ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 1.982s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 0.832s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect (cached) ok github.com/google/syzkaller/pkg/build (cached) ok github.com/google/syzkaller/pkg/compiler 2.545s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover 23.292s ok github.com/google/syzkaller/pkg/cover/backend (cached) --- FAIL: TestGenerate (13.58s) --- FAIL: TestGenerate/fuchsia/amd64 (0.13s) testutil.go:33: seed=1674414193822895231 --- FAIL: TestGenerate/fuchsia/amd64/8 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:-9223372036854775808 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2196649761 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/2 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :281:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2273438741 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/3 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2850958539 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/0 (0.61s) csource_test.go:133: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_one(void) { intptr_t res = 0; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); syz_future_time(0); syz_job_default(); syz_mmap(0x20ffd000, 0x1000); syz_process_self(); syz_thread_self(); syz_vmar_root_self(); } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :152:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2773814692 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/13 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); fprintf(stderr, "### call=0 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); fprintf(stderr, "### call=1 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); fprintf(stderr, "### call=2 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); fprintf(stderr, "### call=3 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); fprintf(stderr, "### call=4 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 5: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); fprintf(stderr, "### call=5 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); fprintf(stderr, "### call=6 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); fprintf(stderr, "### call=7 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 8: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); fprintf(stderr, "### call=8 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); fprintf(stderr, "### call=9 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); res = -1; errno = EFAULT; res = syz_execute_func(0x20000000); fprintf(stderr, "### call=10 errno=%u\n", res == -1 ? errno : 0); break; case 11: res = -1; errno = EFAULT; res = syz_future_time(0); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: res = -1; errno = EFAULT; res = syz_job_default(); fprintf(stderr, "### call=12 errno=%u\n", res == -1 ? errno : 0); break; case 13: res = -1; errno = EFAULT; res = syz_mmap(0x20ffd000, 0x1000); fprintf(stderr, "### call=13 errno=%u\n", res == -1 ? errno : 0); break; case 14: res = -1; errno = EFAULT; res = syz_process_self(); fprintf(stderr, "### call=14 errno=%u\n", res == -1 ? errno : 0); break; case 15: res = -1; errno = EFAULT; res = syz_thread_self(); fprintf(stderr, "### call=15 errno=%u\n", res == -1 ? errno : 0); break; case 16: res = -1; errno = EFAULT; res = syz_vmar_root_self(); fprintf(stderr, "### call=16 errno=%u\n", res == -1 ? errno : 0); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :291:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2931794870 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/6 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor184682069 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/9 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor3930066089 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/4 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor41573607 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/7 (0.61s) csource_test.go:131: --- FAIL: TestGenerate/fuchsia/amd64/14 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :291:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2334286759 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/1 (0.59s) csource_test.go:133: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000001000)=0x0) (fail_nth: 1) zx_channel_call_etc(0x0, 0xffff, 0x0, &(0x7f00000011c0)={&(0x7f0000000000)="0001a747cc965bdf12ac9b60b2e125dc044ed2fa880a719727d6b5a224706f0f99de8fa46158d7d04ac1fe18adb81dc99e6d93328c47ceaa6652a680853582ab5bb4649593ec0604194e7946fb11ae7eb26fab2030f4fe727f5878bc0898e7ce6a4810cead730969c81c54a5276ecbb4263283639baf3d4b50d36a135700391d4e1f4045e58e557719400d9ac570dc938c47340f8f19341b2aa414c80d8dd5ec729524c84e004ff93d264796eccee5e023a1edd21526655ec5abc5f0f8ec7303eca764277f214cb86b39c471dcfd802cd84e9b609b46a8e7f140d55ca5f90f5410b91ae06cb4def60852c76f744c8e05e49c674b7b0a73c0932512fa3aac67db01a267b7bc3e6c4c72dd5aa5631c9195807427ead967bfbcc0bf3e7598e04be3dbe335a76c84c2200e7a7885e8e273f738c3e06dff138d8a07383dc997ce9f37ba5b7adadc410664580363e0c8f2ef119d532000f90fae65fede371d15bdffc124355dd2256b85b7396099ef71d022cd99a2fe1c99548260dc18bb8819a347ddc939868a68b7ebef3712fa961f5c0b5e60446ac0f14fda37a62b1fe138570c4bcb9d9ec8e245975bb972b10b4923211d8af36a29dda547f7e99a40227021b49e3b288cc5059aa432e7ba1b9ee5ffacdc387dadde0fdd6a868e3e53f5ab5405166bd9501a43a98dcbd04c69cfec4d129c9be43c95754b86b55017a681af682f2464e3ad9a4b3aeea74e68fe1fb3500d38e8df66ed4ffa23c482c724836c7cf49b5ef97c2bd77ca2538f49f5ddda64c1fe96737ac575a3d3ebd6b542a54f98f9c16c7ee4bdd7cc690074d4bf26ce104d3ac35d79f8675e10b17b2e66e1e63070ef12459bec9754eec111993ee9fe3a99030ff630e5dd9602ad8dee02bd5fe0dfbcab284760747125cd21db316841376de54b5d6b12d137625141de927fcca1086713c5d9fdacf854f4851f721bf2e6d6bfbb77bdcfbde0b717b3312eb9a331f18b669bc1179ce60e0f133d4067903cd5dad1bf8c277543e5f40551ce739f1e1dfbfc79c3926c655584c69bd9196587e8915d9fe8df3478c4b870e415775dc2398431c0ad8b96c445c3dc98ae934f944952c552b5c2c0b099b4531458f60c2753f9e04d06e50e9cb38ffd46390080eca9cceaf95918718063949464a59ad6e9b8d2b7b053e77a5499db3e9e25b7f2de9dde5ed4ca60c74a8cfc2587cef9d336ec4edd2b153637d4aa828fd5d3c9fd78c5f1643a3074545611af80500fd7ca4a1e74e7459d9d699fb611270674eb9fd3d8187f8c95467402fb2d065fa5c837e16e2741c5374753d89cba55a4bf5a72bcb2a5bb33c6d20c5b5e52d2bd3c87d8f1a7faf41849e23a4297f1784d20a08ac5fe8a2d65b75b6c1f47eb28cfc6590bd8199f135749f5df60321d06ffe8edd0aa7c7e3f6639b5e2469cfbafe67c117172d3b32efb68cb25ccd47d2a21ef5f9a7edfc4789ce98a30ddbc2f5e1cbb1eb40333857b5217bb5c64e2806e6eb23ef6b9048c768d2b16c3782241ce513be555850214a53a149dc1fe4b34e1fe3492e7e88554b6f446c9320109eaf3e51fd420210202c10c6e159bb5f2db6524a78249e06ed52d431864305b982c4ab3583f46f21423eae06508f0f6aaa0f9762de93b8b48b4e8610b12403d8b8cc769abc3839994449764496c12dd037001c58673d9841b3285bbbe9fa5648917e8bb85a58ae3acc5eb561f5d27fb1c70ec11a73bc172f5b7f024fe27783df025df7b0b80806a81aab375c52ccc91ed68c65937089079be64fc7e691b2c41b174fc987fb48fd8118f441863e5ae363a221b21016ff848318e2becca25acdde488af58db93908c09465f39b386713fedd06d9e844b5b8ade0444087a8dfe4259e8d23de2525c14b400053a1f977b18fce9dda76aa16d3e165fb48e1a491585b7bc19f6759154216cb714647fdc8d78c4e683a1786f686974c85477ce2ec5346a45f0be1bb3a99dd94e2234292701e3ea967384b4d92cf0bffe1d43f8d688548b3f059f1003d3f35dff653c498566d919ca2bec219da12177f31861c410b79fda29f8d0be59a9c5d2f85d9af1f67450e618ecbc85831d50d410ff1bcb73b438aa9dc0fbe87185e0e7dcfd8ec268c62f4f172b5466ab535982013748bb392ec8bef3c86b216eeaffa1ff2a34c6bdf3c8fc0719bbf3f271427ecdc30aea70410c880ddf58a9da61a04226a674ce056844ce5cd6cff866588f1637ab179520a6b82b159f34f790247429f15c8efd5aed316060e8ba2bb2fcd892f3663eef01dd1814accf5ab8db1440f2455b1c5a3f15ea03e1de09560f1034e5e453fdefb0b94aa723033ec02d729beff01b6b322b93a8b5d9b4a3fc126dae2950db4d4aeca02325b8e7ae69095e2e05653832e0b9d5d4896d3d3931f8ec584814f4ab057c8670c40caf4ac141bfa42339ff867760c6a97b3f4d9f520839179a003c76ff21510c7c31cb45fccc763174bef06524bc6a5fd9a413ede524fcce95d03e08a002a552bc1681d717ea44e89e196580b5cd173138c0b84edffbf3053126bae9d46c217ddfe4c39f617ed51d086a24e268126b5d7c751f87936b4c5657334ba59b4743586aadd8e15079d0da39c9ac704361b19321f16fd73c8709e2d92670c5a92a9b9fa55cf9676fba8b0e68d60bca249d38183a2fced1c9b02446ce1d312542061cfa72b23ab99ce79b1a7a451e078460f0a71b14c1878a1bb850a033f895f8316eec91881696f5582621ae2f8afbe4c6059d0d035f5250d748758eb9f3537bf63f8d90a264b2cb861959105c78738793f44b5647ae28ba29ab336d78b0ceb53d9530ef6bfe6853fca51366bc34659e00053ba2f0b5801f28bc352f9202e83cac11f69ede4324f1b8185acefa0c878e06dcbe1ce702a275b90cbcdcb77b2a916d6df25a309077a789c0c5fe8fc1acdf48bc0895cca149227ecfa92d0886ef561d4b16fa3c7108f8194b343254c10d0d6276927095013e8ca3d353db701268aa71297087e95d91462687aae2035a36839df298a6bf17ec59e0fd0adc2ce1f63a65a9c1261a8777ab2b50676c7592002baa4bea564881331ff576b252255cb3272a181bbcba48b817ae90e242fcc2f6efe662ce4c79424149f231b915156e79fdc2de1949dc5d182e64173abae9d64e9291e0426e6eabbac2dbbaff3e635a672341dd9b6e59856f552cc59b2388e4e3fa48e54a09a30efa7ac0aacf6442097e513e242bf48a9e1f8a7e57c29a68c4e3a212809a63dc18751cdd11606ec2a512031577a0cbcc32c3e4345e30f6dc3df28a5816e832a8d0e37fe1a15bc53a06c1cd3054393a61129d1598b043681d6daaacc07d24ba0e2a562cf4e7e004715d620fb2b533a8f16d1929d18c716d41f1c736c1a3623140373d8c392cb8d19dec2ea2a51ad27d6a5e786b2ffd0574000e4a09a6c3253645a11be2f881a89ab71a2d486e03b5982e2ad2adf0cfb07cfe969f15d8be3a0c2b92854021906908b2c26c208b86082a45e1b2fcd501999020e0931735da194818ae27c952aae657ec0f1855af8b53f4a92848a25ef535455c6adec813e8f8b030e1108b0e7d65cf1c1ddd14683476d3203a0352a0e159feef3eee4456db312e54dceff6d2f3e57c8ebb40d9e19f113cc78fe4fb363721bde7352da5f760cde779f4eced9067cba8a6aaf32f1f890653301023e025f50718faa0a4c1d36cf729efe131c6d2cee0d66a06a956beb61b03fe321b0f444fb5db11f8eb69eb71d21aab93e2d3358e6828e86b8334a3b4fe93c1b7dfc64dff2b489349cb765faeb09f1eb381f73bd82a0dfaf0656754bcbe61a74d9a342e2cb4fd5cc42890bf00734b9a6db6768044ab218e6741113f4945236abdd8acc7cc726d62e9450913232cc842323a92f9dfddc571171af8c0f70034d08f59521ab9175ce9ec3ac3a09ae29c76dd483d1810475aa1109209e12ea5b3f8e8f9be1bf0c06291120dc3773681f0156183f68359f66e6c693cb02370250e8c6d0a530e0caecf52dc4ed2ba240e7fe88152bfb5357585174f596e8393cf276de94a19b32b8b538c8aa43b156a93a9612a8be38af45a4a2278f2e2e6fe6082c80f6caf1e9468499a4da9bbd7581af81c734ef920a5bd788023fb01e08c3c9e4d6f78173265844466dbf6db4b8be6a664a537c167a8c5664e5417fccb98e811b1bcc91aa87e40487ba49c25e57977cc8cfd7a8e1c0f31255bbfd4da46f2a964b8b4978802f2b1ed13569d02b5a27a855ba84911d8809d0f5a908ceb24e5a09726bb9e6990ff54ddd4bc21c1bce62d46d6ec7251d4c354ce771734a8c6553311c6488a380dc98d46f141266bc71b3bd1457e291a4e85f87224fd3298498061c7d1c75d59f71de9174eff80728b3db93dbcb3365dfef5639bde6a31fd5d0e18b7a83023b0b5ea7ad2f0f6176c577c43ff097d74599619faa771699f0d708c3db3e3657d2bc5e4f2498810bd49be182db55eb7063ea30410f605db278b5ae895e187006f84304262a5adaec9f361ae73b693395d087ffd0e2bef590b166551df17b787855cb66fc1bf06f216ea68c3c1d8f3e3839be88954aa4f24fb5adc007d76fea70cbfded2ea421e4728c04c180c54f89b88cc176b1b9a59968a40b7b4363c3d3b6e961004c830592607ec99d484bf4aa7b3d942bb0d4ecd3924757d7a48d4937020a07e89c1b0939fa8f3a839a1ce7f7dbf0b7cb9eb1bae325365b40d3fa68e1d2af1e6c1f35b5c6a0745bc7648a3f90c5a5738d4e35b2f69f841698c7189cc1606511615514c87182dd29840aa8e95f06d3cc1fd451ce38200f89bfc2f3ce8023b9049567b8bba7e2d1643f27c5314675b0085bc525fb3c5c1e1b9e326b922690b144a52d363d354ade2af69687e63d9c024baa6c77af4071c4d8631d5e19fde5210330a519ab594952080f8fb4141426b105011b9e338f8d5fce9c94589e75f93a13050d2eff8f8e0d2b3f7f999ea4da12d649b4a6b661948084c88b759c470b2ba329bb081754f72d6cc9e5b9ae174fcd63fd56a17847022d28481e6367c13c15b58820488f36a5f09eff547d4d20eff3cafafae1c70687aeee6529e59821605c1fe2ea6fe714b3509082f939a4ed82f037184d14dece9562b2b5d0d6f5e9776eb568cb2b817502ab52796d247753f67db146ae4c964bcc1f428cb5170d720297b064e44375e09edc714d7ce75ba121d8a1642c9a088ec177697a4b94e1b72c1531e6fd4a15e33374c1e7220e36d59c7090aadedb2cd05520bf0c72110ae878a760f3578b8710b7373c9ca31de5f1438e9292eb2c20454a106adbeabdfa6bf6e31f4435a42f4f5419315167ea441ee9d37a54047d8cb1f843bbb49d8819a59d2d26fc740f819300daab6c03f4b93217931b841c79fdb8065d827abb5122166d0b345019470099a5b8b95465ada1affafaae5ad2d53adefc53c0a6c6c467cdfcddd0e9af2cc639828c606f3a696f50be31d2d19c8ff95fc8cecbd3e6bd0d5bd6e40073ab52a73f3d5ef00b01d58161270b8a664db80f23bc6a8306f6b66b796dfe664d51b77680cb06a2ec999d0ed962ba534f16af26ab16fa2d5537d5c93e503034c099d260a8f32d4eddf48b25a75c9f92701cb040b5774a0d98ffcedf973aadd1f5bfa75cbfbd7ea4b9a56b6011cc44b7355525b3b72040f70f90619e19ba48140a5b96c40316be4f82a11c04702bff4ed47a20e07b5d7fb773bcfa10e4c03e88979a41b2c780133a424c73c5a5a7d8d79374235ff357d93db8ca1de2ae632ac3c09db7c33", &(0x7f0000001040)=[0x0, 0x0, 0x0, r0], &(0x7f0000001080)=""/208, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0xd0, 0x7}, &(0x7f0000001200), &(0x7f0000001240)) (async) zx_channel_call$fuchsia_io_DirectoryAdminGetToken(r4, 0x0, 0x7fffffffffffffff, &(0x7f0000011340)={&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000011300)={0x0}, 0x10, 0x0, 0x10000, 0x1}, &(0x7f0000011380), &(0x7f00000113c0)) (rerun: 4) zx_channel_call(r2, 0x0, 0x7fffffffffffffff, &(0x7f0000011580)={&(0x7f0000011400)="08d2588a18d84d44d193ae1571513a9b96c55a71e6e7996cd86ec83baaedcfeb5244b59e77433e74b6d38f9613f18be0e3fa96bccc221ce6f3582ad3daf0dc3e9fba77d168edcc34c2e875881e5689", &(0x7f0000011480)=[0x0, r7, r3, 0x0, r4, r1, r2], &(0x7f00000114c0)=""/85, &(0x7f0000011540)=[0x0], 0x4f, 0x7, 0x55, 0x1}, &(0x7f00000115c0), &(0x7f0000011600)) zx_channel_call$fuchsia_io_DirectoryAdminQueryFilesystem(r8, 0x0, 0x0, &(0x7f0000021700)={&(0x7f0000011640), &(0x7f0000011680), &(0x7f00000116c0), &(0x7f00000216c0), 0x10, 0x0, 0x10000}, &(0x7f0000021740), &(0x7f0000021780)) zx_channel_read_etc(r6, 0x2, &(0x7f00000217c0)=""/110, &(0x7f0000021840)=[{}, {0x0}, {}, {0x0}, {}, {}, {}, {}], 0x6e, 0x8, &(0x7f00000218c0), &(0x7f0000021900)) zx_vmo_create_child(r10, 0x0, 0x1, 0xbb6, &(0x7f0000021940)) fdio_service_connect$fuchsia_cobalt_LoggerSimple(&(0x7f0000021980), r5) zx_interrupt_wait(r9, &(0x7f00000219c0)=0x0) zx_channel_call$fuchsia_hardware_ethernet_DeviceConfigMulticastSetPromiscuousMode(r9, 0x0, r11, &(0x7f0000031ac0)={&(0x7f0000021a00)={{}, 0x7}, &(0x7f0000021a40), &(0x7f0000021a80), &(0x7f0000031a80), 0x11, 0x0, 0x10000}, &(0x7f0000031b00), &(0x7f0000031b40)) syz_execute_func(&(0x7f0000000000)="c4a279dbe2f3410f7e063e4c0faea39146bd7dc4820d91bc78907b0000660f3a0ea43e000800000066450f128e00000000c4827d0ea5d8df0000c4c1fd2ec9f3430f2a460ec443c95c450899") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:134: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[12] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(0, 0x20001000); if (res == ZX_OK) r[0] = *(uint32_t*)0x20001000; break; case 1: *(uint64_t*)0x200011c0 = 0x20000000; memcpy((void*)0x20000000, "\x00\x01\xa7\x47\xcc\x96\x5b\xdf\x12\xac\x9b\x60\xb2\xe1\x25\xdc\x04\x4e\xd2\xfa\x88\x0a\x71\x97\x27\xd6\xb5\xa2\x24\x70\x6f\x0f\x99\xde\x8f\xa4\x61\x58\xd7\xd0\x4a\xc1\xfe\x18\xad\xb8\x1d\xc9\x9e\x6d\x93\x32\x8c\x47\xce\xaa\x66\x52\xa6\x80\x85\x35\x82\xab\x5b\xb4\x64\x95\x93\xec\x06\x04\x19\x4e\x79\x46\xfb\x11\xae\x7e\xb2\x6f\xab\x20\x30\xf4\xfe\x72\x7f\x58\x78\xbc\x08\x98\xe7\xce\x6a\x48\x10\xce\xad\x73\x09\x69\xc8\x1c\x54\xa5\x27\x6e\xcb\xb4\x26\x32\x83\x63\x9b\xaf\x3d\x4b\x50\xd3\x6a\x13\x57\x00\x39\x1d\x4e\x1f\x40\x45\xe5\x8e\x55\x77\x19\x40\x0d\x9a\xc5\x70\xdc\x93\x8c\x47\x34\x0f\x8f\x19\x34\x1b\x2a\xa4\x14\xc8\x0d\x8d\xd5\xec\x72\x95\x24\xc8\x4e\x00\x4f\xf9\x3d\x26\x47\x96\xec\xce\xe5\xe0\x23\xa1\xed\xd2\x15\x26\x65\x5e\xc5\xab\xc5\xf0\xf8\xec\x73\x03\xec\xa7\x64\x27\x7f\x21\x4c\xb8\x6b\x39\xc4\x71\xdc\xfd\x80\x2c\xd8\x4e\x9b\x60\x9b\x46\xa8\xe7\xf1\x40\xd5\x5c\xa5\xf9\x0f\x54\x10\xb9\x1a\xe0\x6c\xb4\xde\xf6\x08\x52\xc7\x6f\x74\x4c\x8e\x05\xe4\x9c\x67\x4b\x7b\x0a\x73\xc0\x93\x25\x12\xfa\x3a\xac\x67\xdb\x01\xa2\x67\xb7\xbc\x3e\x6c\x4c\x72\xdd\x5a\xa5\x63\x1c\x91\x95\x80\x74\x27\xea\xd9\x67\xbf\xbc\xc0\xbf\x3e\x75\x98\xe0\x4b\xe3\xdb\xe3\x35\xa7\x6c\x84\xc2\x20\x0e\x7a\x78\x85\xe8\xe2\x73\xf7\x38\xc3\xe0\x6d\xff\x13\x8d\x8a\x07\x38\x3d\xc9\x97\xce\x9f\x37\xba\x5b\x7a\xda\xdc\x41\x06\x64\x58\x03\x63\xe0\xc8\xf2\xef\x11\x9d\x53\x20\x00\xf9\x0f\xae\x65\xfe\xde\x37\x1d\x15\xbd\xff\xc1\x24\x35\x5d\xd2\x25\x6b\x85\xb7\x39\x60\x99\xef\x71\xd0\x22\xcd\x99\xa2\xfe\x1c\x99\x54\x82\x60\xdc\x18\xbb\x88\x19\xa3\x47\xdd\xc9\x39\x86\x8a\x68\xb7\xeb\xef\x37\x12\xfa\x96\x1f\x5c\x0b\x5e\x60\x44\x6a\xc0\xf1\x4f\xda\x37\xa6\x2b\x1f\xe1\x38\x57\x0c\x4b\xcb\x9d\x9e\xc8\xe2\x45\x97\x5b\xb9\x72\xb1\x0b\x49\x23\x21\x1d\x8a\xf3\x6a\x29\xdd\xa5\x47\xf7\xe9\x9a\x40\x22\x70\x21\xb4\x9e\x3b\x28\x8c\xc5\x05\x9a\xa4\x32\xe7\xba\x1b\x9e\xe5\xff\xac\xdc\x38\x7d\xad\xde\x0f\xdd\x6a\x86\x8e\x3e\x53\xf5\xab\x54\x05\x16\x6b\xd9\x50\x1a\x43\xa9\x8d\xcb\xd0\x4c\x69\xcf\xec\x4d\x12\x9c\x9b\xe4\x3c\x95\x75\x4b\x86\xb5\x50\x17\xa6\x81\xaf\x68\x2f\x24\x64\xe3\xad\x9a\x4b\x3a\xee\xa7\x4e\x68\xfe\x1f\xb3\x50\x0d\x38\xe8\xdf\x66\xed\x4f\xfa\x23\xc4\x82\xc7\x24\x83\x6c\x7c\xf4\x9b\x5e\xf9\x7c\x2b\xd7\x7c\xa2\x53\x8f\x49\xf5\xdd\xda\x64\xc1\xfe\x96\x73\x7a\xc5\x75\xa3\xd3\xeb\xd6\xb5\x42\xa5\x4f\x98\xf9\xc1\x6c\x7e\xe4\xbd\xd7\xcc\x69\x00\x74\xd4\xbf\x26\xce\x10\x4d\x3a\xc3\x5d\x79\xf8\x67\x5e\x10\xb1\x7b\x2e\x66\xe1\xe6\x30\x70\xef\x12\x45\x9b\xec\x97\x54\xee\xc1\x11\x99\x3e\xe9\xfe\x3a\x99\x03\x0f\xf6\x30\xe5\xdd\x96\x02\xad\x8d\xee\x02\xbd\x5f\xe0\xdf\xbc\xab\x28\x47\x60\x74\x71\x25\xcd\x21\xdb\x31\x68\x41\x37\x6d\xe5\x4b\x5d\x6b\x12\xd1\x37\x62\x51\x41\xde\x92\x7f\xcc\xa1\x08\x67\x13\xc5\xd9\xfd\xac\xf8\x54\xf4\x85\x1f\x72\x1b\xf2\xe6\xd6\xbf\xbb\x77\xbd\xcf\xbd\xe0\xb7\x17\xb3\x31\x2e\xb9\xa3\x31\xf1\x8b\x66\x9b\xc1\x17\x9c\xe6\x0e\x0f\x13\x3d\x40\x67\x90\x3c\xd5\xda\xd1\xbf\x8c\x27\x75\x43\xe5\xf4\x05\x51\xce\x73\x9f\x1e\x1d\xfb\xfc\x79\xc3\x92\x6c\x65\x55\x84\xc6\x9b\xd9\x19\x65\x87\xe8\x91\x5d\x9f\xe8\xdf\x34\x78\xc4\xb8\x70\xe4\x15\x77\x5d\xc2\x39\x84\x31\xc0\xad\x8b\x96\xc4\x45\xc3\xdc\x98\xae\x93\x4f\x94\x49\x52\xc5\x52\xb5\xc2\xc0\xb0\x99\xb4\x53\x14\x58\xf6\x0c\x27\x53\xf9\xe0\x4d\x06\xe5\x0e\x9c\xb3\x8f\xfd\x46\x39\x00\x80\xec\xa9\xcc\xea\xf9\x59\x18\x71\x80\x63\x94\x94\x64\xa5\x9a\xd6\xe9\xb8\xd2\xb7\xb0\x53\xe7\x7a\x54\x99\xdb\x3e\x9e\x25\xb7\xf2\xde\x9d\xde\x5e\xd4\xca\x60\xc7\x4a\x8c\xfc\x25\x87\xce\xf9\xd3\x36\xec\x4e\xdd\x2b\x15\x36\x37\xd4\xaa\x82\x8f\xd5\xd3\xc9\xfd\x78\xc5\xf1\x64\x3a\x30\x74\x54\x56\x11\xaf\x80\x50\x0f\xd7\xca\x4a\x1e\x74\xe7\x45\x9d\x9d\x69\x9f\xb6\x11\x27\x06\x74\xeb\x9f\xd3\xd8\x18\x7f\x8c\x95\x46\x74\x02\xfb\x2d\x06\x5f\xa5\xc8\x37\xe1\x6e\x27\x41\xc5\x37\x47\x53\xd8\x9c\xba\x55\xa4\xbf\x5a\x72\xbc\xb2\xa5\xbb\x33\xc6\xd2\x0c\x5b\x5e\x52\xd2\xbd\x3c\x87\xd8\xf1\xa7\xfa\xf4\x18\x49\xe2\x3a\x42\x97\xf1\x78\x4d\x20\xa0\x8a\xc5\xfe\x8a\x2d\x65\xb7\x5b\x6c\x1f\x47\xeb\x28\xcf\xc6\x59\x0b\xd8\x19\x9f\x13\x57\x49\xf5\xdf\x60\x32\x1d\x06\xff\xe8\xed\xd0\xaa\x7c\x7e\x3f\x66\x39\xb5\xe2\x46\x9c\xfb\xaf\xe6\x7c\x11\x71\x72\xd3\xb3\x2e\xfb\x68\xcb\x25\xcc\xd4\x7d\x2a\x21\xef\x5f\x9a\x7e\xdf\xc4\x78\x9c\xe9\x8a\x30\xdd\xbc\x2f\x5e\x1c\xbb\x1e\xb4\x03\x33\x85\x7b\x52\x17\xbb\x5c\x64\xe2\x80\x6e\x6e\xb2\x3e\xf6\xb9\x04\x8c\x76\x8d\x2b\x16\xc3\x78\x22\x41\xce\x51\x3b\xe5\x55\x85\x02\x14\xa5\x3a\x14\x9d\xc1\xfe\x4b\x34\xe1\xfe\x34\x92\xe7\xe8\x85\x54\xb6\xf4\x46\xc9\x32\x01\x09\xea\xf3\xe5\x1f\xd4\x20\x21\x02\x02\xc1\x0c\x6e\x15\x9b\xb5\xf2\xdb\x65\x24\xa7\x82\x49\xe0\x6e\xd5\x2d\x43\x18\x64\x30\x5b\x98\x2c\x4a\xb3\x58\x3f\x46\xf2\x14\x23\xea\xe0\x65\x08\xf0\xf6\xaa\xa0\xf9\x76\x2d\xe9\x3b\x8b\x48\xb4\xe8\x61\x0b\x12\x40\x3d\x8b\x8c\xc7\x69\xab\xc3\x83\x99\x94\x44\x97\x64\x49\x6c\x12\xdd\x03\x70\x01\xc5\x86\x73\xd9\x84\x1b\x32\x85\xbb\xbe\x9f\xa5\x64\x89\x17\xe8\xbb\x85\xa5\x8a\xe3\xac\xc5\xeb\x56\x1f\x5d\x27\xfb\x1c\x70\xec\x11\xa7\x3b\xc1\x72\xf5\xb7\xf0\x24\xfe\x27\x78\x3d\xf0\x25\xdf\x7b\x0b\x80\x80\x6a\x81\xaa\xb3\x75\xc5\x2c\xcc\x91\xed\x68\xc6\x59\x37\x08\x90\x79\xbe\x64\xfc\x7e\x69\x1b\x2c\x41\xb1\x74\xfc\x98\x7f\xb4\x8f\xd8\x11\x8f\x44\x18\x63\xe5\xae\x36\x3a\x22\x1b\x21\x01\x6f\xf8\x48\x31\x8e\x2b\xec\xca\x25\xac\xdd\xe4\x88\xaf\x58\xdb\x93\x90\x8c\x09\x46\x5f\x39\xb3\x86\x71\x3f\xed\xd0\x6d\x9e\x84\x4b\x5b\x8a\xde\x04\x44\x08\x7a\x8d\xfe\x42\x59\xe8\xd2\x3d\xe2\x52\x5c\x14\xb4\x00\x05\x3a\x1f\x97\x7b\x18\xfc\xe9\xdd\xa7\x6a\xa1\x6d\x3e\x16\x5f\xb4\x8e\x1a\x49\x15\x85\xb7\xbc\x19\xf6\x75\x91\x54\x21\x6c\xb7\x14\x64\x7f\xdc\x8d\x78\xc4\xe6\x83\xa1\x78\x6f\x68\x69\x74\xc8\x54\x77\xce\x2e\xc5\x34\x6a\x45\xf0\xbe\x1b\xb3\xa9\x9d\xd9\x4e\x22\x34\x29\x27\x01\xe3\xea\x96\x73\x84\xb4\xd9\x2c\xf0\xbf\xfe\x1d\x43\xf8\xd6\x88\x54\x8b\x3f\x05\x9f\x10\x03\xd3\xf3\x5d\xff\x65\x3c\x49\x85\x66\xd9\x19\xca\x2b\xec\x21\x9d\xa1\x21\x77\xf3\x18\x61\xc4\x10\xb7\x9f\xda\x29\xf8\xd0\xbe\x59\xa9\xc5\xd2\xf8\x5d\x9a\xf1\xf6\x74\x50\xe6\x18\xec\xbc\x85\x83\x1d\x50\xd4\x10\xff\x1b\xcb\x73\xb4\x38\xaa\x9d\xc0\xfb\xe8\x71\x85\xe0\xe7\xdc\xfd\x8e\xc2\x68\xc6\x2f\x4f\x17\x2b\x54\x66\xab\x53\x59\x82\x01\x37\x48\xbb\x39\x2e\xc8\xbe\xf3\xc8\x6b\x21\x6e\xea\xff\xa1\xff\x2a\x34\xc6\xbd\xf3\xc8\xfc\x07\x19\xbb\xf3\xf2\x71\x42\x7e\xcd\xc3\x0a\xea\x70\x41\x0c\x88\x0d\xdf\x58\xa9\xda\x61\xa0\x42\x26\xa6\x74\xce\x05\x68\x44\xce\x5c\xd6\xcf\xf8\x66\x58\x8f\x16\x37\xab\x17\x95\x20\xa6\xb8\x2b\x15\x9f\x34\xf7\x90\x24\x74\x29\xf1\x5c\x8e\xfd\x5a\xed\x31\x60\x60\xe8\xba\x2b\xb2\xfc\xd8\x92\xf3\x66\x3e\xef\x01\xdd\x18\x14\xac\xcf\x5a\xb8\xdb\x14\x40\xf2\x45\x5b\x1c\x5a\x3f\x15\xea\x03\xe1\xde\x09\x56\x0f\x10\x34\xe5\xe4\x53\xfd\xef\xb0\xb9\x4a\xa7\x23\x03\x3e\xc0\x2d\x72\x9b\xef\xf0\x1b\x6b\x32\x2b\x93\xa8\xb5\xd9\xb4\xa3\xfc\x12\x6d\xae\x29\x50\xdb\x4d\x4a\xec\xa0\x23\x25\xb8\xe7\xae\x69\x09\x5e\x2e\x05\x65\x38\x32\xe0\xb9\xd5\xd4\x89\x6d\x3d\x39\x31\xf8\xec\x58\x48\x14\xf4\xab\x05\x7c\x86\x70\xc4\x0c\xaf\x4a\xc1\x41\xbf\xa4\x23\x39\xff\x86\x77\x60\xc6\xa9\x7b\x3f\x4d\x9f\x52\x08\x39\x17\x9a\x00\x3c\x76\xff\x21\x51\x0c\x7c\x31\xcb\x45\xfc\xcc\x76\x31\x74\xbe\xf0\x65\x24\xbc\x6a\x5f\xd9\xa4\x13\xed\xe5\x24\xfc\xce\x95\xd0\x3e\x08\xa0\x02\xa5\x52\xbc\x16\x81\xd7\x17\xea\x44\xe8\x9e\x19\x65\x80\xb5\xcd\x17\x31\x38\xc0\xb8\x4e\xdf\xfb\xf3\x05\x31\x26\xba\xe9\xd4\x6c\x21\x7d\xdf\xe4\xc3\x9f\x61\x7e\xd5\x1d\x08\x6a\x24\xe2\x68\x12\x6b\x5d\x7c\x75\x1f\x87\x93\x6b\x4c\x56\x57\x33\x4b\xa5\x9b\x47\x43\x58\x6a\xad\xd8\xe1\x50\x79\xd0\xda\x39\xc9\xac\x70\x43\x61\xb1\x93\x21\xf1\x6f\xd7\x3c\x87\x09\xe2\xd9\x26\x70\xc5\xa9\x2a\x9b\x9f\xa5\x5c\xf9\x67\x6f\xba\x8b\x0e\x68\xd6\x0b\xca\x24\x9d\x38\x18\x3a\x2f\xce\xd1\xc9\xb0\x24\x46\xce\x1d\x31\x25\x42\x06\x1c\xfa\x72\xb2\x3a\xb9\x9c\xe7\x9b\x1a\x7a\x45\x1e\x07\x84\x60\xf0\xa7\x1b\x14\xc1\x87\x8a\x1b\xb8\x50\xa0\x33\xf8\x95\xf8\x31\x6e\xec\x91\x88\x16\x96\xf5\x58\x26\x21\xae\x2f\x8a\xfb\xe4\xc6\x05\x9d\x0d\x03\x5f\x52\x50\xd7\x48\x75\x8e\xb9\xf3\x53\x7b\xf6\x3f\x8d\x90\xa2\x64\xb2\xcb\x86\x19\x59\x10\x5c\x78\x73\x87\x93\xf4\x4b\x56\x47\xae\x28\xba\x29\xab\x33\x6d\x78\xb0\xce\xb5\x3d\x95\x30\xef\x6b\xfe\x68\x53\xfc\xa5\x13\x66\xbc\x34\x65\x9e\x00\x05\x3b\xa2\xf0\xb5\x80\x1f\x28\xbc\x35\x2f\x92\x02\xe8\x3c\xac\x11\xf6\x9e\xde\x43\x24\xf1\xb8\x18\x5a\xce\xfa\x0c\x87\x8e\x06\xdc\xbe\x1c\xe7\x02\xa2\x75\xb9\x0c\xbc\xdc\xb7\x7b\x2a\x91\x6d\x6d\xf2\x5a\x30\x90\x77\xa7\x89\xc0\xc5\xfe\x8f\xc1\xac\xdf\x48\xbc\x08\x95\xcc\xa1\x49\x22\x7e\xcf\xa9\x2d\x08\x86\xef\x56\x1d\x4b\x16\xfa\x3c\x71\x08\xf8\x19\x4b\x34\x32\x54\xc1\x0d\x0d\x62\x76\x92\x70\x95\x01\x3e\x8c\xa3\xd3\x53\xdb\x70\x12\x68\xaa\x71\x29\x70\x87\xe9\x5d\x91\x46\x26\x87\xaa\xe2\x03\x5a\x36\x83\x9d\xf2\x98\xa6\xbf\x17\xec\x59\xe0\xfd\x0a\xdc\x2c\xe1\xf6\x3a\x65\xa9\xc1\x26\x1a\x87\x77\xab\x2b\x50\x67\x6c\x75\x92\x00\x2b\xaa\x4b\xea\x56\x48\x81\x33\x1f\xf5\x76\xb2\x52\x25\x5c\xb3\x27\x2a\x18\x1b\xbc\xba\x48\xb8\x17\xae\x90\xe2\x42\xfc\xc2\xf6\xef\xe6\x62\xce\x4c\x79\x42\x41\x49\xf2\x31\xb9\x15\x15\x6e\x79\xfd\xc2\xde\x19\x49\xdc\x5d\x18\x2e\x64\x17\x3a\xba\xe9\xd6\x4e\x92\x91\xe0\x42\x6e\x6e\xab\xba\xc2\xdb\xba\xff\x3e\x63\x5a\x67\x23\x41\xdd\x9b\x6e\x59\x85\x6f\x55\x2c\xc5\x9b\x23\x88\xe4\xe3\xfa\x48\xe5\x4a\x09\xa3\x0e\xfa\x7a\xc0\xaa\xcf\x64\x42\x09\x7e\x51\x3e\x24\x2b\xf4\x8a\x9e\x1f\x8a\x7e\x57\xc2\x9a\x68\xc4\xe3\xa2\x12\x80\x9a\x63\xdc\x18\x75\x1c\xdd\x11\x60\x6e\xc2\xa5\x12\x03\x15\x77\xa0\xcb\xcc\x32\xc3\xe4\x34\x5e\x30\xf6\xdc\x3d\xf2\x8a\x58\x16\xe8\x32\xa8\xd0\xe3\x7f\xe1\xa1\x5b\xc5\x3a\x06\xc1\xcd\x30\x54\x39\x3a\x61\x12\x9d\x15\x98\xb0\x43\x68\x1d\x6d\xaa\xac\xc0\x7d\x24\xba\x0e\x2a\x56\x2c\xf4\xe7\xe0\x04\x71\x5d\x62\x0f\xb2\xb5\x33\xa8\xf1\x6d\x19\x29\xd1\x8c\x71\x6d\x41\xf1\xc7\x36\xc1\xa3\x62\x31\x40\x37\x3d\x8c\x39\x2c\xb8\xd1\x9d\xec\x2e\xa2\xa5\x1a\xd2\x7d\x6a\x5e\x78\x6b\x2f\xfd\x05\x74\x00\x0e\x4a\x09\xa6\xc3\x25\x36\x45\xa1\x1b\xe2\xf8\x81\xa8\x9a\xb7\x1a\x2d\x48\x6e\x03\xb5\x98\x2e\x2a\xd2\xad\xf0\xcf\xb0\x7c\xfe\x96\x9f\x15\xd8\xbe\x3a\x0c\x2b\x92\x85\x40\x21\x90\x69\x08\xb2\xc2\x6c\x20\x8b\x86\x08\x2a\x45\xe1\xb2\xfc\xd5\x01\x99\x90\x20\xe0\x93\x17\x35\xda\x19\x48\x18\xae\x27\xc9\x52\xaa\xe6\x57\xec\x0f\x18\x55\xaf\x8b\x53\xf4\xa9\x28\x48\xa2\x5e\xf5\x35\x45\x5c\x6a\xde\xc8\x13\xe8\xf8\xb0\x30\xe1\x10\x8b\x0e\x7d\x65\xcf\x1c\x1d\xdd\x14\x68\x34\x76\xd3\x20\x3a\x03\x52\xa0\xe1\x59\xfe\xef\x3e\xee\x44\x56\xdb\x31\x2e\x54\xdc\xef\xf6\xd2\xf3\xe5\x7c\x8e\xbb\x40\xd9\xe1\x9f\x11\x3c\xc7\x8f\xe4\xfb\x36\x37\x21\xbd\xe7\x35\x2d\xa5\xf7\x60\xcd\xe7\x79\xf4\xec\xed\x90\x67\xcb\xa8\xa6\xaa\xf3\x2f\x1f\x89\x06\x53\x30\x10\x23\xe0\x25\xf5\x07\x18\xfa\xa0\xa4\xc1\xd3\x6c\xf7\x29\xef\xe1\x31\xc6\xd2\xce\xe0\xd6\x6a\x06\xa9\x56\xbe\xb6\x1b\x03\xfe\x32\x1b\x0f\x44\x4f\xb5\xdb\x11\xf8\xeb\x69\xeb\x71\xd2\x1a\xab\x93\xe2\xd3\x35\x8e\x68\x28\xe8\x6b\x83\x34\xa3\xb4\xfe\x93\xc1\xb7\xdf\xc6\x4d\xff\x2b\x48\x93\x49\xcb\x76\x5f\xae\xb0\x9f\x1e\xb3\x81\xf7\x3b\xd8\x2a\x0d\xfa\xf0\x65\x67\x54\xbc\xbe\x61\xa7\x4d\x9a\x34\x2e\x2c\xb4\xfd\x5c\xc4\x28\x90\xbf\x00\x73\x4b\x9a\x6d\xb6\x76\x80\x44\xab\x21\x8e\x67\x41\x11\x3f\x49\x45\x23\x6a\xbd\xd8\xac\xc7\xcc\x72\x6d\x62\xe9\x45\x09\x13\x23\x2c\xc8\x42\x32\x3a\x92\xf9\xdf\xdd\xc5\x71\x17\x1a\xf8\xc0\xf7\x00\x34\xd0\x8f\x59\x52\x1a\xb9\x17\x5c\xe9\xec\x3a\xc3\xa0\x9a\xe2\x9c\x76\xdd\x48\x3d\x18\x10\x47\x5a\xa1\x10\x92\x09\xe1\x2e\xa5\xb3\xf8\xe8\xf9\xbe\x1b\xf0\xc0\x62\x91\x12\x0d\xc3\x77\x36\x81\xf0\x15\x61\x83\xf6\x83\x59\xf6\x6e\x6c\x69\x3c\xb0\x23\x70\x25\x0e\x8c\x6d\x0a\x53\x0e\x0c\xae\xcf\x52\xdc\x4e\xd2\xba\x24\x0e\x7f\xe8\x81\x52\xbf\xb5\x35\x75\x85\x17\x4f\x59\x6e\x83\x93\xcf\x27\x6d\xe9\x4a\x19\xb3\x2b\x8b\x53\x8c\x8a\xa4\x3b\x15\x6a\x93\xa9\x61\x2a\x8b\xe3\x8a\xf4\x5a\x4a\x22\x78\xf2\xe2\xe6\xfe\x60\x82\xc8\x0f\x6c\xaf\x1e\x94\x68\x49\x9a\x4d\xa9\xbb\xd7\x58\x1a\xf8\x1c\x73\x4e\xf9\x20\xa5\xbd\x78\x80\x23\xfb\x01\xe0\x8c\x3c\x9e\x4d\x6f\x78\x17\x32\x65\x84\x44\x66\xdb\xf6\xdb\x4b\x8b\xe6\xa6\x64\xa5\x37\xc1\x67\xa8\xc5\x66\x4e\x54\x17\xfc\xcb\x98\xe8\x11\xb1\xbc\xc9\x1a\xa8\x7e\x40\x48\x7b\xa4\x9c\x25\xe5\x79\x77\xcc\x8c\xfd\x7a\x8e\x1c\x0f\x31\x25\x5b\xbf\xd4\xda\x46\xf2\xa9\x64\xb8\xb4\x97\x88\x02\xf2\xb1\xed\x13\x56\x9d\x02\xb5\xa2\x7a\x85\x5b\xa8\x49\x11\xd8\x80\x9d\x0f\x5a\x90\x8c\xeb\x24\xe5\xa0\x97\x26\xbb\x9e\x69\x90\xff\x54\xdd\xd4\xbc\x21\xc1\xbc\xe6\x2d\x46\xd6\xec\x72\x51\xd4\xc3\x54\xce\x77\x17\x34\xa8\xc6\x55\x33\x11\xc6\x48\x8a\x38\x0d\xc9\x8d\x46\xf1\x41\x26\x6b\xc7\x1b\x3b\xd1\x45\x7e\x29\x1a\x4e\x85\xf8\x72\x24\xfd\x32\x98\x49\x80\x61\xc7\xd1\xc7\x5d\x59\xf7\x1d\xe9\x17\x4e\xff\x80\x72\x8b\x3d\xb9\x3d\xbc\xb3\x36\x5d\xfe\xf5\x63\x9b\xde\x6a\x31\xfd\x5d\x0e\x18\xb7\xa8\x30\x23\xb0\xb5\xea\x7a\xd2\xf0\xf6\x17\x6c\x57\x7c\x43\xff\x09\x7d\x74\x59\x96\x19\xfa\xa7\x71\x69\x9f\x0d\x70\x8c\x3d\xb3\xe3\x65\x7d\x2b\xc5\xe4\xf2\x49\x88\x10\xbd\x49\xbe\x18\x2d\xb5\x5e\xb7\x06\x3e\xa3\x04\x10\xf6\x05\xdb\x27\x8b\x5a\xe8\x95\xe1\x87\x00\x6f\x84\x30\x42\x62\xa5\xad\xae\xc9\xf3\x61\xae\x73\xb6\x93\x39\x5d\x08\x7f\xfd\x0e\x2b\xef\x59\x0b\x16\x65\x51\xdf\x17\xb7\x87\x85\x5c\xb6\x6f\xc1\xbf\x06\xf2\x16\xea\x68\xc3\xc1\xd8\xf3\xe3\x83\x9b\xe8\x89\x54\xaa\x4f\x24\xfb\x5a\xdc\x00\x7d\x76\xfe\xa7\x0c\xbf\xde\xd2\xea\x42\x1e\x47\x28\xc0\x4c\x18\x0c\x54\xf8\x9b\x88\xcc\x17\x6b\x1b\x9a\x59\x96\x8a\x40\xb7\xb4\x36\x3c\x3d\x3b\x6e\x96\x10\x04\xc8\x30\x59\x26\x07\xec\x99\xd4\x84\xbf\x4a\xa7\xb3\xd9\x42\xbb\x0d\x4e\xcd\x39\x24\x75\x7d\x7a\x48\xd4\x93\x70\x20\xa0\x7e\x89\xc1\xb0\x93\x9f\xa8\xf3\xa8\x39\xa1\xce\x7f\x7d\xbf\x0b\x7c\xb9\xeb\x1b\xae\x32\x53\x65\xb4\x0d\x3f\xa6\x8e\x1d\x2a\xf1\xe6\xc1\xf3\x5b\x5c\x6a\x07\x45\xbc\x76\x48\xa3\xf9\x0c\x5a\x57\x38\xd4\xe3\x5b\x2f\x69\xf8\x41\x69\x8c\x71\x89\xcc\x16\x06\x51\x16\x15\x51\x4c\x87\x18\x2d\xd2\x98\x40\xaa\x8e\x95\xf0\x6d\x3c\xc1\xfd\x45\x1c\xe3\x82\x00\xf8\x9b\xfc\x2f\x3c\xe8\x02\x3b\x90\x49\x56\x7b\x8b\xba\x7e\x2d\x16\x43\xf2\x7c\x53\x14\x67\x5b\x00\x85\xbc\x52\x5f\xb3\xc5\xc1\xe1\xb9\xe3\x26\xb9\x22\x69\x0b\x14\x4a\x52\xd3\x63\xd3\x54\xad\xe2\xaf\x69\x68\x7e\x63\xd9\xc0\x24\xba\xa6\xc7\x7a\xf4\x07\x1c\x4d\x86\x31\xd5\xe1\x9f\xde\x52\x10\x33\x0a\x51\x9a\xb5\x94\x95\x20\x80\xf8\xfb\x41\x41\x42\x6b\x10\x50\x11\xb9\xe3\x38\xf8\xd5\xfc\xe9\xc9\x45\x89\xe7\x5f\x93\xa1\x30\x50\xd2\xef\xf8\xf8\xe0\xd2\xb3\xf7\xf9\x99\xea\x4d\xa1\x2d\x64\x9b\x4a\x6b\x66\x19\x48\x08\x4c\x88\xb7\x59\xc4\x70\xb2\xba\x32\x9b\xb0\x81\x75\x4f\x72\xd6\xcc\x9e\x5b\x9a\xe1\x74\xfc\xd6\x3f\xd5\x6a\x17\x84\x70\x22\xd2\x84\x81\xe6\x36\x7c\x13\xc1\x5b\x58\x82\x04\x88\xf3\x6a\x5f\x09\xef\xf5\x47\xd4\xd2\x0e\xff\x3c\xaf\xaf\xae\x1c\x70\x68\x7a\xee\xe6\x52\x9e\x59\x82\x16\x05\xc1\xfe\x2e\xa6\xfe\x71\x4b\x35\x09\x08\x2f\x93\x9a\x4e\xd8\x2f\x03\x71\x84\xd1\x4d\xec\xe9\x56\x2b\x2b\x5d\x0d\x6f\x5e\x97\x76\xeb\x56\x8c\xb2\xb8\x17\x50\x2a\xb5\x27\x96\xd2\x47\x75\x3f\x67\xdb\x14\x6a\xe4\xc9\x64\xbc\xc1\xf4\x28\xcb\x51\x70\xd7\x20\x29\x7b\x06\x4e\x44\x37\x5e\x09\xed\xc7\x14\xd7\xce\x75\xba\x12\x1d\x8a\x16\x42\xc9\xa0\x88\xec\x17\x76\x97\xa4\xb9\x4e\x1b\x72\xc1\x53\x1e\x6f\xd4\xa1\x5e\x33\x37\x4c\x1e\x72\x20\xe3\x6d\x59\xc7\x09\x0a\xad\xed\xb2\xcd\x05\x52\x0b\xf0\xc7\x21\x10\xae\x87\x8a\x76\x0f\x35\x78\xb8\x71\x0b\x73\x73\xc9\xca\x31\xde\x5f\x14\x38\xe9\x29\x2e\xb2\xc2\x04\x54\xa1\x06\xad\xbe\xab\xdf\xa6\xbf\x6e\x31\xf4\x43\x5a\x42\xf4\xf5\x41\x93\x15\x16\x7e\xa4\x41\xee\x9d\x37\xa5\x40\x47\xd8\xcb\x1f\x84\x3b\xbb\x49\xd8\x81\x9a\x59\xd2\xd2\x6f\xc7\x40\xf8\x19\x30\x0d\xaa\xb6\xc0\x3f\x4b\x93\x21\x79\x31\xb8\x41\xc7\x9f\xdb\x80\x65\xd8\x27\xab\xb5\x12\x21\x66\xd0\xb3\x45\x01\x94\x70\x09\x9a\x5b\x8b\x95\x46\x5a\xda\x1a\xff\xaf\xaa\xe5\xad\x2d\x53\xad\xef\xc5\x3c\x0a\x6c\x6c\x46\x7c\xdf\xcd\xdd\x0e\x9a\xf2\xcc\x63\x98\x28\xc6\x06\xf3\xa6\x96\xf5\x0b\xe3\x1d\x2d\x19\xc8\xff\x95\xfc\x8c\xec\xbd\x3e\x6b\xd0\xd5\xbd\x6e\x40\x07\x3a\xb5\x2a\x73\xf3\xd5\xef\x00\xb0\x1d\x58\x16\x12\x70\xb8\xa6\x64\xdb\x80\xf2\x3b\xc6\xa8\x30\x6f\x6b\x66\xb7\x96\xdf\xe6\x64\xd5\x1b\x77\x68\x0c\xb0\x6a\x2e\xc9\x99\xd0\xed\x96\x2b\xa5\x34\xf1\x6a\xf2\x6a\xb1\x6f\xa2\xd5\x53\x7d\x5c\x93\xe5\x03\x03\x4c\x09\x9d\x26\x0a\x8f\x32\xd4\xed\xdf\x48\xb2\x5a\x75\xc9\xf9\x27\x01\xcb\x04\x0b\x57\x74\xa0\xd9\x8f\xfc\xed\xf9\x73\xaa\xdd\x1f\x5b\xfa\x75\xcb\xfb\xd7\xea\x4b\x9a\x56\xb6\x01\x1c\xc4\x4b\x73\x55\x52\x5b\x3b\x72\x04\x0f\x70\xf9\x06\x19\xe1\x9b\xa4\x81\x40\xa5\xb9\x6c\x40\x31\x6b\xe4\xf8\x2a\x11\xc0\x47\x02\xbf\xf4\xed\x47\xa2\x0e\x07\xb5\xd7\xfb\x77\x3b\xcf\xa1\x0e\x4c\x03\xe8\x89\x79\xa4\x1b\x2c\x78\x01\x33\xa4\x24\xc7\x3c\x5a\x5a\x7d\x8d\x79\x37\x42\x35\xff\x35\x7d\x93\xdb\x8c\xa1\xde\x2a\xe6\x32\xac\x3c\x09\xdb\x7c\x33", 4096); *(uint64_t*)0x200011c8 = 0x20001040; *(uint32_t*)0x20001040 = 0; *(uint32_t*)0x20001044 = 0; *(uint32_t*)0x20001048 = 0; *(uint32_t*)0x2000104c = r[0]; *(uint64_t*)0x200011d0 = 0x20001080; *(uint64_t*)0x200011d8 = 0x20001180; *(uint32_t*)0x200011e0 = 0x1000; *(uint32_t*)0x200011e4 = 4; *(uint32_t*)0x200011e8 = 0xd0; *(uint32_t*)0x200011ec = 7; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); if (res == ZX_OK) { r[1] = *(uint32_t*)0x20001180; r[2] = *(uint32_t*)0x20001184; r[3] = *(uint32_t*)0x20001188; r[4] = *(uint32_t*)0x2000118c; r[5] = *(uint32_t*)0x20001194; r[6] = *(uint32_t*)0x20001198; } break; case 2: *(uint64_t*)0x20011340 = 0x20001280; *(uint32_t*)0x20001280 = 0; memset((void*)0x20001284, 0, 3); *(uint8_t*)0x20001287 = 1; *(uint64_t*)0x20001288 = 0x3217bced00000000; *(uint64_t*)0x20011348 = 0x200012c0; *(uint64_t*)0x20011350 = 0x20001300; *(uint64_t*)0x20011358 = 0x20011300; *(uint32_t*)0x20011360 = 0x10; *(uint32_t*)0x20011364 = 0; *(uint32_t*)0x20011368 = 0x10000; *(uint32_t*)0x2001136c = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); { int i; for(i = 0; i < 4; i++) { ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[4], 0, 0x7fffffffffffffff, 0x20011340, 0x20011380, 0x200113c0); } } if (res == ZX_OK) r[7] = *(uint32_t*)0x20011300; break; case 3: *(uint64_t*)0x20011580 = 0x20011400; memcpy((void*)0x20011400, "\x08\xd2\x58\x8a\x18\xd8\x4d\x44\xd1\x93\xae\x15\x71\x51\x3a\x9b\x96\xc5\x5a\x71\xe6\xe7\x99\x6c\xd8\x6e\xc8\x3b\xaa\xed\xcf\xeb\x52\x44\xb5\x9e\x77\x43\x3e\x74\xb6\xd3\x8f\x96\x13\xf1\x8b\xe0\xe3\xfa\x96\xbc\xcc\x22\x1c\xe6\xf3\x58\x2a\xd3\xda\xf0\xdc\x3e\x9f\xba\x77\xd1\x68\xed\xcc\x34\xc2\xe8\x75\x88\x1e\x56\x89", 79); *(uint64_t*)0x20011588 = 0x20011480; *(uint32_t*)0x20011480 = 0; *(uint32_t*)0x20011484 = r[7]; *(uint32_t*)0x20011488 = r[3]; *(uint32_t*)0x2001148c = 0; *(uint32_t*)0x20011490 = r[4]; *(uint32_t*)0x20011494 = r[1]; *(uint32_t*)0x20011498 = r[2]; *(uint64_t*)0x20011590 = 0x200114c0; *(uint64_t*)0x20011598 = 0x20011540; *(uint32_t*)0x200115a0 = 0x4f; *(uint32_t*)0x200115a4 = 7; *(uint32_t*)0x200115a8 = 0x55; *(uint32_t*)0x200115ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[2], 0, 0x7fffffffffffffff, 0x20011580, 0x200115c0, 0x20011600); if (res == ZX_OK) r[8] = *(uint32_t*)0x20011540; break; case 4: *(uint64_t*)0x20021700 = 0x20011640; *(uint32_t*)0x20011640 = 0; memset((void*)0x20011644, 0, 3); *(uint8_t*)0x20011647 = 1; *(uint64_t*)0x20011648 = 0x66298d9200000000; *(uint64_t*)0x20021708 = 0x20011680; *(uint64_t*)0x20021710 = 0x200116c0; *(uint64_t*)0x20021718 = 0x200216c0; *(uint32_t*)0x20021720 = 0x10; *(uint32_t*)0x20021724 = 0; *(uint32_t*)0x20021728 = 0x10000; *(uint32_t*)0x2002172c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[8], 0, 0, 0x20021700, 0x20021740, 0x20021780); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_read_etc))(r[6], 2, 0x200217c0, 0x20021840, 0x6e, 8, 0x200218c0, 0x20021900); if (res == ZX_OK) { r[9] = *(uint32_t*)0x20021850; r[10] = *(uint32_t*)0x20021870; } break; case 6: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_vmo_create_child))(r[10], 0, 1, 0xbb6, 0x20021940); break; case 7: memcpy((void*)0x20021980, "/svc/\000", 6); ((intptr_t(*)(intptr_t,intptr_t))CAST(fdio_service_connect))(0x20021980, r[5]); break; case 8: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_interrupt_wait))(r[9], 0x200219c0); if (res == ZX_OK) r[11] = *(uint64_t*)0x200219c0; break; case 9: *(uint64_t*)0x20031ac0 = 0x20021a00; *(uint32_t*)0x20021a00 = 0; memset((void*)0x20021a04, 0, 3); *(uint8_t*)0x20021a07 = 1; *(uint64_t*)0x20021a08 = 0x2ab48ffa00000000; *(uint8_t*)0x20021a10 = 7; *(uint64_t*)0x20031ac8 = 0x20021a40; *(uint64_t*)0x20031ad0 = 0x20021a80; *(uint64_t*)0x20031ad8 = 0x20031a80; *(uint32_t*)0x20031ae0 = 0x11; *(uint32_t*)0x20031ae4 = 0; *(uint32_t*)0x20031ae8 = 0x10000; *(uint32_t*)0x20031aec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(r[9], 0, r[11], 0x20031ac0, 0x20031b00, 0x20031b40); break; case 10: memcpy((void*)0x20000000, "\xc4\xa2\x79\xdb\xe2\xf3\x41\x0f\x7e\x06\x3e\x4c\x0f\xae\xa3\x91\x46\xbd\x7d\xc4\x82\x0d\x91\xbc\x78\x90\x7b\x00\x00\x66\x0f\x3a\x0e\xa4\x3e\x00\x08\x00\x00\x00\x66\x45\x0f\x12\x8e\x00\x00\x00\x00\xc4\x82\x7d\x0e\xa5\xd8\xdf\x00\x00\xc4\xc1\xfd\x2e\xc9\xf3\x43\x0f\x2a\x46\x0e\xc4\x43\xc9\x5c\x45\x08\x99", 76); syz_execute_func(0x20000000); break; case 11: syz_future_time(0); break; case 12: syz_job_default(); break; case 13: syz_mmap(0x20ffd000, 0x1000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :287:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(0, 0xffff, 0, 0x200011c0, 0x20001200, 0x20001240); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor4075260327 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds] --- FAIL: TestGenerate/fuchsia/amd64/10 (0.59s) csource_test.go:131: --- FAIL: TestGenerate/fuchsia/amd64/12 (0.59s) csource_test.go:131: --- FAIL: TestGenerate/fuchsia/amd64/5 (0.59s) csource_test.go:131: FAIL FAIL github.com/google/syzkaller/pkg/csource 18.411s ok github.com/google/syzkaller/pkg/db (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host (cached) ? github.com/google/syzkaller/pkg/html [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 0.421s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ? github.com/google/syzkaller/pkg/testutil [no test files] ok github.com/google/syzkaller/pkg/tool (cached) ? github.com/google/syzkaller/pkg/tools [no test files] ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux (cached) ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd (cached) ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 1.058s ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager (cached) ? github.com/google/syzkaller/syz-runner [no test files] ok github.com/google/syzkaller/syz-verifier (cached) ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbed [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm (cached) ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated (cached) ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ok github.com/google/syzkaller/vm/proxyapp (cached) ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ok github.com/google/syzkaller/vm/vmimpl (cached) ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL