fff6f4393c0 RCX: 00000000004444d9 > RDX: 0000000020000440 RSI: 0000000000004b72 RDI: 0000000000000005 > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400da0 > R10: 00007fff6f438f00 R11: 0000000000000246 R12: 00000000004021e0 > R13: 0000000000402270 R14: 0000000000000000 R15: 0000000000000000 > > Allocated by task 9999: > save_stack+0x23/0x90 mm/kasan/common.c:71 > set_track mm/kasan/common.c:79 [inline] > __kasan_kmalloc mm/kasan/common.c:512 [inline] > __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:485 > kasan_kmalloc+0x9/0x10 mm/kasan/common.c:526 > __do_kmalloc mm/slab.c:3656 [inline] > __kmalloc+0x163/0x770 mm/slab.c:3665 > kmalloc include/linux/slab.h:561 [inline] > fbcon_set_font+0x32d/0x860 drivers/video/fbdev/core/fbcon.c:2663 > con_font_set drivers/tty/vt/vt.c:4538 [inline] > con_font_op+0xe18/0x1250 drivers/tty/vt/vt.c:4603 > vt_ioctl+0xd2e/0x26d0 drivers/tty/vt/vt_ioctl.c:913 > tty_ioctl+0xa37/0x14f0 drivers/tty/tty_io.c:2658 > vfs_ioctl fs/ioctl.c:47 [inline] > file_ioctl fs/ioctl.c:545 [inline] > do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732 > ksys_ioctl+0xab/0xd0 fs/ioctl.c:749 > __do_sys_ioctl fs/ioctl.c:756 [inline] > __se_sys_ioctl fs/ioctl.c:754 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > Freed by task 9771: > save_stack+0x23/0x90 mm/kasan/common.c:71 > set_track mm/kasan/common.c:79 [inline] > kasan_set_free_info mm/kasan/common.c:334 [inline] > __kasan_slab_free+0x102/0x150 mm/kasan/common.c:473 > kasan_slab_free+0xe/0x10 mm/kasan/common.c:482 > __cache_free mm/slab.c:3426 [inline] > kfree+0x10a/0x2c0 mm/slab.c:3757 > tomoyo_init_log+0x15c1/0x2070 security/tomoyo/audit.c:294 > tomoyo_supervisor+0x33f/0xef0 security/tomoyo/common.c:2095 > tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] > tomoyo_env_perm+0x18e/0x210 security/tomoyo/environ.c:63 > tomoyo_environ security/tomoyo/domain.c:670 [inline] > tomoyo_find_next_domain+0x1354/0x1f6c security/tomoyo/domain.c:876 > tomoyo_bprm_check_security security/tomoyo/tomoyo.c:107 [inline] > tomoyo_bprm_check_security+0x124/0x1a0 security/tomoyo/tomoyo.c:97 > security_bprm_check+0x63/0xb0 security/security.c:784 > search_binary_handler+0x71/0x570 fs/exec.c:1645 > exec_binprm fs/exec.c:1701 [inline] > __do_execve_file.isra.0+0x1329/0x22b0 fs/exec.c:1821 > do_execveat_common fs/exec.c:1867 [inline] > do_execve fs/exec.c:1884 [inline] > __do_sys_execve fs/exec.c:1960 [inline] > __se_sys_execve fs/exec.c:1955 [inline] > __x64_sys_execve+0x8f/0xc0 fs/exec.c:1955 > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > The buggy address belongs to the object at ffff888094b0a000 > which belongs to the cache kmalloc-4k of size 4096 > The buggy address is located 2576 bytes inside of > 4096-byte region [ffff888094b0a000, ffff888094b0b000) > The buggy address belongs to the page: > page:ffffea000252c280 refcount:1 mapcount:0 mapping:ffff8880aa402000 > index:0x0 compound_mapcount: 0 > raw: 00fffe0000010200 ffffea0002a3ae08 ffffea0002a6aa88 ffff8880aa402000 > raw: 0000000000000000 ffff888094b0a000 0000000100000001 0000000000000000 > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > ffff888094b0a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ffff888094b0a980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > ffff888094b0aa00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ^ > ffff888094b0aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ffff888094b0ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches --=20 Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06A92C432C0 for ; Tue, 3 Dec 2019 22:37:18 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D0EEE2073C for ; Tue, 3 Dec 2019 22:37:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D0EEE2073C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ffwll.ch Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 3AB686E862; Tue, 3 Dec 2019 22:37:17 +0000 (UTC) Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) by gabe.freedesktop.org (Postfix) with ESMTPS id CEB556E862 for ; Tue, 3 Dec 2019 22:37:15 +0000 (UTC) Received: by mail-ot1-x342.google.com with SMTP id r27so4499907otc.8 for ; Tue, 03 Dec 2019 14:37:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xqVaUbO/ym+vU3WCeVrWIW1JXkj6g9naxC6eTndGNHA=; b=XKa+amxbwqf4S0+jaIzpZecDbISpR354bLLuxvWfuVQm0ZRfgl4VyiG00RuRFx6bi2 81I2ZFsd2+QSvYNgM+XylTGYTukc085pqtcijoppAT3ha70M31NPugZFPOjKMXst3uQZ /5wacUjZHb5UUbjLm0haFSccwv1agueG10My0X499kBSL8+S/GCmFVtFtMajxasSOtfQ dr0CgiMrJVlEohVgzvChtCmKVOMio5mWRhdE8zHO7Jm4btH1bldVkUFlMOtCH4qy+S1X Kh7NZkq/DxHsuFwSfZ3E8ZwWshc9we756pkrhwRA6Y6aOT59xv66QH27rReuvTXo+gw0 8ziQ== X-Gm-Message-State: APjAAAX2+jursswScqmt960q8ZwcXY0rvU1XkYkC23vhj2qTQldgvmIF T0xfsrzg9KtKnhKD3Try4Xtw43j5QwqEYNAyU3Y0rA== X-Google-Smtp-Source: APXvYqz335dcpVO3AFakExAzrWfwUzkTzGIElQI1GUgeB/Swk+O2wfTx7JlUxFqy9NI80IFhbKgKHuqauXtAYwkgJWI= X-Received: by 2002:a9d:1b4b:: with SMTP id l69mr152478otl.303.1575412634848; Tue, 03 Dec 2019 14:37:14 -0800 (PST) MIME-Version: 1.0 References: <0000000000002cfc3a0598d42b70@google.com> In-Reply-To: <0000000000002cfc3a0598d42b70@google.com> From: Daniel Vetter Date: Tue, 3 Dec 2019 23:37:03 +0100 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in fbcon_get_font To: syzbot , Kentaro Takeda , Tetsuo Handa , James Morris , "Serge E. Hallyn" , linux-security-module X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xqVaUbO/ym+vU3WCeVrWIW1JXkj6g9naxC6eTndGNHA=; b=f1+WC+TScutD7mihmQFo1XtA+yE7l8DbZULaZO2Yhgg8yHFVo73LD1kejD3DqDtPL9 pdMO3ax5XBNmkz+ezfp4JhE5cKm8UA9qZCdy7oj4KDAqB6rISxiUF6bpavflpjo6qirj qIGg6nIqTQqMlaOxQvUmCqfLiKx8hiu2erGBQ= X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Thompson , Bartlomiej Zolnierkiewicz , syzkaller-bugs , Linux Kernel Mailing List , dri-devel , ghalat@redhat.com, Linux Fbdev development list , Sam Ravnborg Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" T24gVHVlLCBEZWMgMywgMjAxOSBhdCAxMToyNSBQTSBzeXpib3QKPHN5emJvdCs0NDU1Y2EzYjMy OTFkZTg5MWFiY0BzeXprYWxsZXIuYXBwc3BvdG1haWwuY29tPiB3cm90ZToKPgo+IEhlbGxvLAo+ Cj4gc3l6Ym90IGZvdW5kIHRoZSBmb2xsb3dpbmcgY3Jhc2ggb246Cj4KPiBIRUFEIGNvbW1pdDog