Return-Path: <linux-nfs-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 32122C433EF
	for <linux-nfs@archiver.kernel.org>; Wed, 10 Nov 2021 16:54:16 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 1AC2961107
	for <linux-nfs@archiver.kernel.org>; Wed, 10 Nov 2021 16:54:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231209AbhKJQ5C (ORCPT <rfc822;linux-nfs@archiver.kernel.org>);
        Wed, 10 Nov 2021 11:57:02 -0500
Received: from outgoing-stata.csail.mit.edu ([128.30.2.210]:47904 "EHLO
        outgoing-stata.csail.mit.edu" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S229582AbhKJQ5C (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Wed, 10 Nov 2021 11:57:02 -0500
Received: from c-24-60-30-97.hsd1.ma.comcast.net ([24.60.30.97] helo=crash.local)
        by outgoing-stata.csail.mit.edu with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.82)
        (envelope-from <rtm@csail.mit.edu>)
        id 1mkqrU-000ML0-Bx; Wed, 10 Nov 2021 11:54:12 -0500
Received: from crash.local (localhost [127.0.0.1])
        by crash.local (Postfix) with ESMTP id 7070012BD8AA8;
        Wed, 10 Nov 2021 11:54:11 -0500 (EST)
To:     Trond Myklebust <trond.myklebust@hammerspace.com>,
        Anna Schumaker <anna.schumaker@netapp.com>
cc:     linux-nfs@vger.kernel.org
From:   rtm@csail.mit.edu
Reply-To: rtm@csail.mit.edu
Subject: nfs_closedir can be called without preceding nfs_opendir -> crash
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Date:   Wed, 10 Nov 2021 11:54:11 -0500
Message-ID: <66112.1636563251@crash.local>
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

--=-=-=
Content-Type: text/plain

It's possible for nfs_closedir() to be called without
filp->private_data ever having been set. This causes a crash when
put_nfs_open_dir_context() calls list_del on filp->private_data->list.

I have a test program that provokes this crash (with a misbehaving NFS
server). Here's my partial understanding of what happens:

  * A program tries to create a new file "x".
  * The NFS v4 server replies OK to the open RPC, but includes
    attributes with an invalid (huge) fattr4.type.
  * This causes decode_attr_type() to not set NFS_ATTR_FATTR_TYPE, so
    the type test in nfs4_open_done() isn't executed, which would
    ordinarily prevent all this from happening.
  * But the open mostly succeeds, and allocates an inode; 
    _nfs4_proc_open() sends another getattr RPC to get the type &c. 
  * The server replies to this second getattr with type=NF4DIR,
    and nfs_fhget() sets inode->i_fop = nfs_dir_operations.
    But i_fop.open=nfs_diropen won't be called because this inode 
    is stale...
  * The NF4DIR causes nfs_finish_open() to return EOPENSTALE,
    which causes do_filp_open() to retry the open.
  * The NFS server replies to this open with attribute type=NF4REG.
  * nfs_find_actor() allocates a new struct inode, since the type is
    different.
  * Meanwhile, path_openat() had called fput(file) for the original
    stale open, which causes a background task eventually to call
    ___fput, which makes the nfs_closedir() call that crashes.

One way to view this is that inode->i_fop gets out of sync with
file->private_data.

I've attached my test program:

# cc nfs_7.c
# ./a.out
...
[   26.691442] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[   26.704718] Oops [#1]
[   26.709193] Modules linked in:
[   26.715724] CPU: 0 PID: 73 Comm: sh Not tainted 5.15.0-rc7-dirty #20
[   26.725572] Hardware name: ucbbar,riscvemu-bare (DT)
[   26.733242] epc : __list_del_entry_valid+0x8/0xa0
[   26.741500]  ra : nfs_closedir+0x28/0x5c
[   26.748036] epc : ffffffff802ed742 ra : ffffffff80206bea sp : ffffffd00059bd60
...
[   26.866512] status: 0000000200000121 badaddr: 0000000000000000 cause: 000000000000000d
[   26.877462] [<ffffffff802ed742>] __list_del_entry_valid+0x8/0xa0
[   26.887319] [<ffffffff80206bea>] nfs_closedir+0x28/0x5c
[   26.895619] [<ffffffff8012b4c6>] __fput+0x78/0x1c6
[   26.903952] [<ffffffff8012b67c>] ____fput+0xc/0x14
[   26.912274] [<ffffffff8002344c>] task_work_run+0x68/0xa4
[   26.920516] [<ffffffff80003df0>] do_notify_resume+0x74/0x356
[   26.930376] [<ffffffff80003054>] ret_from_exception+0x0/0xc



--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=nfs_7.c
Content-Transfer-Encoding: base64

I2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN0ZGxpYi5o
PgojaW5jbHVkZSA8dW5pc3RkLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CiNpbmNsdWRlIDxz
eXMvaW9jdGwuaD4KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4KI2luY2x1ZGUgPHN5cy93YWl0Lmg+
CiNpbmNsdWRlIDxzeXMvcmVzb3VyY2UuaD4KI2luY2x1ZGUgPGFzc2VydC5oPgoKaW50IHN5bV9v
cCA9IC0xOwppbnQgc3ltX3NraXAgPSAwOwppbnQgc3ltX3R5cGUgPSAxOyAvLyBhbGwgZmF0dHI0
IGZpbGUgdHlwZXMKaW50IHN5bV9maCA9IDA7IC8vIGFsbCBmaWxlIGhhbmRsZXMKCmludCBvcGNv
dW50c1syNTZdOwpsb25nIGxvbmcgbmV4dF9jb29raWUgPSAzOwppbnQgY3VycmVudF9maCA9IDA7
CgovLyBtYXAgZmlsZS9kaXIgbmFtZXMgdG8gZmlsZSBoYW5kbGUKY2hhciAqZmhuYW1lc1tdID0g
ewogICAgICAgICAgICAgICAiIiwKICAgICAgICAgICAgICAgInRtcCIsCiAgICAgICAgICAgICAg
ICJ4IiwKICAgICAgICAgICAgICAgInkiLAogICAgICAgICAgICAgICAieiIsCiAgICAgICAgICAg
ICAgICJ6enoiLAogICAgICAgICAgICAgICAwCn07CgppbnQKbmFtZTJmaChjaGFyICpuYW1lKQp7
CiAgZm9yKGludCBpID0gMDsgZmhuYW1lc1tpXTsgaSsrKXsKICAgIGlmKHN0cmNtcChuYW1lLCBm
aG5hbWVzW2ldKSA9PSAwKQogICAgICByZXR1cm4gaTsKICB9CiAgcmV0dXJuIDEwMDsKfQoKI2Rl
ZmluZSBOQUEgMTI4CnVuc2lnbmVkIGxvbmcgbG9uZyBhYVtOQUFdID0gewoweDB1bGwsCjB4MHVs
bCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4NDAwMDAwMDF1bGws
CjB4M3VsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwK
MHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAow
eDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4
MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgw
dWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1
bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVs
bCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxs
LAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGws
CjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwK
MHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAow
eDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4
MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgw
dWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1
bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVs
bCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxs
LAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGws
CjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCn07CmludCBh
YWkgPSAwOwoKY2hhciBpYnVmWzQwOTZdOwppbnQgaWxlbiA9IDA7CmludCBpaSA9IDA7CmNoYXIg
b2J1Zls0MDk2XTsKaW50IG9pID0gMDsKaW50IHN5bXN0YXJ0ID0gLTE7CmludCBzeW1lbmQgPSAt
MTsKCmludCByZWFkbihpbnQgZmQsIHZvaWQgKnhidWYsIGludCBuKSB7CiAgY2hhciAqYnVmID0g
KGNoYXIgKikgeGJ1ZjsKICBpbnQgb3JpZyA9IG47CiAgd2hpbGUobiA+IDApewogICAgaW50IGNj
ID0gcmVhZChmZCwgYnVmLCBuKTsKICAgIGlmKGNjIDw9IDApIHsgcGVycm9yKCJyZWFkIik7IHJl
dHVybiAtMTsgfQogICAgbiAtPSBjYzsKICAgIGJ1ZiArPSBjYzsKICB9CiAgcmV0dXJuIG9yaWc7
Cn0KCnVuc2lnbmVkIGludApwYXJzZTMyKCkKewogIGlmKGlpID49IGlsZW4pewogICAgcHJpbnRm
KCJwYXJzZWQgYmV5b25kIHRoZSBlbmQgb2YgdGhlIGlucHV0XG4iKTsKICAgIHJldHVybiAwOwog
IH0KICB1bnNpZ25lZCBpbnQgeCA9ICooaW50KikoaWJ1ZitpaSk7CiAgaWkgKz0gNDsKICByZXR1
cm4gbnRvaGwoeCk7Cn0KCnVuc2lnbmVkIGxvbmcgbG9uZwpwYXJzZTY0KCkKewogIHVuc2lnbmVk
IGxvbmcgbG9uZyBoaSA9IHBhcnNlMzIoKTsKICB1bnNpZ25lZCBsb25nIGxvbmcgbG8gPSBwYXJz
ZTMyKCk7CiAgcmV0dXJuIChoaSA8PCAzMikgfCBsbzsKfQoKLy8gc2Vzc2lvbmlkNCAtLSAxNiBi
eXRlcwp2b2lkCnBhcnNlX3NpZChjaGFyICpzaWQpCnsKICBmb3IoaW50IGkgPSAwOyBpIDwgMTY7
IGkrKyl7CiAgICBpZihzaWQpCiAgICAgIHNpZFtpXSA9IGlidWZbaWldOwogICAgaWkrKzsKICB9
Cn0KCnVuc2lnbmVkIGludApwYXJzZV9vcGFxdWUoY2hhciAqYnVmKQp7CiAgaWYoYnVmKQogICAg
YnVmWzBdID0gMDsKICBpbnQgbm9taW5hbF9uID0gcGFyc2UzMigpOwogIGlmKG5vbWluYWxfbiA+
IDQwOTYpewogICAgcHJpbnRmKCJjcmF6eSBvcGFxdWUgbGVuZ3RoICVkXG4iLCBub21pbmFsX24p
OwogICAgcmV0dXJuIDA7CiAgfQogIGludCByZWFsX24gPSBub21pbmFsX247CiAgd2hpbGUoKHJl
YWxfbiU0KSAhPSAwKSByZWFsX24gKz0gMTsKICBmb3IoaW50IGkgPSAwOyBpIDwgcmVhbF9uOyBp
KyspewogICAgaWYoYnVmICYmIGkgPCByZWFsX24pCiAgICAgIGJ1ZltpXSA9IGlidWZbaWldOwog
ICAgaWkrKzsKICB9CiAgcmV0dXJuIG5vbWluYWxfbjsKfQoKdm9pZApwdXQzMih1bnNpZ25lZCBp
bnQgeCkKewogIGFzc2VydCgob2kgJSA0KSA9PSAwKTsKICAqKGludCopKG9idWYrb2kpID0gaHRv
bmwoeCk7CiAgb2kgKz0gNDsKfQoKdm9pZApwdXQ2NCh1bnNpZ25lZCBsb25nIGxvbmcgeCkKewog
IHB1dDMyKHggPj4gMzIpOwogIHB1dDMyKHgpOwp9Cgp2b2lkCnB1dF9vcGFxdWUoaW50IG4sIGNo
YXIgKmJ1ZikKewogIHB1dDMyKG4pOwogIGZvcihpbnQgaSA9IDA7IGkgPCBuOyBpKyspCiAgICBv
YnVmW29pKytdID0gKGJ1ZiA/IGJ1ZltpXSA6IDApOwogIHdoaWxlKChuJTQpIT0wKXsKICAgIG9i
dWZbb2krK10gPSAwOwogICAgbisrOwogIH0KfQoKdm9pZApwdXRfc2lkKGNoYXIgKnNpZCkKewog
IGZvcihpbnQgaSA9IDA7IGkgPCAxNjsgaSsrKXsKICAgIG9idWZbb2krK10gPSAoc2lkID8gc2lk
W2ldIDogMCk7CiAgfQp9Cgp2b2lkCnBhcnNlX25vcCgpCnsKfQoKdm9pZApwYXJzZV9vcF9leGNo
YW5nZV9pZCgpCnsKICBwYXJzZTMyKCk7IC8vIHZlcmlmaWVyNCwgZmlyc3QgaGFsZgogIHBhcnNl
MzIoKTsgLy8gdmVyaWZpZXI0LCBzZWNvbmQgaGFsZgogIHBhcnNlX29wYXF1ZSgwKTsgLy8gZWlh
X2NsaWVudG93bmVyCiAgaW50IGNmbGFncyA9IHBhcnNlMzIoKTsgLy8gZWlhX2ZsYWdzCiAgcGFy
c2UzMigpOyAvLyBzdGF0ZV9wcm90ZWN0NF9hLnNwYV9ob3csIGFzc3VtZSBTUDRfTk9ORQogIGlu
dCBuaW1wbCA9IHBhcnNlMzIoKTsgLy8gbGVuZ3RoIG9mIGNsaWVudF9pbXBsX2lkCiAgZm9yKGlu
dCBpbXBsaSA9IDA7IGltcGxpIDwgbmltcGw7IGltcGxpKyspewogICAgY2hhciBqdW5rWzUxMl07
CiAgICBwYXJzZV9vcGFxdWUoanVuayk7IC8vIG5paV9kb21haW4KICAgIC8vIHByaW50Zigibmlp
X2RvbWFpbjogJXNcbiIsIGp1bmspOwogICAgcGFyc2Vfb3BhcXVlKGp1bmspOyAvLyBuaWlfbmFt
ZQogICAgLy8gcHJpbnRmKCJuaWlfbmFtZTogJXNcbiIsIGp1bmspOwogICAgcGFyc2U2NCgpOyAv
LyAxLzIgb2YgbmZzdGltZTQKICAgIHBhcnNlMzIoKTsgLy8gMS8yIG9mIG5mc3RpbWU0CiAgfQoK
ICAvLyBmaW5pc2ggRVhDSEFOR0VfSUQ0cmVzCiAgcHV0MzIoMCk7IC8vIGVpcl9zdGF0dXMgPSBO
RlM0X09LCiAgcHV0NjQoMSk7IC8vIGNsaWVudGlkNAogIHB1dDMyKDEpOyAvLyBzZXF1ZW5jZWlk
NAogIGludCBzZmxhZ3MgPSAweDEwMyB8IDB4MTAwMDA7IC8vIEVYQ0hHSUQ0X0ZMQUdfVVNFX05P
Tl9QTkZTCiAgcHV0MzIoc2ZsYWdzKTsgLy8gZWlyX2ZsYWdzCiAgcHV0MzIoMCk7IC8vIHN0YXRl
X3Byb3RlY3Q0X3Iuc3ByX2hvdyA9IFNQNF9OT05FCiAgcHV0NjQoMSk7IC8vIHNlcnZlcl9vd25l
cjQuc29fbWlub3JfaWQKICBwdXQzMig0KTsgLy8gbGVuZ3RoIG9mIHNvX21ham9yX2lkPD4KICBw
dXQzMigweDExMjIzMzQ0KTsgLy8gc29fbWFqb3JfaWQ8PgogIHB1dDMyKDQpOyAvLyBsZW5ndGgg
b2YgZWlyX3NlcnZlcl9zY29wZQogIHB1dDMyKDB4MTEyMjMzNDQpOwogIHB1dDMyKDEpOyAvLyBs
ZW5ndGggb2YgZWlyX3NlcnZlcl9pbXBsX2lkPDE+CiAgcHV0MzIoNCk7IC8vIG5mc19pbXBsX2lk
NC5uaWlfZG9tYWluCiAgcHV0MzIoMHgxMTIyMzM0NCk7CiAgcHV0MzIoNCk7IC8vIG5mc19pbXBs
X2lkNC5uaWlfbmFtZQogIHB1dDMyKDB4MTEyMjMzNDQpOwogIHB1dDY0KDApOyAvLyBuaWlfZGF0
ZSAxLzIKICBwdXQzMigwKTsgLy8gbmlpX2RhdGUgMi8yCn0KCnZvaWQKcGFyc2Vfb3BfY3JlYXRl
X3Nlc3Npb24oKQp7CiAgcGFyc2U2NCgpOyAvLyBjc2FfY2xpZW50aWQKICBpbnQgc2VxID0gcGFy
c2UzMigpOyAvLyBjc2Ffc2VxdWVuY2UKICBwYXJzZTMyKCk7IC8vIGNzYV9mbGFncwogIC8vIGNz
YV9mb3JlX2NoYW5fYXR0cnMsIGNzYV9iYWNrX2NoYW5fYXR0cnMKICBpbnQgYXR0cnNbMl1bNl07
CiAgZm9yKGludCBpID0gMDsgaSA8IDI7IGkrKyl7CiAgICBmb3IoaW50IGogPSAwOyBqIDwgNjsg
aisrKXsKICAgICAgYXR0cnNbaV1bal0gPSBwYXJzZTMyKCk7CiAgICB9CiAgICBwYXJzZV9vcGFx
dWUoMCk7IC8vIGNhX3JkbWFfaXJkPDE+CiAgfQoKICBwdXQzMigwKTsgLy8gT0sKICBmb3IoaW50
IGkgPSAwOyBpIDwgNDsgaSsrKQogICAgcHV0MzIoMSk7IC8vIGNzcl9zZXNzaW9uaWQgaS80CiAg
cHV0MzIoc2VxKTsgLy8gY3NyX3NlcXVlbmNlCiAgcHV0MzIoMHgzKTsgLy8gY3NyX2ZsYWdzCgog
IGZvcihpbnQgaSA9IDA7IGkgPCAyOyBpKyspewogICAgZm9yKGludCBqID0gMDsgaiA8IDY7IGor
KykKICAgICAgcHV0MzIoYXR0cnNbaV1bal0pOwogICAgcHV0MzIoMCk7IC8vIGNhX3JkbWFfaXJk
CiAgfQp9Cgp2b2lkCnBhcnNlX29wX3NlcXVlbmNlKCkKewogIGNoYXIgc2lkWzE2XTsKCiAgcGFy
c2Vfc2lkKHNpZCk7IC8vIHNhX3Nlc3Npb25pZAogIGludCBzZXEgPSBwYXJzZTMyKCk7IC8vIHNh
X3NlcXVlbmNlaWQKICBpbnQgc2xvdCA9IHBhcnNlMzIoKTsgLy8gc2Ffc2xvdGlkCiAgaW50IGhp
c2xvdCA9IHBhcnNlMzIoKTsgLy8gc2FfaGlnaGVzdF9zbG90aWQKICBwYXJzZTMyKCk7IC8vIHNh
X2NhY2hldGhpcwoKICBwdXQzMigwKTsgLy8gT0sKICBwdXRfc2lkKHNpZCk7IC8vIHNyX3Nlc3Np
b25pZAogIHB1dDMyKHNlcSk7IC8vIHNyX3NlcXVlbmNlaWQKICBwdXQzMihzbG90KTsgLy8gc3Jf
c2xvdGlkCiAgcHV0MzIoaGlzbG90KTsgLy8gc3JfaGlnaGVzdF9zbG90aWQKICBwdXQzMihoaXNs
b3QpOyAvLyBzcl90YXJnZXRfaGlnaGVzdF9zbG90aWQKICBwdXQzMigwKTsgLy8gc3Jfc3RhdHVz
X2ZsYWdzCn0KCnZvaWQKcGFyc2Vfb3BfcmVjbGFpbV9jb21wbGV0ZSgpCnsKICBwYXJzZTMyKCk7
IC8vIHJjYV9vbmVfZnMKICBwdXQzMigwKTsgLy8gcmNyX3N0YXR1cwp9Cgp2b2lkCnBhcnNlX29w
X3B1dHJvb3RmaCgpCnsKICAvLyBubyBhcmd1bWVudHMKICBwdXQzMigwKTsgLy8gT0sKICBjdXJy
ZW50X2ZoID0gMDsKfQoKdm9pZApwYXJzZV9vcF9zZWNpbmZvX25vX25hbWUoKQp7CiAgcGFyc2Uz
MigpOyAvLyBzZWNpbmZvX3N0eWxlNAogIHB1dDMyKDApOyAvLyBPSwogIHB1dDMyKDEpOyAvLyAj
IG9mIHNlY2luZm80CiNpZiAxCiAgcHV0MzIoMCk7IC8vIGZsYXZvciA9IEFVVEhfTlVMTAojZWxz
ZQogIHB1dDMyKDYpOyAvLyBmbGF2b3IgPSBSUENTRUNfR1NTCiAgcHV0MzIoNCk7IC8vIHNpemUg
b2Ygc2VjX29pZDQKICBwdXQzMigweGZmZmZmZmZmKTsKICBwdXQzMigwKTsgLy8gcW9wNAogIHB1
dDMyKDEpOyAvLyBycGNfZ3NzX3N2Y190CiNlbmRpZgp9Cgp2b2lkCnBhcnNlX29wX2Rlc3Ryb3lf
c2Vzc2lvbigpCnsKICBwYXJzZV9zaWQoMCk7CiAgcHV0MzIoMCk7IC8vIE9LCn0KCnZvaWQKcGFy
c2Vfb3BfZGVzdHJveV9jbGllbnRpZCgpCnsKICBwYXJzZTY0KCk7IC8vIGNsaWVudGlkCiAgcHV0
MzIoMCk7IC8vIE9LCn0KCnZvaWQKcGFyc2Vfb3BfZ2V0ZmgoKQp7CiAgLy8gbm8gYXJndW1lbnRz
CiAgcHV0MzIoMCk7IC8vIE9LCiAgaW50IHhmaCA9IGN1cnJlbnRfZmg7CiAgaWYoc3ltX2ZoKSB4
ZmggXj0gYWFbYWFpKytdOwogIHB1dF9vcGFxdWUoNCwgKGNoYXIqKSZ4ZmgpOyAvLyBmaAp9Cgov
LwovLyBjYWxsZWQgYnkgZ2V0YXR0ciBhbmQgcmVhZGRpci4KLy8gZ2VuZXJhdGVzIGEgZmF0dHI0
IChiaXRtYXA0IHRoZW4gYXR0cmxpc3Q0KS4KLy8Kdm9pZApwdXRfZmF0dHI0KGludCBiaXR3b3Jk
cywgaW50IHdvcmRzW10sIGludCBmaCkKewogIHB1dDMyKGJpdHdvcmRzKTsKICBmb3IoaW50IGkg
PSAwOyBpIDwgYml0d29yZHM7IGkrKykKICAgIHB1dDMyKHdvcmRzW2ldKTsKICBpbnQgbGVuaSA9
IG9pOwogIHB1dDMyKDApOyAvLyBwbGFjZWhvbGRlciBmb3IgdG90YWwgbGVuZ3RoIG9mIGF0dHJz
CiAgZm9yKGludCBhID0gMDsgYSA8IGJpdHdvcmRzKjMyOyBhKyspewogICAgaWYod29yZHNbYS8z
Ml0gJiAoMSA8PCAoYSAlIDMyKSkpewogICAgICBpZihhID09IDApewogICAgICAgIHB1dDMyKDIp
OyAvLyAjIGJpdG1hcCB3b3JkcyBvZiBzdXBwb3J0ZWQgYXR0cnMKICAgICAgICBwdXQzMigweGZm
ZmZmZmZmKTsKICAgICAgICBwdXQzMigweGZmZmZmZmZmKTsKICAgICAgfSBlbHNlIGlmKGEgPT0g
MSl7CiAgICAgICAgaW50IHR5cGUgPSAxOwogICAgICAgIGlmKGZoID09IDAgfHwgZmggPT0gMSkK
ICAgICAgICAgIHR5cGUgPSAyOwogICAgICAgIGlmKHN5bV90eXBlKSB0eXBlIF49IGFhW2FhaSsr
XTsKICAgICAgICBwdXQzMih0eXBlKTsgLy8gTkY0RElSPTIgb3IgTkY0UkVHPTEKICAgICAgfSBl
bHNlIGlmKGEgPT0gMil7CiAgICAgICAgcHV0MzIoMCk7IC8vIGZoX2V4cGlyZV90eXBlCiAgICAg
IH0gZWxzZSBpZihhID09IDMpewogICAgICAgIHB1dDY0KDApOyAvLyBjaGFuZ2UKICAgICAgfSBl
bHNlIGlmKGEgPT0gNCl7CiAgICAgICAgcHV0NjQoNDA5NioxMCk7IC8vIHNpemUKICAgICAgfSBl
bHNlIGlmKGEgPT0gNSl7CiAgICAgICAgcHV0MzIoMSk7IC8vIGxpbmsgc3VwcG9ydAogICAgICB9
IGVsc2UgaWYoYSA9PSA2KXsKICAgICAgICBwdXQzMigxKTsgLy8gc3ltbGluayBzdXBwb3J0CiAg
ICAgIH0gZWxzZSBpZihhID09IDgpewogICAgICAgIHB1dDY0KDEpOyAvLyBmc2lkIG1ham9yCiAg
ICAgICAgcHV0NjQoMSk7IC8vIGZzaWQgbWlub3IKICAgICAgfSBlbHNlIGlmKGEgPT0gMTApewog
ICAgICAgIHB1dDMyKDEpOyAvLyBsZWFzZSB0aW1lCiAgICAgIH0gZWxzZSBpZihhID09IDExKXsK
ICAgICAgICBwdXQzMigwKTsgLy8gcmRhdHRyX2Vycm9yCiAgICAgIH0gZWxzZSBpZihhID09IDEz
KXsKICAgICAgICBwdXQzMigweGYpOyAvLyBhY2xzdXBwb3J0CiAgICAgIH0gZWxzZSBpZihhID09
IDE5KXsKICAgICAgICAvLyBmaWxlaGFuZGxlCiAgICAgICAgaW50IHhmaCA9IGZoOwogICAgICAg
IGlmKHN5bV9maCkgeGZoIF49IGFhW2FhaSsrXTsKICAgICAgICBwdXRfb3BhcXVlKDQsIChjaGFy
KikmeGZoKTsgLy8gZmgKICAgICAgfSBlbHNlIGlmKGEgPT0gMjApewogICAgICAgIHB1dDY0KGZo
KTsgLy8gZmlsZWlkCiAgICAgIH0gZWxzZSBpZihhID09IDI3KXsKICAgICAgICBwdXQ2NCgweGZm
ZmZmZmZmZmZmZik7IC8vIG1heCBmaWxlIHNpemUKICAgICAgfSBlbHNlIGlmKGEgPT0gMjgpewog
ICAgICAgIHB1dDMyKDB4ZmZmZik7IC8vIG1heCBsaW5rCiAgICAgIH0gZWxzZSBpZihhID09IDI5
KXsKICAgICAgICBwdXQzMigyNTYpOyAvLyBtYXggbmFtZQogICAgICB9IGVsc2UgaWYoYSA9PSAz
MCl7CiAgICAgICAgcHV0NjQoMTAqNDA5Nik7IC8vIG1heCByZWFkCiAgICAgIH0gZWxzZSBpZihh
ID09IDMxKXsKICAgICAgICBwdXQ2NCgxMCo0MDk2KTsgLy8gbWF4IHdyaXRlCiAgICAgIH0gZWxz
ZSBpZihhID09IDMzKXsKICAgICAgICBwdXQzMigwNzc3KTsgLy8gbW9kZQogICAgICB9IGVsc2Ug
aWYoYSA9PSAzNSl7CiAgICAgICAgcHV0MzIoMyk7IC8vIG51bWxpbmtzCiAgICAgIH0gZWxzZSBp
ZihhID09IDM2KXsKICAgICAgICBwdXRfb3BhcXVlKDYsICJvdGhlciIpOyAvLyBvd25lcgogICAg
ICB9IGVsc2UgaWYoYSA9PSAzNyl7CiAgICAgICAgcHV0X29wYXF1ZSg2LCAib3RoZXIiKTsgLy8g
b3duZXJfZ3JvdXAKICAgICAgfSBlbHNlIGlmKGEgPT0gNDEpewogICAgICAgIHB1dDMyKDEpOyAv
LyByYXdkZXYgbWFqb3IKICAgICAgICBwdXQzMigxKTsgLy8gcmF3ZGV2IG1pbm9yCiAgICAgIH0g
ZWxzZSBpZihhID09IDQ1KXsKICAgICAgICBwdXQ2NCg0MDk2KjEwKTsgLy8gc3BhY2UgdXNlZAog
ICAgICB9IGVsc2UgaWYoYSA9PSA0Nyl7CiAgICAgICAgcHV0NjQoMCk7IC8vIHRpbWUgYWNjZXNz
IHNlY29uZHMKICAgICAgICBwdXQzMigwKTsgLy8gbnNlY29uZHMKICAgICAgfSBlbHNlIGlmKGEg
PT0gNTEpewogICAgICAgIHB1dDY0KDApOyAvLyB0aW1lIGRlbHRhIHNlY29uZHMKICAgICAgICBw
dXQzMigwKTsgLy8gbnNlY29uZHMKICAgICAgfSBlbHNlIGlmKGEgPT0gNTIpewogICAgICAgIHB1
dDY0KDApOyAvLyB0aW1lIG1ldGFkYXRhIHNlY29uZHMKICAgICAgICBwdXQzMigwKTsgLy8gbnNl
Y29uZHMKICAgICAgfSBlbHNlIGlmKGEgPT0gNTMpewogICAgICAgIHB1dDY0KDApOyAvLyB0aW1l
IG1vZGlmeSBzZWNvbmRzCiAgICAgICAgcHV0MzIoMCk7IC8vIG5zZWNvbmRzCiAgICAgIH0gZWxz
ZSBpZihhID09IDU1KXsKICAgICAgICBwdXQ2NCgwKTsgLy8gbW91bnRlZF9vbl9maWxlaWQgPz8/
CiAgICAgIH0gZWxzZSBpZihhID09IDYyKXsKICAgICAgICAvLyBmc19sYXlvdXRfdHlwZXMKICAg
ICAgICBwdXQzMigxKTsKICAgICAgICBwdXQzMigxKTsgLy8gTEFZT1VUNF9ORlNWNF8xX0ZJTEVT
CiAgICAgIH0gZWxzZSBpZihhID09IDc1KXsKICAgICAgICAvLyBGQVRUUjRfU1VQUEFUVFJfRVhD
TENSRUFUCiAgICAgICAgcHV0MzIoMik7IC8vIGJpdG1hcCBsZW5ndGgKICAgICAgICBwdXQzMigw
eGZmZmZmZmZmKTsKICAgICAgICBwdXQzMigweGZmZmZmZmZmKTsKICAgICAgfSBlbHNlIHsKICAg
ICAgICBwcmludGYoInVua25vd24gcmVxdWVzdGVkIGF0dHIgJWRcbiIsIGEpOwogICAgICAgIHB1
dDY0KDApOyAvLyBYWFgKICAgICAgfQogICAgfQogIH0KICAqKGludCopKG9idWYrbGVuaSkgPSBo
dG9ubChvaSAtIGxlbmkgLSA0KTsKfQoKdm9pZApwYXJzZV9vcF9nZXRhdHRyKCkKewogIGludCBi
aXR3b3JkcyA9IHBhcnNlMzIoKTsKICBpbnQgd29yZHNbNjRdOwogIGZvcihpbnQgaSA9IDA7IGkg
PCBiaXR3b3JkczsgaSsrKQogICAgd29yZHNbaV0gPSBwYXJzZTMyKCk7CiAgcHV0MzIoMCk7IC8v
IE9LCiAgcHV0X2ZhdHRyNChiaXR3b3Jkcywgd29yZHMsIGN1cnJlbnRfZmgpOwp9Cgp2b2lkCnBh
cnNlX29wX3B1dGZoKCkKewogIGNoYXIgYnVmWzY0XTsKICBpbnQgbiA9IHBhcnNlX29wYXF1ZShi
dWYpOyAvLyBmaAogIGlmKG4gIT0gNCl7CiAgICBwcmludGYoIm9wX3B1dGZoIGZoIHNpemUgJWQs
IG5vdCA0XG4iLCBuKTsKICAgIGV4aXQoMSk7CiAgfQogIGludCBmaCA9ICooaW50KilidWY7CiAg
Y3VycmVudF9maCA9IGZoOwogIHB1dDMyKDApOyAvLyBPSwp9Cgp2b2lkCnBhcnNlX29wX2FjY2Vz
cygpCnsKICBpbnQgbWFzayA9IHBhcnNlMzIoKTsgLy8gbWFzayBvZiByaWdodHMgdG8gcXVlcnkK
ICBwdXQzMigwKTsgLy8gT0sKICBwdXQzMigweDNmKTsgLy8gc3VwcG9ydGVkID0gYWxsIHJpZ2h0
cwogIHB1dDMyKDB4M2YpOyAvLyBhY2Nlc3MgPSBhbGwgcmlnaHRzCn0KCnZvaWQKcGFyc2Vfb3Bf
bG9va3VwKCkKewogIGNoYXIgbmFtZVsyNTZdOwogIGludCBuID0gcGFyc2Vfb3BhcXVlKG5hbWUp
OwogIG5hbWVbbj49MD9uOjBdID0gJ1wwJzsKICBwcmludGYoImxvb2t1cCAlc1xuIiwgbmFtZSk7
CiAgcHV0MzIoMCk7IC8vIE9LCiAgY3VycmVudF9maCA9IG5hbWUyZmgobmFtZSk7Cn0KCnZvaWQK
cGFyc2Vfb3BfcmVhZGRpcigpCnsKICBsb25nIGxvbmcgY29va2llID0gcGFyc2U2NCgpOwogIGxv
bmcgbG9uZyB2ZXJmID0gcGFyc2U2NCgpOyAvLyBjb29raWUgdmVyaWZpZXIKICBwYXJzZTMyKCk7
IC8vIGRpcmNvdW50CiAgcGFyc2UzMigpOyAvLyBtYXhjb3VudAogIC8vIGF0dHJfcmVxdWVzdAog
IGludCBiaXR3b3JkcyA9IHBhcnNlMzIoKTsKICBpbnQgd29yZHNbMzJdOwogIGZvcihpbnQgaSA9
IDA7IGkgPCBiaXR3b3JkczsgaSsrKQogICAgd29yZHNbaV0gPSBwYXJzZTMyKCk7CgogIHB1dDMy
KDApOyAvLyBPSwogIHB1dDY0KHZlcmYpOyAvLyBjb29raWV2ZXJmCiAgY2hhciAqbmFtZXNbXSA9
IHsgInoiLCAienp6IiB9OwogIGZvcihpbnQgaSA9IDA7IGkgPCAyOyBpKyspewogICAgcHV0MzIo
MSk7IC8vICpuZXh0ZW50cnkKICAgIHB1dDY0KG5leHRfY29va2llKyspOyAvLyBjb29raWUKICAg
IHB1dF9vcGFxdWUoMywgbmFtZXNbaV0pOyAvLyBuYW1lCiAgICBwdXRfZmF0dHI0KGJpdHdvcmRz
LCB3b3JkcywgbmFtZTJmaChuYW1lc1tpXSkpOwogIH0KCiAgcHV0MzIoMCk7IC8vICpuZXh0ZW50
cnkKCiAgcHV0MzIoMSk7IC8vIGVvZgp9Cgp2b2lkCnBhcnNlX29wX29wZW4oKQp7CiAgY2hhciBu
YW1lWzI1Nl07CiAgbmFtZVswXSA9IDA7CiAgcGFyc2UzMigpOyAvLyBzZXFpZAogIHBhcnNlMzIo
KTsgLy8gc2hhcmVfYWNjZXNzCiAgcGFyc2UzMigpOyAvLyBzaGFyZV9kZW55CiAgcGFyc2U2NCgp
OyAvLyBvd25lciBjbGllbnQgaWQKICBwYXJzZV9vcGFxdWUoMCk7IC8vIG93bmVyIG93bmVyCiAg
Ly8gb3BlbmZsYWc0CiAgaW50IG9wZW50eXBlID0gcGFyc2UzMigpOwogIGlmKG9wZW50eXBlID09
IDEpewogICAgLy8gT1BFTjRfQ1JFQVRFCiAgICBpbnQgbW9kZSA9IHBhcnNlMzIoKTsgLy8gY3Jl
YXRlaG93NAogICAgaWYobW9kZSA9PSAwKXsKICAgICAgLy8gVU5DSEVDS0VENAogICAgICAvLyBm
YXR0cjQgY3JlYXRlYXR0cnMKICAgICAgaW50IGJpdHdvcmRzID0gcGFyc2UzMigpOwogICAgICBp
bnQgd29yZHNbMzJdOwogICAgICBmb3IoaW50IGkgPSAwOyBpIDwgYml0d29yZHM7IGkrKykKICAg
ICAgICB3b3Jkc1tpXSA9IHBhcnNlMzIoKTsKICAgICAgcGFyc2Vfb3BhcXVlKDApOyAvLyBhdHRy
bGlzdDQKICAgIH0gZWxzZSB7CiAgICAgIHByaW50ZigiT1BFTjRfQ1JFQVRFIHVua25vd24gbW9k
ZSAlZFxuIiwgbW9kZSk7CiAgICAgIGV4aXQoMSk7CiAgICB9CiAgfSBlbHNlIGlmKG9wZW50eXBl
ID09IDApewogICAgLy8gT1BFTjRfTk9DUkVBVEUKICB9IGVsc2UgewogICAgcHJpbnRmKCJ1bmtu
b3duIG9wZW50eXBlICVkXG4iLCBvcGVudHlwZSk7CiAgICBleGl0KDEpOwogIH0KICBpbnQgb3Bl
bl9jbGFpbV90eXBlID0gcGFyc2UzMigpOwogIGlmKG9wZW5fY2xhaW1fdHlwZSA9PSAwKXsKICAg
IC8vIENMQUlNX05VTEwKICAgIHBhcnNlX29wYXF1ZShuYW1lKTsgLy8gZmlsZSBuYW1lCiAgfSBl
bHNlIGlmKG9wZW5fY2xhaW1fdHlwZSA9PSAyKXsKICAgIC8vIENMQUlNX0RFTEVHQVRFX0NVUgog
ICAgLy8gb3Blbl9jbGFpbV9kZWxlZ2F0ZV9jdXI0CiAgICAvLyBzdGF0ZWlkNAogICAgcGFyc2Uz
MigpOyAvLyBzZXFpZAogICAgcGFyc2UzMigpOwogICAgcGFyc2UzMigpOwogICAgcGFyc2UzMigp
OwogICAgcGFyc2Vfb3BhcXVlKG5hbWUpOyAvLyBmaWxlIG5hbWUKICB9IGVsc2UgaWYob3Blbl9j
bGFpbV90eXBlID09IDQpewogICAgLy8gQ0xBSU1fRkgKICB9IGVsc2UgewogICAgcHJpbnRmKCJv
eSwgb3Blbl9jbGFpbV90eXBlICVkXG4iLCBvcGVuX2NsYWltX3R5cGUpOwogICAgZXhpdCgxKTsK
ICB9CgogIHB1dDMyKDApOyAvLyBPSwogIC8vIHN0YXRlaWQ0CiAgcHV0MzIoMSk7IC8vIHNlcWlk
CiAgcHV0MzIoMSk7IC8vIG90aGVyCiAgcHV0MzIoMSk7CiAgcHV0MzIoMSk7CiAgLy8gY2hhbmdl
X2luZm80CiAgcHV0MzIoMSk7CiAgcHV0NjQoMCk7IC8vIGJlZm9yZQogIHB1dDY0KDApOyAvLyBh
ZnRlcgogIHB1dDMyKDApOyAvLyByZmxhZ3MKICBwdXQzMigwKTsgLy8gYXR0cnNldCBiaXRtYXAg
bGVuZ3RoCiAgLy8gb3Blbl9kZWxlZ2F0aW9uNAogIHB1dDMyKDApOyAvLyBPUEVOX0RFTEVHQVRF
X05PTkUKICBwcmludGYoIiAgbmFtZT0lc1xuIiwgbmFtZSk7CiAgaWYobmFtZVswXSl7CiAgICBj
dXJyZW50X2ZoID0gbmFtZTJmaChuYW1lKTsKICB9IGVsc2UgewogICAgcHJpbnRmKCJvcF9vcGVu
OiBubyBuYW1lIHdpdGggd2hpY2ggdG8gc2V0IGZoXG4iKTsKICB9Cn0KCnZvaWQKcGFyc2Vfb3Bf
c2V0YXR0cigpCnsKICAvLyBzdGF0ZWlkNAogIHBhcnNlMzIoKTsgLy8gc2VxaWQKICBwYXJzZTMy
KCk7IC8vIG90aGVyCiAgcGFyc2UzMigpOyAvLyBvdGhlcgogIHBhcnNlMzIoKTsgLy8gb3RoZXIK
ICAvLyBmYXR0cjQKICBpbnQgYml0d29yZHMgPSBwYXJzZTMyKCk7CiAgaW50IHdvcmRzWzY0XTsK
ICBmb3IoaW50IGkgPSAwOyBpIDwgYml0d29yZHM7IGkrKykKICAgIHdvcmRzW2ldID0gcGFyc2Uz
MigpOwogIHBhcnNlX29wYXF1ZSgwKTsgLy8gYXR0cmxpc3Q0CgogIHB1dDMyKDApOyAvLyBPSwog
IHB1dDMyKGJpdHdvcmRzKTsKICBmb3IoaW50IGkgPSAwOyBpIDwgYml0d29yZHM7IGkrKykKICAg
IHB1dDMyKHdvcmRzW2ldKTsKfQoKdm9pZApwYXJzZV9vcF9sYXlvdXRnZXQoKQp7CiAgcGFyc2Uz
MigpOyAvLyBsb2dhX3NpZ25hbF9sYXlvdXRfYXZhaWwKICBwYXJzZTMyKCk7IC8vIGxheW91dHR5
cGU0CiAgcGFyc2UzMigpOyAvLyBsYXlvdXRpb21vZGU0CiAgcGFyc2U2NCgpOyAvLyBvZmZzZXQK
ICBwYXJzZTY0KCk7IC8vIGxlbmd0aAogIHBhcnNlNjQoKTsgLy8gbWlubGVuZ3RoCiAgcGFyc2Uz
MigpOyAvLyBzdGF0ZWlkNCBzZXFpZAogIHBhcnNlMzIoKTsgLy8gc3RhdGVpZDQgb3RoZXIKICBw
YXJzZTMyKCk7IC8vIHN0YXRlaWQ0IG90aGVyCiAgcGFyc2UzMigpOyAvLyBzdGF0ZWlkNCBvdGhl
cgogIHBhcnNlMzIoKTsgLy8gY291bnQzMgogIAogIHB1dDMyKDApOyAvLyBPSwogIHB1dDMyKDAp
OyAvLyByZXR1cm5fb25fY2xvc2UKICBwdXQzMigwKTsgLy8gc3RhdGVpZDQgc2VxaWQKICBwdXQz
MigwKTsgLy8gc3RhdGVpZDQgb3RoZXIKICBwdXQzMigwKTsgLy8gc3RhdGVpZDQgb3RoZXIKICBw
dXQzMigwKTsgLy8gc3RhdGVpZDQgb3RoZXIKICBwdXQzMigxKTsgLy8gIyBvZiBsYXlvdXQ0CiAg
cHV0NjQoMCk7IC8vIG9mZnNldAogIHB1dDY0KDEwMDAwMDApOyAvLyBsZW5ndGgKICBwdXQzMigz
KTsgLy8gbGF5b3V0aW9tb2RlNAogIHB1dDMyKDEpOyAvLyBsYXlvdXR0eXBlNAogIHB1dF9vcGFx
dWUoOCwgInh4eHh4eHh4Iik7IC8vIGxvY19ib2R5Cn0KCnZvaWQKcGFyc2Vfb3Bfd3JpdGUoKQp7
CiAgcGFyc2UzMigpOyAvLyBzdGF0ZWlkNAogIHBhcnNlMzIoKTsgLy8gc3RhdGVpZDQKICBwYXJz
ZTMyKCk7IC8vIHN0YXRlaWQ0CiAgcGFyc2UzMigpOyAvLyBzdGF0ZWlkNAogIHBhcnNlNjQoKTsg
Ly8gb2Zmc2V0CiAgcGFyc2UzMigpOyAvLyBzdGFibGVfaG93NAogIGludCBuID0gcGFyc2Vfb3Bh
cXVlKDApOyAvLyBkYXRhCgogIHB1dDMyKDApOyAvLyBPSwogIHB1dDMyKG4pOyAvLyBjb3VudAog
IHB1dDMyKDApOyAvLyBVTlNUQUJMRTQKICBwdXQ2NCgxKTsgLy8gdmVyaWZpZXIKfQoKdm9pZApw
YXJzZV9vcF9yZWFkKCkKewogIHBhcnNlMzIoKTsgLy8gc3RhdGVpZDQKICBwYXJzZTMyKCk7IC8v
IHN0YXRlaWQ0CiAgcGFyc2UzMigpOyAvLyBzdGF0ZWlkNAogIHBhcnNlMzIoKTsgLy8gc3RhdGVp
ZDQKICBwYXJzZTY0KCk7IC8vIG9mZnNldAogIHBhcnNlMzIoKTsgLy8gY291bnQKCiAgcHV0MzIo
MCk7IC8vIE9LCiAgcHV0MzIoMSk7IC8vIGVvZgogIHB1dF9vcGFxdWUoNCwgImFiY2QiKTsKfQoK
dm9pZApwYXJzZV9vcF9jb21taXQoKQp7CiAgcGFyc2U2NCgpOyAvLyBvZmZzZXQKICBwYXJzZTMy
KCk7IC8vIGNvdW50CiAgcHV0MzIoMCk7IC8vIE9LCiAgcHV0NjQoMSk7IC8vIHZlcmlmaWVyNAp9
Cgp2b2lkCnBhcnNlX2NvbXBvdW5kKCkKewogIGNoYXIgdGFnWzUxMl07CiAgaW50IHRhZ2xlbiA9
IHBhcnNlX29wYXF1ZSh0YWcpOyAvLyB0YWcKICBwYXJzZTMyKCk7IC8vIG1pbm9yIHZlcnNpb24K
ICBpbnQgbm9wcyA9IHBhcnNlMzIoKTsKCiAgLy8gc3RhcnQgYSBDT01QT1VORDRyZXMKICBwdXQz
MigwKTsgLy8gbmZzc3RhdDQgPSBORlM0X09LCiAgcHV0X29wYXF1ZSh0YWdsZW4sIHRhZyk7CiAg
cHV0MzIobm9wcyk7IC8vIGxlbmd0aCBvZiByZXNhcnJheTw+CiAgCiAgZm9yKGludCBvcGluZGV4
ID0gMDsgb3BpbmRleCA8IG5vcHMgJiYgb2kgPCBpbGVuOyBvcGluZGV4KyspewogICAgaW50IG9w
ID0gcGFyc2UzMigpOwogICAgcHJpbnRmKCJvcCAlZCAjJWRcbiIsIG9wLCBvcGNvdW50c1tvcCYw
eGZmXSk7CiAgICBwdXQzMihvcCk7IC8vIHJlc29wIGluIG5mc19yZXNvcDQKICAgIGlmKHN5bV9v
cCA9PSBvcCl7CiAgICAgIGlmKHN5bV9za2lwIDw9IDApewogICAgICAgIHN5bXN0YXJ0ID0gb2k7
CiAgICAgIH0KICAgICAgc3ltX3NraXAgLT0gMTsKICAgIH0KICAgIGlmKG9wID09IDQyKXsKICAg
ICAgcGFyc2Vfb3BfZXhjaGFuZ2VfaWQoKTsKICAgIH0gZWxzZSBpZihvcCA9PSA0Myl7CiAgICAg
IHBhcnNlX29wX2NyZWF0ZV9zZXNzaW9uKCk7CiAgICB9IGVsc2UgaWYob3AgPT0gNTMpewogICAg
ICBwYXJzZV9vcF9zZXF1ZW5jZSgpOwogICAgfSBlbHNlIGlmKG9wID09IDU4KXsKICAgICAgcGFy
c2Vfb3BfcmVjbGFpbV9jb21wbGV0ZSgpOwogICAgfSBlbHNlIGlmKG9wID09IDI0KXsKICAgICAg
cGFyc2Vfb3BfcHV0cm9vdGZoKCk7CiAgICB9IGVsc2UgaWYob3AgPT0gNTIpewogICAgICBwYXJz
ZV9vcF9zZWNpbmZvX25vX25hbWUoKTsKICAgIH0gZWxzZSBpZihvcCA9PSA0NCl7CiAgICAgIHBh
cnNlX29wX2Rlc3Ryb3lfc2Vzc2lvbigpOwogICAgfSBlbHNlIGlmKG9wID09IDU3KXsKICAgICAg
cGFyc2Vfb3BfZGVzdHJveV9jbGllbnRpZCgpOwogICAgfSBlbHNlIGlmKG9wID09IDEwKXsKICAg
ICAgcGFyc2Vfb3BfZ2V0ZmgoKTsKICAgIH0gZWxzZSBpZihvcCA9PSA5KXsKICAgICAgcGFyc2Vf
b3BfZ2V0YXR0cigpOwogICAgfSBlbHNlIGlmKG9wID09IDIyKXsKICAgICAgcGFyc2Vfb3BfcHV0
ZmgoKTsKICAgIH0gZWxzZSBpZihvcCA9PSAzKXsKICAgICAgcGFyc2Vfb3BfYWNjZXNzKCk7CiAg
ICB9IGVsc2UgaWYob3AgPT0gMTUpewogICAgICBwYXJzZV9vcF9sb29rdXAoKTsKICAgIH0gZWxz
ZSBpZihvcCA9PSAyNil7CiAgICAgIHBhcnNlX29wX3JlYWRkaXIoKTsKICAgIH0gZWxzZSBpZihv
cCA9PSAxOCl7CiAgICAgIHBhcnNlX29wX29wZW4oKTsKICAgIH0gZWxzZSBpZihvcCA9PSAzNCl7
CiAgICAgIHBhcnNlX29wX3NldGF0dHIoKTsKICAgIH0gZWxzZSBpZihvcCA9PSA1MCl7CiAgICAg
IHBhcnNlX29wX2xheW91dGdldCgpOwogICAgfSBlbHNlIGlmKG9wID09IDM4KXsKICAgICAgcGFy
c2Vfb3Bfd3JpdGUoKTsKICAgIH0gZWxzZSBpZihvcCA9PSAyNSl7CiAgICAgIHBhcnNlX29wX3Jl
YWQoKTsKICAgIH0gZWxzZSBpZihvcCA9PSA1KXsKICAgICAgcGFyc2Vfb3BfY29tbWl0KCk7CiAg
ICB9IGVsc2UgewogICAgICBwcmludGYoInVua25vd24gb3AgJWRcbiIsIG9wKTsKICAgICAgLy8g
Y2Fubm90IGNvbnRpbnVlIHRvIHRoZSBuZXh0IG9wIHNpbmNlCiAgICAgIC8vIHdlIGRvbid0IGtu
b3cgaG93IGxvbmcgdGhpcyBvbmUgaXMuCiAgICAgIGJyZWFrOwogICAgfQogICAgaWYoc3ltc3Rh
cnQgIT0gLTEpCiAgICAgIHN5bWVuZCA9IG9pOwogICAgb3Bjb3VudHNbb3AmMHhmZl0gKz0gMTsK
ICB9Cn0KCnZvaWQKcGFyc2VfcnBjKCkKewogIC8vIFNVTiBSUEMKICBpbnQgeGlkID0gcGFyc2Uz
MigpOwogIHBhcnNlMzIoKTsgLy8gbXR5cGU9Q0FMTAogIHBhcnNlMzIoKTsgLy8gcnBjIHZlcnNp
b24KICBwYXJzZTMyKCk7IC8vIHByb2cjCiAgcGFyc2UzMigpOyAvLyBwcm9nIHZlcnMKICBpbnQg
cHJvYyA9IHBhcnNlMzIoKTsKICBwYXJzZTMyKCk7IC8vIGNyZWQgdHlwZQogIHBhcnNlX29wYXF1
ZSgwKTsgLy8gY3JlZAogIHBhcnNlMzIoKTsgLy8gdmVyZiB0eXBlCiAgcGFyc2Vfb3BhcXVlKDAp
OyAvLyB2ZXJmCgogIHB1dDMyKHhpZCk7CiAgcHV0MzIoMSk7IC8vIFJFUExZCiAgcHV0MzIoMCk7
IC8vIE1TR19BQ0NFUFRFRAogIHB1dDMyKDApOyAvLyBvcGFxdWVfYXV0aCBmbGF2b3IgPSBBVVRI
X05VTEwKICBwdXQzMigwKTsgLy8gb3BhcXVlX2F1dGggbGVuZ3RoCiAgcHV0MzIoMCk7IC8vIFNV
Q0NFU1MKCiAgaWYocHJvYyA9PSAwKXsKICAgIHBhcnNlX25vcCgpOwogIH0gZWxzZSBpZihwcm9j
ID09IDEpewogICAgcGFyc2VfY29tcG91bmQoKTsKICB9IGVsc2UgewogICAgcHJpbnRmKCJ1bmtu
b3duIHJwYyBwcm9jICVkXG4iLCBwcm9jKTsKICB9Cn0KCmludAptYWluKCl7CiAgc2V0bGluZWJ1
ZihzdGRvdXQpOwogIHN0cnVjdCBybGltaXQgcjsKICByLnJsaW1fY3VyID0gci5ybGltX21heCA9
IDA7CiAgc2V0cmxpbWl0KFJMSU1JVF9DT1JFLCAmcik7CgogIGludCBzID0gc29ja2V0KEFGX0lO
RVQsIFNPQ0tfU1RSRUFNLCAwKTsKICBzdHJ1Y3Qgc29ja2FkZHJfaW4gc2luOwogIG1lbXNldCgm
c2luLCAwLCBzaXplb2Yoc2luKSk7CiAgc2luLnNpbl9mYW1pbHkgPSBBRl9JTkVUOwogIHNpbi5z
aW5fcG9ydCA9IGh0b25zKDIwNDkpOwogIGludCB5ZXMgPSAxOwogIHNldHNvY2tvcHQocywgU09M
X1NPQ0tFVCwgU09fUkVVU0VBRERSLCAmeWVzLCBzaXplb2YoeWVzKSk7CiAgaWYoYmluZChzLCAo
c3RydWN0IHNvY2thZGRyICopJnNpbiwgc2l6ZW9mKHNpbikpIDwgMCl7CiAgICBwZXJyb3IoImJp
bmQiKTsgZXhpdCgxKTsKICB9CiAgbGlzdGVuKHMsIDEwKTsKCiAgaW50IHBpZDEgPSBmb3JrKCk7
CiAgaWYocGlkMSA9PSAwKXsKICAgIGNsb3NlKHMpOwogICAgaWYoc3lzdGVtKCJlY2hvIC1uIG1v
dW50OiA7IG1vdW50IC1vIG5vbG9jayAxMjcuMC4wLjE6L3RtcCAvbW50IikgPT0gMCl7CiAgICAg
IHN5c3RlbSgiZWNobyAtbiBsczogOyBscyAtbCAvbW50Ly4gL21udC96Iik7CiAgICAgIHN5c3Rl
bSgiZWNobyAtbiBlY2hvOiA7IGVjaG8gaGkgPiAvbW50L3giKTsKICAgICAgc3lzdGVtKCJlY2hv
IC1uIGRkOiA7IGRkIGlmPS9tbnQveSBvZj0vZGV2L251bGwgYnM9NTEyIGNvdW50PTEiKTsKICAg
ICAgc3lzdGVtKCJlY2hvIC1uIHVtb3VudDogOyB1bW91bnQgL21udCIpOwogICAgfQogICAgZXhp
dCgwKTsKICB9CgogIGludCBwaWQyID0gZm9yaygpOwogIGlmKHBpZDIgPT0gMCl7CiAgICBzb2Nr
bGVuX3Qgc2lubGVuID0gc2l6ZW9mKHNpbik7CiAgICBwcmludGYoImNhbGxpbmcgYWNjZXB0XG4i
KTsKICAgIGludCBzMSA9IGFjY2VwdChzLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sICZzaW5s
ZW4pOwogICAgcHJpbnRmKCJhY2NlcHQgcmV0dXJuZWQgJWRcbiIsIHMxKTsKICAgIGlmKHMxIDwg
MCkgeyBwZXJyb3IoImFjY2VwdCIpOyBleGl0KDEpOyB9CiAgICBjbG9zZShzKTsKICAKICAgIHdo
aWxlKDEpewogICAgICBpZihyZWFkbihzMSwgJmlsZW4sIDQpIDwgMCkgYnJlYWs7CiAgICAgIGls
ZW4gPSBudG9obChpbGVuKTsKICAgICAgaWxlbiAmPSAweDdmZmZmZmZmOwogICAgICBpZihyZWFk
bihzMSwgaWJ1ZiwgaWxlbikgPCAwKSBicmVhazsKICAgICAgb2kgPSBpaSA9IDA7CiAgICAgIHB1
dDMyKDApOyAvLyBwbGFjZS1ob2xkZXIgZm9yIGxlbmd0aAogICAgICBwYXJzZV9ycGMoKTsKICAg
ICAgKihpbnQqKShvYnVmKzApID0gaHRvbmwoKG9pIC0gNCkgfCAweDgwMDAwMDAwKTsKICAgICAg
aWYoYWFpID4gTkFBKXsKICAgICAgICBwcmludGYoIm9vcHMgYWFpICVkIE5BQSAlZFxuIiwgYWFp
LCBOQUEpOwogICAgICAgIGV4aXQoMSk7CiAgICAgIH0KICAgICAgaWYoc3ltc3RhcnQgIT0gLTEp
ewogICAgICAgIGZvcihpbnQgaSA9IHN5bXN0YXJ0OyBpIDwgb2kgJiYgaSA8IHN5bWVuZCAmJiBh
YWkgPCBOQUE7IGkgKz0gOCkKICAgICAgICAgICoodW5zaWduZWQgbG9uZyBsb25nICopKG9idWYg
KyBpKSBePSBhYVthYWkrK107CiAgICAgICAgc3ltc3RhcnQgPSAtMTsKICAgICAgfQogICAgICBp
Zih3cml0ZShzMSwgb2J1Ziwgb2kpPD0wKSBwZXJyb3IoIndyaXRlIik7CiAgICB9CiAgICBleGl0
KDEpOwogIH0KICBjbG9zZShzKTsKICBzbGVlcCgxNSk7Cn0K
--=-=-=--