Calling pnfs_put_lset on an IS_ERR pointer results in a NULL pointer
dereference like the one below. fl_pnfs_update_layout()'s output is
checked after each call so it doesn't seem that it should try to handle
these errors on it's own.
[ 3000.636161] BUG: unable to handle kernel NULL pointer dereference at 000000000000003c
[ 3000.636970] IP: pnfs_put_lseg+0x29/0x100 [nfsv4]
[ 3000.637420] PGD 4f23b067
[ 3000.637421] PUD 4a0f4067
[ 3000.637679] PMD 0
[ 3000.637937]
[ 3000.638287] Oops: 0000 [#1] SMP
[ 3000.638591] Modules linked in: nfs_layout_nfsv41_files nfsv3 nfnetlink_queue nfnetlink_log nfnetlink bluetooth rfkill rpcsec_gss_krb5 nfsv4 nfs fscache binfmt_misc arc4 md4 nls_utf8 cifs ccm dns_resolver rpcrdma ib_isert iscsi_target_mod ib_iser rdma_cm iw_cm libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib ib_ucm ib_uverbs ib_umad ib_cm ib_core nls_koi8_u nls_cp932 ts_kmp nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcspkr virtio_balloon ppdev virtio_rng parport_pc i2c_piix4 parport acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc xfs libcrc32c ata_generic pata_acpi virtio_blk virtio_net cirrus drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops crc32c_intel ata_piix ttm libata drm serio_raw
[ 3000.645245] i2c_core virtio_pci virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: xt_u32]
[ 3000.646360] CPU: 1 PID: 26402 Comm: date Not tainted 4.11.0-rc7.1.el7.test.x86_64 #1
[ 3000.647092] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3000.647638] task: ffff8800415ada00 task.stack: ffffc90000ff0000
[ 3000.648207] RIP: 0010:pnfs_put_lseg+0x29/0x100 [nfsv4]
[ 3000.648696] RSP: 0018:ffffc90000ff39b8 EFLAGS: 00010246
[ 3000.649193] RAX: 0000000000000000 RBX: fffffffffffffff4 RCX: 00000000000d43be
[ 3000.649859] RDX: 00000000000d43bd RSI: 0000000000000000 RDI: fffffffffffffff4
[ 3000.650530] RBP: ffffc90000ff39d8 R08: 000000000001e320 R09: ffffffffa05c35ce
[ 3000.651203] R10: ffff88007fd1e320 R11: ffffea0001283d80 R12: 0000000001400040
[ 3000.651875] R13: ffff88004f77d9f0 R14: ffffc90000ff3cd8 R15: ffff8800417ade00
[ 3000.652546] FS: 00007fac4d5cd740(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
[ 3000.653304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3000.653849] CR2: 000000000000003c CR3: 000000004f080000 CR4: 00000000000406e0
[ 3000.654527] Call Trace:
[ 3000.654771] fl_pnfs_update_layout.constprop.20+0x10c/0x150 [nfs_layout_nfsv41_files]
[ 3000.655505] filelayout_pg_init_write+0x21d/0x270 [nfs_layout_nfsv41_files]
[ 3000.656195] __nfs_pageio_add_request+0x11c/0x490 [nfs]
[ 3000.656698] nfs_pageio_add_request+0xac/0x260 [nfs]
[ 3000.657180] nfs_do_writepage+0x109/0x2e0 [nfs]
[ 3000.657616] nfs_writepages_callback+0x16/0x30 [nfs]
[ 3000.658096] write_cache_pages+0x26f/0x510
[ 3000.658495] ? nfs_do_writepage+0x2e0/0x2e0 [nfs]
[ 3000.658946] ? _raw_spin_unlock_bh+0x1e/0x20
[ 3000.659357] ? wb_wakeup_delayed+0x5f/0x70
[ 3000.659748] ? __mark_inode_dirty+0x2eb/0x360
[ 3000.660170] nfs_writepages+0x84/0xd0 [nfs]
[ 3000.660575] ? nfs_updatepage+0x571/0xb70 [nfs]
[ 3000.661012] do_writepages+0x1e/0x30
[ 3000.661358] __filemap_fdatawrite_range+0xc6/0x100
[ 3000.661819] filemap_write_and_wait_range+0x41/0x90
[ 3000.662292] nfs_file_fsync+0x34/0x1f0 [nfs]
[ 3000.662704] vfs_fsync_range+0x3d/0xb0
[ 3000.663065] vfs_fsync+0x1c/0x20
[ 3000.663385] nfs4_file_flush+0x57/0x80 [nfsv4]
[ 3000.663813] filp_close+0x2f/0x70
[ 3000.664132] __close_fd+0x9a/0xc0
[ 3000.664453] SyS_close+0x23/0x50
[ 3000.664785] do_syscall_64+0x67/0x180
[ 3000.665162] entry_SYSCALL64_slow_path+0x25/0x25
[ 3000.665600] RIP: 0033:0x7fac4d0e1e90
[ 3000.665946] RSP: 002b:00007ffd54e90c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 3000.666679] RAX: ffffffffffffffda RBX: 00007fac4d3b5400 RCX: 00007fac4d0e1e90
[ 3000.667349] RDX: 0000000000000000 RSI: 00007fac4d5d9000 RDI: 0000000000000001
[ 3000.668031] RBP: 0000000000000000 R08: 00007fac4d3b6a00 R09: 00007fac4d5cd740
[ 3000.668709] R10: 00007ffd54e909e0 R11: 0000000000000246 R12: 0000000000000000
[ 3000.669385] R13: 00007fac4d3b5e80 R14: 0000000000000000 R15: 0000000000000000
[ 3000.670061] Code: 00 00 66 66 66 66 90 55 48 85 ff 48 89 e5 41 56 41 55 41 54 53 48 89 fb 0f 84 97 00 00 00 f6 05 16 8f bc ff 10 0f 85 a6 00 00 00 <4c> 8b 63 48 48 8d 7b 38 49 8b 84 24 90 00 00 00 4c 8d a8 88 00
[ 3000.671831] RIP: pnfs_put_lseg+0x29/0x100 [nfsv4] RSP: ffffc90000ff39b8
[ 3000.672462] CR2: 000000000000003c
Signed-off-by: Artem Savkov <[email protected]>
---
fs/nfs/filelayout/filelayout.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
index acd30ba..a53d1b7 100644
--- a/fs/nfs/filelayout/filelayout.c
+++ b/fs/nfs/filelayout/filelayout.c
@@ -924,8 +924,6 @@ fl_pnfs_update_layout(struct inode *ino,
if (status)
lseg = ERR_PTR(status);
out:
- if (IS_ERR(lseg))
- pnfs_put_lseg(lseg);
return lseg;
}
--
2.7.4
Calling pnfs_put_lset on an IS_ERR pointer results in a NULL pointer
dereference like the one below. At the same time the check of retvalue
of filelayout_check_deviceid() sets lseg to error, but does not free it
before that.
[ 3000.636161] BUG: unable to handle kernel NULL pointer dereference at 000000000000003c
[ 3000.636970] IP: pnfs_put_lseg+0x29/0x100 [nfsv4]
[ 3000.637420] PGD 4f23b067
[ 3000.637421] PUD 4a0f4067
[ 3000.637679] PMD 0
[ 3000.637937]
[ 3000.638287] Oops: 0000 [#1] SMP
[ 3000.638591] Modules linked in: nfs_layout_nfsv41_files nfsv3 nfnetlink_queue nfnetlink_log nfnetlink bluetooth rfkill rpcsec_gss_krb5 nfsv4 nfs fscache binfmt_misc arc4 md4 nls_utf8 cifs ccm dns_resolver rpcrdma ib_isert iscsi_target_mod ib_iser rdma_cm iw_cm libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib ib_ucm ib_uverbs ib_umad ib_cm ib_core nls_koi8_u nls_cp932 ts_kmp nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcspkr virtio_balloon ppdev virtio_rng parport_pc i2c_piix4 parport acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc xfs libcrc32c ata_generic pata_acpi virtio_blk virtio_net cirrus drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops crc32c_intel ata_piix ttm libata drm serio_raw
[ 3000.645245] i2c_core virtio_pci virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: xt_u32]
[ 3000.646360] CPU: 1 PID: 26402 Comm: date Not tainted 4.11.0-rc7.1.el7.test.x86_64 #1
[ 3000.647092] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3000.647638] task: ffff8800415ada00 task.stack: ffffc90000ff0000
[ 3000.648207] RIP: 0010:pnfs_put_lseg+0x29/0x100 [nfsv4]
[ 3000.648696] RSP: 0018:ffffc90000ff39b8 EFLAGS: 00010246
[ 3000.649193] RAX: 0000000000000000 RBX: fffffffffffffff4 RCX: 00000000000d43be
[ 3000.649859] RDX: 00000000000d43bd RSI: 0000000000000000 RDI: fffffffffffffff4
[ 3000.650530] RBP: ffffc90000ff39d8 R08: 000000000001e320 R09: ffffffffa05c35ce
[ 3000.651203] R10: ffff88007fd1e320 R11: ffffea0001283d80 R12: 0000000001400040
[ 3000.651875] R13: ffff88004f77d9f0 R14: ffffc90000ff3cd8 R15: ffff8800417ade00
[ 3000.652546] FS: 00007fac4d5cd740(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
[ 3000.653304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3000.653849] CR2: 000000000000003c CR3: 000000004f080000 CR4: 00000000000406e0
[ 3000.654527] Call Trace:
[ 3000.654771] fl_pnfs_update_layout.constprop.20+0x10c/0x150 [nfs_layout_nfsv41_files]
[ 3000.655505] filelayout_pg_init_write+0x21d/0x270 [nfs_layout_nfsv41_files]
[ 3000.656195] __nfs_pageio_add_request+0x11c/0x490 [nfs]
[ 3000.656698] nfs_pageio_add_request+0xac/0x260 [nfs]
[ 3000.657180] nfs_do_writepage+0x109/0x2e0 [nfs]
[ 3000.657616] nfs_writepages_callback+0x16/0x30 [nfs]
[ 3000.658096] write_cache_pages+0x26f/0x510
[ 3000.658495] ? nfs_do_writepage+0x2e0/0x2e0 [nfs]
[ 3000.658946] ? _raw_spin_unlock_bh+0x1e/0x20
[ 3000.659357] ? wb_wakeup_delayed+0x5f/0x70
[ 3000.659748] ? __mark_inode_dirty+0x2eb/0x360
[ 3000.660170] nfs_writepages+0x84/0xd0 [nfs]
[ 3000.660575] ? nfs_updatepage+0x571/0xb70 [nfs]
[ 3000.661012] do_writepages+0x1e/0x30
[ 3000.661358] __filemap_fdatawrite_range+0xc6/0x100
[ 3000.661819] filemap_write_and_wait_range+0x41/0x90
[ 3000.662292] nfs_file_fsync+0x34/0x1f0 [nfs]
[ 3000.662704] vfs_fsync_range+0x3d/0xb0
[ 3000.663065] vfs_fsync+0x1c/0x20
[ 3000.663385] nfs4_file_flush+0x57/0x80 [nfsv4]
[ 3000.663813] filp_close+0x2f/0x70
[ 3000.664132] __close_fd+0x9a/0xc0
[ 3000.664453] SyS_close+0x23/0x50
[ 3000.664785] do_syscall_64+0x67/0x180
[ 3000.665162] entry_SYSCALL64_slow_path+0x25/0x25
[ 3000.665600] RIP: 0033:0x7fac4d0e1e90
[ 3000.665946] RSP: 002b:00007ffd54e90c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 3000.666679] RAX: ffffffffffffffda RBX: 00007fac4d3b5400 RCX: 00007fac4d0e1e90
[ 3000.667349] RDX: 0000000000000000 RSI: 00007fac4d5d9000 RDI: 0000000000000001
[ 3000.668031] RBP: 0000000000000000 R08: 00007fac4d3b6a00 R09: 00007fac4d5cd740
[ 3000.668709] R10: 00007ffd54e909e0 R11: 0000000000000246 R12: 0000000000000000
[ 3000.669385] R13: 00007fac4d3b5e80 R14: 0000000000000000 R15: 0000000000000000
[ 3000.670061] Code: 00 00 66 66 66 66 90 55 48 85 ff 48 89 e5 41 56 41 55 41 54 53 48 89 fb 0f 84 97 00 00 00 f6 05 16 8f bc ff 10 0f 85 a6 00 00 00 <4c> 8b 63 48 48 8d 7b 38 49 8b 84 24 90 00 00 00 4c 8d a8 88 00
[ 3000.671831] RIP: pnfs_put_lseg+0x29/0x100 [nfsv4] RSP: ffffc90000ff39b8
[ 3000.672462] CR2: 000000000000003c
Signed-off-by: Artem Savkov <[email protected]>
---
fs/nfs/filelayout/filelayout.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
index acd30ba..fb39fd8 100644
--- a/fs/nfs/filelayout/filelayout.c
+++ b/fs/nfs/filelayout/filelayout.c
@@ -921,11 +921,11 @@ fl_pnfs_update_layout(struct inode *ino,
fl = FILELAYOUT_LSEG(lseg);
status = filelayout_check_deviceid(lo, fl, gfp_flags);
- if (status)
+ if (status) {
+ pnfs_put_lseg(lseg);
lseg = ERR_PTR(status);
+ }
out:
- if (IS_ERR(lseg))
- pnfs_put_lseg(lseg);
return lseg;
}
--
2.7.4
T24gRnJpLCAyMDE3LTA0LTIxIGF0IDE2OjE4ICswMjAwLCBBcnRlbSBTYXZrb3Ygd3JvdGU6DQo+
IENhbGxpbmcgcG5mc19wdXRfbHNldCBvbiBhbiBJU19FUlIgcG9pbnRlciByZXN1bHRzIGluIGEg
TlVMTCBwb2ludGVyDQo+IGRlcmVmZXJlbmNlIGxpa2UgdGhlIG9uZSBiZWxvdy4gZmxfcG5mc191
cGRhdGVfbGF5b3V0KCkncyBvdXRwdXQgaXMNCj4gY2hlY2tlZCBhZnRlciBlYWNoIGNhbGwgc28g
aXQgZG9lc24ndCBzZWVtIHRoYXQgaXQgc2hvdWxkIHRyeSB0bw0KPiBoYW5kbGUNCj4gdGhlc2Ug
ZXJyb3JzIG9uIGl0J3Mgb3duLg0KPiANCj4gWyAzMDAwLjYzNjE2MV0gQlVHOiB1bmFibGUgdG8g
aGFuZGxlIGtlcm5lbCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2UNCj4gYXQgMDAwMDAwMDAwMDAw
MDAzYw0KPiBbIDMwMDAuNjM2OTcwXSBJUDogcG5mc19wdXRfbHNlZysweDI5LzB4MTAwIFtuZnN2
NF0NCj4gWyAzMDAwLjYzNzQyMF0gUEdEIDRmMjNiMDY3DQo+IFsgMzAwMC42Mzc0MjFdIFBVRCA0
YTBmNDA2Nw0KPiBbIDMwMDAuNjM3Njc5XSBQTUQgMA0KPiBbIDMwMDAuNjM3OTM3XQ0KPiBbIDMw
MDAuNjM4Mjg3XSBPb3BzOiAwMDAwIFsjMV0gU01QDQo+IFsgMzAwMC42Mzg1OTFdIE1vZHVsZXMg
bGlua2VkIGluOiBuZnNfbGF5b3V0X25mc3Y0MV9maWxlcyBuZnN2Mw0KPiBuZm5ldGxpbmtfcXVl
dWUgbmZuZXRsaW5rX2xvZyBuZm5ldGxpbmsgYmx1ZXRvb3RoIHJma2lsbA0KPiBycGNzZWNfZ3Nz
X2tyYjUgbmZzdjQgbmZzIGZzY2FjaGUgYmluZm10X21pc2MgYXJjNCBtZDQgbmxzX3V0ZjggY2lm
cw0KPiBjY20gZG5zX3Jlc29sdmVyIHJwY3JkbWEgaWJfaXNlcnQgaXNjc2lfdGFyZ2V0X21vZCBp
Yl9pc2VyIHJkbWFfY20NCj4gaXdfY20gbGliaXNjc2kgc2NzaV90cmFuc3BvcnRfaXNjc2kgaWJf
c3JwdCB0YXJnZXRfY29yZV9tb2QgaWJfc3JwDQo+IHNjc2lfdHJhbnNwb3J0X3NycCBpYl9pcG9p
YiBpYl91Y20gaWJfdXZlcmJzIGliX3VtYWQgaWJfY20gaWJfY29yZQ0KPiBubHNfa29pOF91IG5s
c19jcDkzMiB0c19rbXAgbmZfY29ubnRyYWNrX2lwdjQgbmZfZGVmcmFnX2lwdjQNCj4gbmZfY29u
bnRyYWNrIGNyY3QxMGRpZl9wY2xtdWwgY3JjMzJfcGNsbXVsIGdoYXNoX2NsbXVsbmlfaW50ZWwg
cGNzcGtyDQo+IHZpcnRpb19iYWxsb29uIHBwZGV2IHZpcnRpb19ybmcgcGFycG9ydF9wYyBpMmNf
cGlpeDQgcGFycG9ydA0KPiBhY3BpX2NwdWZyZXEgbmZzZCBhdXRoX3JwY2dzcyBuZnNfYWNsIGxv
Y2tkIGdyYWNlIHN1bnJwYyB4ZnMNCj4gbGliY3JjMzJjIGF0YV9nZW5lcmljIHBhdGFfYWNwaSB2
aXJ0aW9fYmxrIHZpcnRpb19uZXQgY2lycnVzDQo+IGRybV9rbXNfaGVscGVyIHN5c2NvcHlhcmVh
IHN5c2ZpbGxyZWN0IHN5c2ltZ2JsdCBmYl9zeXNfZm9wcw0KPiBjcmMzMmNfaW50ZWwgYXRhX3Bp
aXggdHRtIGxpYmF0YSBkcm0gc2VyaW9fcmF3DQo+IFsgMzAwMC42NDUyNDVdwqDCoGkyY19jb3Jl
IHZpcnRpb19wY2kgdmlydGlvX3JpbmcgdmlydGlvIGZsb3BweQ0KPiBkbV9taXJyb3IgZG1fcmVn
aW9uX2hhc2ggZG1fbG9nIGRtX21vZCBbbGFzdCB1bmxvYWRlZDogeHRfdTMyXQ0KPiBbIDMwMDAu
NjQ2MzYwXSBDUFU6IDEgUElEOiAyNjQwMiBDb21tOiBkYXRlIE5vdCB0YWludGVkIDQuMTEuMC0N
Cj4gcmM3LjEuZWw3LnRlc3QueDg2XzY0ICMxDQo+IFsgMzAwMC42NDcwOTJdIEhhcmR3YXJlIG5h
bWU6IFJlZCBIYXQgS1ZNLCBCSU9TIDAuNS4xIDAxLzAxLzIwMTENCj4gWyAzMDAwLjY0NzYzOF0g
dGFzazogZmZmZjg4MDA0MTVhZGEwMCB0YXNrLnN0YWNrOiBmZmZmYzkwMDAwZmYwMDAwDQo+IFsg
MzAwMC42NDgyMDddIFJJUDogMDAxMDpwbmZzX3B1dF9sc2VnKzB4MjkvMHgxMDAgW25mc3Y0XQ0K
PiBbIDMwMDAuNjQ4Njk2XSBSU1A6IDAwMTg6ZmZmZmM5MDAwMGZmMzliOCBFRkxBR1M6IDAwMDEw
MjQ2DQo+IFsgMzAwMC42NDkxOTNdIFJBWDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IGZmZmZmZmZm
ZmZmZmZmZjQgUkNYOg0KPiAwMDAwMDAwMDAwMGQ0M2JlDQo+IFsgMzAwMC42NDk4NTldIFJEWDog
MDAwMDAwMDAwMDBkNDNiZCBSU0k6IDAwMDAwMDAwMDAwMDAwMDAgUkRJOg0KPiBmZmZmZmZmZmZm
ZmZmZmY0DQo+IFsgMzAwMC42NTA1MzBdIFJCUDogZmZmZmM5MDAwMGZmMzlkOCBSMDg6IDAwMDAw
MDAwMDAwMWUzMjAgUjA5Og0KPiBmZmZmZmZmZmEwNWMzNWNlDQo+IFsgMzAwMC42NTEyMDNdIFIx
MDogZmZmZjg4MDA3ZmQxZTMyMCBSMTE6IGZmZmZlYTAwMDEyODNkODAgUjEyOg0KPiAwMDAwMDAw
MDAxNDAwMDQwDQo+IFsgMzAwMC42NTE4NzVdIFIxMzogZmZmZjg4MDA0Zjc3ZDlmMCBSMTQ6IGZm
ZmZjOTAwMDBmZjNjZDggUjE1Og0KPiBmZmZmODgwMDQxN2FkZTAwDQo+IFsgMzAwMC42NTI1NDZd
IEZTOsKgwqAwMDAwN2ZhYzRkNWNkNzQwKDAwMDApIEdTOmZmZmY4ODAwN2ZkMDAwMDAoMDAwMCkN
Cj4ga25sR1M6MDAwMDAwMDAwMDAwMDAwMA0KPiBbIDMwMDAuNjUzMzA0XSBDUzrCoMKgMDAxMCBE
UzogMDAwMCBFUzogMDAwMCBDUjA6IDAwMDAwMDAwODAwNTAwMzMNCj4gWyAzMDAwLjY1Mzg0OV0g
Q1IyOiAwMDAwMDAwMDAwMDAwMDNjIENSMzogMDAwMDAwMDA0ZjA4MDAwMCBDUjQ6DQo+IDAwMDAw
MDAwMDAwNDA2ZTANCj4gWyAzMDAwLjY1NDUyN10gQ2FsbCBUcmFjZToNCj4gWyAzMDAwLjY1NDc3
MV3CoMKgZmxfcG5mc191cGRhdGVfbGF5b3V0LmNvbnN0cHJvcC4yMCsweDEwYy8weDE1MA0KPiBb
bmZzX2xheW91dF9uZnN2NDFfZmlsZXNdDQo+IFsgMzAwMC42NTU1MDVdwqDCoGZpbGVsYXlvdXRf
cGdfaW5pdF93cml0ZSsweDIxZC8weDI3MA0KPiBbbmZzX2xheW91dF9uZnN2NDFfZmlsZXNdDQo+
IFsgMzAwMC42NTYxOTVdwqDCoF9fbmZzX3BhZ2Vpb19hZGRfcmVxdWVzdCsweDExYy8weDQ5MCBb
bmZzXQ0KPiBbIDMwMDAuNjU2Njk4XcKgwqBuZnNfcGFnZWlvX2FkZF9yZXF1ZXN0KzB4YWMvMHgy
NjAgW25mc10NCj4gWyAzMDAwLjY1NzE4MF3CoMKgbmZzX2RvX3dyaXRlcGFnZSsweDEwOS8weDJl
MCBbbmZzXQ0KPiBbIDMwMDAuNjU3NjE2XcKgwqBuZnNfd3JpdGVwYWdlc19jYWxsYmFjaysweDE2
LzB4MzAgW25mc10NCj4gWyAzMDAwLjY1ODA5Nl3CoMKgd3JpdGVfY2FjaGVfcGFnZXMrMHgyNmYv
MHg1MTANCj4gWyAzMDAwLjY1ODQ5NV3CoMKgPyBuZnNfZG9fd3JpdGVwYWdlKzB4MmUwLzB4MmUw
IFtuZnNdDQo+IFsgMzAwMC42NTg5NDZdwqDCoD8gX3Jhd19zcGluX3VubG9ja19iaCsweDFlLzB4
MjANCj4gWyAzMDAwLjY1OTM1N13CoMKgPyB3Yl93YWtldXBfZGVsYXllZCsweDVmLzB4NzANCj4g
WyAzMDAwLjY1OTc0OF3CoMKgPyBfX21hcmtfaW5vZGVfZGlydHkrMHgyZWIvMHgzNjANCj4gWyAz
MDAwLjY2MDE3MF3CoMKgbmZzX3dyaXRlcGFnZXMrMHg4NC8weGQwIFtuZnNdDQo+IFsgMzAwMC42
NjA1NzVdwqDCoD8gbmZzX3VwZGF0ZXBhZ2UrMHg1NzEvMHhiNzAgW25mc10NCj4gWyAzMDAwLjY2
MTAxMl3CoMKgZG9fd3JpdGVwYWdlcysweDFlLzB4MzANCj4gWyAzMDAwLjY2MTM1OF3CoMKgX19m
aWxlbWFwX2ZkYXRhd3JpdGVfcmFuZ2UrMHhjNi8weDEwMA0KPiBbIDMwMDAuNjYxODE5XcKgwqBm
aWxlbWFwX3dyaXRlX2FuZF93YWl0X3JhbmdlKzB4NDEvMHg5MA0KPiBbIDMwMDAuNjYyMjkyXcKg
wqBuZnNfZmlsZV9mc3luYysweDM0LzB4MWYwIFtuZnNdDQo+IFsgMzAwMC42NjI3MDRdwqDCoHZm
c19mc3luY19yYW5nZSsweDNkLzB4YjANCj4gWyAzMDAwLjY2MzA2NV3CoMKgdmZzX2ZzeW5jKzB4
MWMvMHgyMA0KPiBbIDMwMDAuNjYzMzg1XcKgwqBuZnM0X2ZpbGVfZmx1c2grMHg1Ny8weDgwIFtu
ZnN2NF0NCj4gWyAzMDAwLjY2MzgxM13CoMKgZmlscF9jbG9zZSsweDJmLzB4NzANCj4gWyAzMDAw
LjY2NDEzMl3CoMKgX19jbG9zZV9mZCsweDlhLzB4YzANCj4gWyAzMDAwLjY2NDQ1M13CoMKgU3lT
X2Nsb3NlKzB4MjMvMHg1MA0KPiBbIDMwMDAuNjY0Nzg1XcKgwqBkb19zeXNjYWxsXzY0KzB4Njcv
MHgxODANCj4gWyAzMDAwLjY2NTE2Ml3CoMKgZW50cnlfU1lTQ0FMTDY0X3Nsb3dfcGF0aCsweDI1
LzB4MjUNCj4gWyAzMDAwLjY2NTYwMF0gUklQOiAwMDMzOjB4N2ZhYzRkMGUxZTkwDQo+IFsgMzAw
MC42NjU5NDZdIFJTUDogMDAyYjowMDAwN2ZmZDU0ZTkwYzg4IEVGTEFHUzogMDAwMDAyNDYgT1JJ
R19SQVg6DQo+IDAwMDAwMDAwMDAwMDAwMDMNCj4gWyAzMDAwLjY2NjY3OV0gUkFYOiBmZmZmZmZm
ZmZmZmZmZmRhIFJCWDogMDAwMDdmYWM0ZDNiNTQwMCBSQ1g6DQo+IDAwMDA3ZmFjNGQwZTFlOTAN
Cj4gWyAzMDAwLjY2NzM0OV0gUkRYOiAwMDAwMDAwMDAwMDAwMDAwIFJTSTogMDAwMDdmYWM0ZDVk
OTAwMCBSREk6DQo+IDAwMDAwMDAwMDAwMDAwMDENCj4gWyAzMDAwLjY2ODAzMV0gUkJQOiAwMDAw
MDAwMDAwMDAwMDAwIFIwODogMDAwMDdmYWM0ZDNiNmEwMCBSMDk6DQo+IDAwMDA3ZmFjNGQ1Y2Q3
NDANCj4gWyAzMDAwLjY2ODcwOV0gUjEwOiAwMDAwN2ZmZDU0ZTkwOWUwIFIxMTogMDAwMDAwMDAw
MDAwMDI0NiBSMTI6DQo+IDAwMDAwMDAwMDAwMDAwMDANCj4gWyAzMDAwLjY2OTM4NV0gUjEzOiAw
MDAwN2ZhYzRkM2I1ZTgwIFIxNDogMDAwMDAwMDAwMDAwMDAwMCBSMTU6DQo+IDAwMDAwMDAwMDAw
MDAwMDANCj4gWyAzMDAwLjY3MDA2MV0gQ29kZTogMDAgMDAgNjYgNjYgNjYgNjYgOTAgNTUgNDgg
ODUgZmYgNDggODkgZTUgNDEgNTYNCj4gNDEgNTUgNDEgNTQgNTMgNDggODkgZmIgMGYgODQgOTcg
MDAgMDAgMDAgZjYgMDUgMTYgOGYgYmMgZmYgMTAgMGYgODUNCj4gYTYgMDAgMDAgMDAgPDRjPiA4
YiA2MyA0OCA0OCA4ZCA3YiAzOCA0OSA4YiA4NCAyNCA5MCAwMCAwMCAwMCA0YyA4ZA0KPiBhOCA4
OCAwMA0KPiBbIDMwMDAuNjcxODMxXSBSSVA6IHBuZnNfcHV0X2xzZWcrMHgyOS8weDEwMCBbbmZz
djRdIFJTUDoNCj4gZmZmZmM5MDAwMGZmMzliOA0KPiBbIDMwMDAuNjcyNDYyXSBDUjI6IDAwMDAw
MDAwMDAwMDAwM2MNCj4gDQo+IFNpZ25lZC1vZmYtYnk6IEFydGVtIFNhdmtvdiA8YXNhdmtvdkBy
ZWRoYXQuY29tPg0KPiAtLS0NCj4gwqBmcy9uZnMvZmlsZWxheW91dC9maWxlbGF5b3V0LmMgfCAy
IC0tDQo+IMKgMSBmaWxlIGNoYW5nZWQsIDIgZGVsZXRpb25zKC0pDQo+IA0KPiBkaWZmIC0tZ2l0
IGEvZnMvbmZzL2ZpbGVsYXlvdXQvZmlsZWxheW91dC5jDQo+IGIvZnMvbmZzL2ZpbGVsYXlvdXQv
ZmlsZWxheW91dC5jDQo+IGluZGV4IGFjZDMwYmEuLmE1M2QxYjcgMTAwNjQ0DQo+IC0tLSBhL2Zz
L25mcy9maWxlbGF5b3V0L2ZpbGVsYXlvdXQuYw0KPiArKysgYi9mcy9uZnMvZmlsZWxheW91dC9m
aWxlbGF5b3V0LmMNCj4gQEAgLTkyNCw4ICs5MjQsNiBAQCBmbF9wbmZzX3VwZGF0ZV9sYXlvdXQo
c3RydWN0IGlub2RlICppbm8sDQo+IMKgCWlmIChzdGF0dXMpDQo+IMKgCQlsc2VnID0gRVJSX1BU
UihzdGF0dXMpOw0KPiDCoG91dDoNCj4gLQlpZiAoSVNfRVJSKGxzZWcpKQ0KPiAtCQlwbmZzX3B1
dF9sc2VnKGxzZWcpOw0KPiDCoAlyZXR1cm4gbHNlZzsNCj4gwqB9DQo+IA0KDQpJIHN0cm9uZ2x5
IHN1c3BlY3QgdGhhdCAicG5mc19wdXRfbHNlZygpIiBpcyBzdXBwb3NlZCB0byBiZSBwYXJ0IG9m
IHRoZQ0KJ2lmIChzdGF0dXMpJyBjbGF1c2UgYWJvdmUgaXQuDQpJT1c6IA0KDQoJaWYgKHN0YXR1
cykgew0KCQlwbmZzX3B1dF9sc2VnKGxzZWcpOw0KCQlsc2VnID0gRVJSX1BUUihzdGF0dXMpOw0K
CX0NCg0KJ2NvcyB0aGF0IHdvdWxkIG1ha2Ugc2Vuc2UuDQoNCkNoZWVycw0KICBUcm9uZA0KLS0g
DQpUcm9uZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lciwgUHJpbWFyeURh
dGENCnRyb25kLm15a2xlYnVzdEBwcmltYXJ5ZGF0YS5jb20NCg==