ICAgNzZiYjhiMDUgTWVyZ2UgdGFnICdrYnVpbGQtdjUuNScgb2YgZ2l0Oi8vZ2l0Lmtlcm5lbC5v cmcvcC4uCj4gZ2l0IHRyZWU6ICAgICAgIHVwc3RyZWFtCj4gY29uc29sZSBvdXRwdXQ6IGh0dHBz Oi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvbG9nLnR4dD94PTEwYmZlMjgyZTAwMDAwCj4ga2Vy bmVsIGNvbmZpZzogIGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvLmNvbmZpZz94PWRk MjI2NjUxY2IwZjM2NGIKPiBkYXNoYm9hcmQgbGluazogaHR0cHM6Ly9zeXprYWxsZXIuYXBwc3Bv dC5jb20vYnVnP2V4dGlkPTQ0NTVjYTNiMzI5MWRlODkxYWJjCj4gY29tcGlsZXI6ICAgICAgIGdj YyAoR0NDKSA5LjAuMCAyMDE4MTIzMSAoZXhwZXJpbWVudGFsKQo+IHN5eiByZXBybzogICAgICBo dHRwczovL3N5emthbGxlci5hcHBzcG90LmNvbS94L3JlcHJvLnN5ej94PTExMTgxZWRhZTAwMDAw Cj4gQyByZXByb2R1Y2VyOiAgIGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvcmVwcm8u Yz94PTEwNWNiYjdhZTAwMDAwCj4KPiBJTVBPUlRBTlQ6IGlmIHlvdSBmaXggdGhlIGJ1ZywgcGxl YXNlIGFkZCB0aGUgZm9sbG93aW5nIHRhZyB0byB0aGUgY29tbWl0Ogo+IFJlcG9ydGVkLWJ5OiBz eXpib3QrNDQ1NWNhM2IzMjkxZGU4OTFhYmNAc3l6a2FsbGVyLmFwcHNwb3RtYWlsLmNvbQo+Cj4g PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Cj4gQlVHOiBLQVNBTjogc2xhYi1vdXQtb2YtYm91bmRzIGluIG1lbWNweSBpbmNs dWRlL2xpbnV4L3N0cmluZy5oOjM4MCBbaW5saW5lXQo+IEJVRzogS0FTQU46IHNsYWItb3V0LW9m LWJvdW5kcyBpbiBmYmNvbl9nZXRfZm9udCsweDJiMi8weDVlMAo+IGRyaXZlcnMvdmlkZW8vZmJk ZXYvY29yZS9mYmNvbi5jOjI0NjUKPiBSZWFkIG9mIHNpemUgMTYgYXQgYWRkciBmZmZmODg4MDk0 YjBhYTEwIGJ5IHRhc2sgc3l6LWV4ZWN1dG9yNDE0Lzk5OTkKClNvIGZiY29uIGFsbG9jYXRlcyBz b21lIG1lbW9yeSwgc2VjdXJpdHkvdG9tb3lvIGdvZXMgYXJvdW5kIGFuZCBmcmVlcwppdCwgZmJj b24gZ29lcyBib29tIGJlY2F1c2UgdGhlIG1lbW9yeSBpcyBnb25lLiBJJ20ga2luZGEgbGVhbmlu Zwp0b3dhcmRzICJub3QgYW4gZmJjb24gYnVnIi4gQWRkaW5nIHJlbGV2YW50IHNlY3VyaXR5IGZv bGtzIGFuZCBtYWlsaW5nCmxpc3RzLgoKQnV0IGZyb20gYSB2ZXJ5IHF1aWNrIGxvb2sgaW4gdG9t b3lvIGl0IGxvb3NrIG1vcmUgbGlrZSAibWFjaGluZSBvbgpmaXJlLCByYW5kb20gY29ycnVwdGlv biBhbGwgb3ZlciIuIE5vIGlkZWEgd2hhdCdzIGdvaW5nIG9uIGhlcmUuCi1EYW5pZWwKCgo+Cj4g Q1BVOiAwIFBJRDogOTk5OSBDb21tOiBzeXotZXhlY3V0b3I0MTQgTm90IHRhaW50ZWQgNS40LjAt c3l6a2FsbGVyICMwCj4gSGFyZHdhcmUgbmFtZTogR29vZ2xlIEdvb2dsZSBDb21wdXRlIEVuZ2lu ZS9Hb29nbGUgQ29tcHV0ZSBFbmdpbmUsIEJJT1MKPiBHb29nbGUgMDEvMDEvMjAxMQo+IENhbGwg VHJhY2U6Cj4gICBfX2R1bXBfc3RhY2sgbGliL2R1bXBfc3RhY2suYzo3NyBbaW5saW5lXQo+ICAg ZHVtcF9zdGFjaysweDE5Ny8weDIxMCBsaWIvZHVtcF9zdGFjay5jOjExOAo+ICAgcHJpbnRfYWRk cmVzc19kZXNjcmlwdGlvbi5jb25zdHByb3AuMC5jb2xkKzB4ZDQvMHgzMGIgbW0va2FzYW4vcmVw b3J0LmM6Mzc0Cj4gICBfX2thc2FuX3JlcG9ydC5jb2xkKzB4MWIvMHg0MSBtbS9rYXNhbi9yZXBv cnQuYzo1MDYKPiAgIGthc2FuX3JlcG9ydCsweDEyLzB4MjAgbW0va2FzYW4vY29tbW9uLmM6NjM4 Cj4gICBjaGVja19tZW1vcnlfcmVnaW9uX2lubGluZSBtbS9rYXNhbi9nZW5lcmljLmM6MTg1IFtp bmxpbmVdCj4gICBjaGVja19tZW1vcnlfcmVnaW9uKzB4MTM0LzB4MWEwIG1tL2thc2FuL2dlbmVy aWMuYzoxOTIKPiAgIG1lbWNweSsweDI0LzB4NTAgbW0va2FzYW4vY29tbW9uLmM6MTI0Cj4gICBt ZW1jcHkgaW5jbHVkZS9saW51eC9zdHJpbmcuaDozODAgW2lubGluZV0KPiAgIGZiY29uX2dldF9m b250KzB4MmIyLzB4NWUwIGRyaXZlcnMvdmlkZW8vZmJkZXYvY29yZS9mYmNvbi5jOjI0NjUKPiAg IGNvbl9mb250X2dldCBkcml2ZXJzL3R0eS92dC92dC5jOjQ0NDYgW2lubGluZV0KPiAgIGNvbl9m b250X29wKzB4MjBiLzB4MTI1MCBkcml2ZXJzL3R0eS92dC92dC5jOjQ2MDUKPiAgIHZ0X2lvY3Rs KzB4MTgxYS8weDI2ZDAgZHJpdmVycy90dHkvdnQvdnRfaW9jdGwuYzo5NjUKPiAgIHR0eV9pb2N0 bCsweGEzNy8weDE0ZjAgZHJpdmVycy90dHkvdHR5X2lvLmM6MjY1OAo+ICAgdmZzX2lvY3RsIGZz L2lvY3RsLmM6NDcgW2lubGluZV0KPiAgIGZpbGVfaW9jdGwgZnMvaW9jdGwuYzo1NDUgW2lubGlu ZV0KPiAgIGRvX3Zmc19pb2N0bCsweDk3Ny8weDE0ZTAgZnMvaW9jdGwuYzo3MzIKPiAgIGtzeXNf aW9jdGwrMHhhYi8weGQwIGZzL2lvY3RsLmM6NzQ5Cj4gICBfX2RvX3N5c19pb2N0bCBmcy9pb2N0 bC5jOjc1NiBbaW5saW5lXQo+ICAgX19zZV9zeXNfaW9jdGwgZnMvaW9jdGwuYzo3NTQgW2lubGlu ZV0KPiAgIF9feDY0X3N5c19pb2N0bCsweDczLzB4YjAgZnMvaW9jdGwuYzo3NTQKPiAgIGRvX3N5 c2NhbGxfNjQrMHhmYS8weDc5MCBhcmNoL3g4Ni9lbnRyeS9jb21tb24uYzoyOTQKPiAgIGVudHJ5 X1NZU0NBTExfNjRfYWZ0ZXJfaHdmcmFtZSsweDQ5LzB4YmUKPiBSSVA6IDAwMzM6MHg0NDQ0ZDkK PiBDb2RlOiAxOCA4OSBkMCBjMyA2NiAyZSAwZiAxZiA4NCAwMCAwMCAwMCAwMCAwMCAwZiAxZiAw MCA0OCA4OSBmOCA0OCA4OSBmNwo+IDQ4IDg5IGQ2IDQ4IDg5IGNhIDRkIDg5IGMyIDRkIDg5IGM4 IDRjIDhiIDRjIDI0IDA4IDBmIDA1IDw0OD4gM2QgMDEgZjAgZmYKPiBmZiAwZiA4MyA3YiBkOCBm YiBmZiBjMyA2NiAyZSAwZiAxZiA4NCAwMCAwMCAwMCAwMAo+IFJTUDogMDAyYjowMDAwN2ZmZjZm NDM5M2I4IEVGTEFHUzogMDAwMDAyNDYgT1JJR19SQVg6IDAwMDAwMDAwMDAwMDAwMTAKPiBSQVg6 IGZmZmZmZmZmZmZmZmZmZGEgUkJYOiAwMDAwN2ZmZjZmNDM5M2MwIFJDWDogMDAwMDAwMDAwMDQ0 NDRkOQo+IFJEWDogMDAwMDAwMDAyMDAwMDQ0MCBSU0k6IDAwMDAwMDAwMDAwMDRiNzIgUkRJOiAw MDAwMDAwMDAwMDAwMDA1Cj4gUkJQOiAwMDAwMDAwMDAwMDAwMDAwIFIwODogMDAwMDAwMDAwMDAw MDAwMCBSMDk6IDAwMDAwMDAwMDA0MDBkYTAKPiBSMTA6IDAwMDA3ZmZmNmY0MzhmMDAgUjExOiAw MDAwMDAwMDAwMDAwMjQ2IFIxMjogMDAwMDAwMDAwMDQwMjFlMAo+IFIxMzogMDAwMDAwMDAwMDQw MjI3MCBSMTQ6IDAwMDAwMDAwMDAwMDAwMDAgUjE1OiAwMDAwMDAwMDAwMDAwMDAwCj4KPiBBbGxv Y2F0ZWQgYnkgdGFzayA5OTk5Ogo+ICAgc2F2ZV9zdGFjaysweDIzLzB4OTAgbW0va2FzYW4vY29t bW9uLmM6NzEKPiAgIHNldF90cmFjayBtbS9rYXNhbi9jb21tb24uYzo3OSBbaW5saW5lXQo+ICAg X19rYXNhbl9rbWFsbG9jIG1tL2thc2FuL2NvbW1vbi5jOjUxMiBbaW5saW5lXQo+ICAgX19rYXNh bl9rbWFsbG9jLmNvbnN0cHJvcC4wKzB4Y2YvMHhlMCBtbS9rYXNhbi9jb21tb24uYzo0ODUKPiAg IGthc2FuX2ttYWxsb2MrMHg5LzB4MTAgbW0va2FzYW4vY29tbW9uLmM6NTI2Cj4gICBfX2RvX2tt YWxsb2MgbW0vc2xhYi5jOjM2NTYgW2lubGluZV0KPiAgIF9fa21hbGxvYysweDE2My8weDc3MCBt bS9zbGFiLmM6MzY2NQo+ICAga21hbGxvYyBpbmNsdWRlL2xpbnV4L3NsYWIuaDo1NjEgW2lubGlu ZV0KPiAgIGZiY29uX3NldF9mb250KzB4MzJkLzB4ODYwIGRyaXZlcnMvdmlkZW8vZmJkZXYvY29y ZS9mYmNvbi5jOjI2NjMKPiAgIGNvbl9mb250X3NldCBkcml2ZXJzL3R0eS92dC92dC5jOjQ1Mzgg W2lubGluZV0KPiAgIGNvbl9mb250X29wKzB4ZTE4LzB4MTI1MCBkcml2ZXJzL3R0eS92dC92dC5j OjQ2MDMKPiAgIHZ0X2lvY3RsKzB4ZDJlLzB4MjZkMCBkcml2ZXJzL3R0eS92dC92dF9pb2N0bC5j OjkxMwo+ICAgdHR5X2lvY3RsKzB4YTM3LzB4MTRmMCBkcml2ZXJzL3R0eS90dHlfaW8uYzoyNjU4 Cj4gICB2ZnNfaW9jdGwgZnMvaW9jdGwuYzo0NyBbaW5saW5lXQo+ICAgZmlsZV9pb2N0bCBmcy9p b2N0bC5jOjU0NSBbaW5saW5lXQo+ICAgZG9fdmZzX2lvY3RsKzB4OTc3LzB4MTRlMCBmcy9pb2N0 bC5jOjczMgo+ICAga3N5c19pb2N0bCsweGFiLzB4ZDAgZnMvaW9jdGwuYzo3NDkKPiAgIF9fZG9f c3lzX2lvY3RsIGZzL2lvY3RsLmM6NzU2IFtpbmxpbmVdCj4gICBfX3NlX3N5c19pb2N0bCBmcy9p b2N0bC5jOjc1NCBbaW5saW5lXQo+ICAgX194NjRfc3lzX2lvY3RsKzB4NzMvMHhiMCBmcy9pb2N0 bC5jOjc1NAo+ICAgZG9fc3lzY2FsbF82NCsweGZhLzB4NzkwIGFyY2gveDg2L2VudHJ5L2NvbW1v bi5jOjI5NAo+ICAgZW50cnlfU1lTQ0FMTF82NF9hZnRlcl9od2ZyYW1lKzB4NDkvMHhiZQo+Cj4g RnJlZWQgYnkgdGFzayA5NzcxOgo+ICAgc2F2ZV9zdGFjaysweDIzLzB4OTAgbW0va2FzYW4vY29t bW9uLmM6NzEKPiAgIHNldF90cmFjayBtbS9rYXNhbi9jb21tb24uYzo3OSBbaW5saW5lXQo+ICAg a2FzYW5fc2V0X2ZyZWVfaW5mbyBtbS9rYXNhbi9jb21tb24uYzozMzQgW2lubGluZV0KPiAgIF9f a2FzYW5fc2xhYl9mcmVlKzB4MTAyLzB4MTUwIG1tL2thc2FuL2NvbW1vbi5jOjQ3Mwo+ICAga2Fz YW5fc2xhYl9mcmVlKzB4ZS8weDEwIG1tL2thc2FuL2NvbW1vbi5jOjQ4Mgo+ICAgX19jYWNoZV9m cmVlIG1tL3NsYWIuYzozNDI2IFtpbmxpbmVdCj4gICBrZnJlZSsweDEwYS8weDJjMCBtbS9zbGFi LmM6Mzc1Nwo+ICAgdG9tb3lvX2luaXRfbG9nKzB4MTVjMS8weDIwNzAgc2VjdXJpdHkvdG9tb3lv L2F1ZGl0LmM6Mjk0Cj4gICB0b21veW9fc3VwZXJ2aXNvcisweDMzZi8weGVmMCBzZWN1cml0eS90 b21veW8vY29tbW9uLmM6MjA5NQo+ICAgdG9tb3lvX2F1ZGl0X2Vudl9sb2cgc2VjdXJpdHkvdG9t b3lvL2Vudmlyb24uYzozNiBbaW5saW5lXQo+ICAgdG9tb3lvX2Vudl9wZXJtKzB4MThlLzB4MjEw IHNlY3VyaXR5L3RvbW95by9lbnZpcm9uLmM6NjMKPiAgIHRvbW95b19lbnZpcm9uIHNlY3VyaXR5 L3RvbW95by9kb21haW4uYzo2NzAgW2lubGluZV0KPiAgIHRvbW95b19maW5kX25leHRfZG9tYWlu KzB4MTM1NC8weDFmNmMgc2VjdXJpdHkvdG9tb3lvL2RvbWFpbi5jOjg3Ngo+ICAgdG9tb3lvX2Jw cm1fY2hlY2tfc2VjdXJpdHkgc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jOjEwNyBbaW5saW5lXQo+ ICAgdG9tb3lvX2Jwcm1fY2hlY2tfc2VjdXJpdHkrMHgxMjQvMHgxYTAgc2VjdXJpdHkvdG9tb3lv L3RvbW95by5jOjk3Cj4gICBzZWN1cml0eV9icHJtX2NoZWNrKzB4NjMvMHhiMCBzZWN1cml0eS9z ZWN1cml0eS5jOjc4NAo+ICAgc2VhcmNoX2JpbmFyeV9oYW5kbGVyKzB4NzEvMHg1NzAgZnMvZXhl Yy5jOjE2NDUKPiAgIGV4ZWNfYmlucHJtIGZzL2V4ZWMuYzoxNzAxIFtpbmxpbmVdCj4gICBfX2Rv X2V4ZWN2ZV9maWxlLmlzcmEuMCsweDEzMjkvMHgyMmIwIGZzL2V4ZWMuYzoxODIxCj4gICBkb19l eGVjdmVhdF9jb21tb24gZnMvZXhlYy5jOjE4NjcgW2lubGluZV0KPiAgIGRvX2V4ZWN2ZSBmcy9l eGVjLmM6MTg4NCBbaW5saW5lXQo+ICAgX19kb19zeXNfZXhlY3ZlIGZzL2V4ZWMuYzoxOTYwIFtp bmxpbmVdCj4gICBfX3NlX3N5c19leGVjdmUgZnMvZXhlYy5jOjE5NTUgW2lubGluZV0KPiAgIF9f eDY0X3N5c19leGVjdmUrMHg4Zi8weGMwIGZzL2V4ZWMuYzoxOTU1Cj4gICBkb19zeXNjYWxsXzY0 KzB4ZmEvMHg3OTAgYXJjaC94ODYvZW50cnkvY29tbW9uLmM6Mjk0Cj4gICBlbnRyeV9TWVNDQUxM XzY0X2FmdGVyX2h3ZnJhbWUrMHg0OS8weGJlCj4KPiBUaGUgYnVnZ3kgYWRkcmVzcyBiZWxvbmdz IHRvIHRoZSBvYmplY3QgYXQgZmZmZjg4ODA5NGIwYTAwMAo+ICAgd2hpY2ggYmVsb25ncyB0byB0 aGUgY2FjaGUga21hbGxvYy00ayBvZiBzaXplIDQwOTYKPiBUaGUgYnVnZ3kgYWRkcmVzcyBpcyBs b2NhdGVkIDI1NzYgYnl0ZXMgaW5zaWRlIG9mCj4gICA0MDk2LWJ5dGUgcmVnaW9uIFtmZmZmODg4 MDk0YjBhMDAwLCBmZmZmODg4MDk0YjBiMDAwKQo+IFRoZSBidWdneSBhZGRyZXNzIGJlbG9uZ3Mg dG8gdGhlIHBhZ2U6Cj4gcGFnZTpmZmZmZWEwMDAyNTJjMjgwIHJlZmNvdW50OjEgbWFwY291bnQ6 MCBtYXBwaW5nOmZmZmY4ODgwYWE0MDIwMDAKPiBpbmRleDoweDAgY29tcG91bmRfbWFwY291bnQ6 IDAKPiByYXc6IDAwZmZmZTAwMDAwMTAyMDAgZmZmZmVhMDAwMmEzYWUwOCBmZmZmZWEwMDAyYTZh YTg4IGZmZmY4ODgwYWE0MDIwMDAKPiByYXc6IDAwMDAwMDAwMDAwMDAwMDAgZmZmZjg4ODA5NGIw YTAwMCAwMDAwMDAwMTAwMDAwMDAxIDAwMDAwMDAwMDAwMDAwMDAKPiBwYWdlIGR1bXBlZCBiZWNh dXNlOiBrYXNhbjogYmFkIGFjY2VzcyBkZXRlY3RlZAo+Cj4gTWVtb3J5IHN0YXRlIGFyb3VuZCB0 aGUgYnVnZ3kgYWRkcmVzczoKPiAgIGZmZmY4ODgwOTRiMGE5MDA6IDAwIDAwIDAwIDAwIDAwIDAw IDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwCj4gICBmZmZmODg4MDk0YjBhOTgwOiAwMCAw MCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMAo+ID4gZmZmZjg4ODA5 NGIwYWEwMDogMDAgMDAgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMK PiAgICAgICAgICAgICAgICAgICAgICAgICAgIF4KPiAgIGZmZmY4ODgwOTRiMGFhODA6IGZjIGZj IGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjCj4gICBmZmZmODg4MDk0 YjBhYjAwOiBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYwo+ ID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQo+Cj4KPiAtLS0KPiBUaGlzIGJ1ZyBpcyBnZW5lcmF0ZWQgYnkgYSBib3QuIEl0 IG1heSBjb250YWluIGVycm9ycy4KPiBTZWUgaHR0cHM6Ly9nb28uZ2wvdHBzbUVKIGZvciBtb3Jl IGluZm9ybWF0aW9uIGFib3V0IHN5emJvdC4KPiBzeXpib3QgZW5naW5lZXJzIGNhbiBiZSByZWFj aGVkIGF0IHN5emthbGxlckBnb29nbGVncm91cHMuY29tLgo+Cj4gc3l6Ym90IHdpbGwga2VlcCB0 cmFjayBvZiB0aGlzIGJ1ZyByZXBvcnQuIFNlZToKPiBodHRwczovL2dvby5nbC90cHNtRUojc3Rh dHVzIGZvciBob3cgdG8gY29tbXVuaWNhdGUgd2l0aCBzeXpib3QuCj4gc3l6Ym90IGNhbiB0ZXN0 IHBhdGNoZXMgZm9yIHRoaXMgYnVnLCBmb3IgZGV0YWlscyBzZWU6Cj4gaHR0cHM6Ly9nb28uZ2wv dHBzbUVKI3Rlc3RpbmctcGF0Y2hlcwoKCgotLSAKRGFuaWVsIFZldHRlcgpTb2Z0d2FyZSBFbmdp bmVlciwgSW50ZWwgQ29ycG9yYXRpb24KKzQxICgwKSA3OSAzNjUgNTcgNDggLSBodHRwOi8vYmxv Zy5mZndsbC5jaApfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3RvcC5vcmcK aHR0cHM6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWw=