ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ? github.com/google/syzkaller/pkg/debugtracer [no test files] ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ? github.com/google/syzkaller/pkg/report/crash [no test files] ? github.com/google/syzkaller/pkg/rpctype [no test files] ? github.com/google/syzkaller/pkg/signal [no test files] ? github.com/google/syzkaller/pkg/testutil [no test files] ? github.com/google/syzkaller/pkg/tools [no test files] ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ? github.com/google/syzkaller/syz-runner [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fillreports [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-lore [no test files] ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-query-subsystems [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbed [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] ok github.com/google/syzkaller/executor 4.471s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 1.271s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect (cached) ok github.com/google/syzkaller/pkg/bisect/minimize (cached) ok github.com/google/syzkaller/pkg/build (cached) ok github.com/google/syzkaller/pkg/compiler 4.939s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover (cached) ok github.com/google/syzkaller/pkg/cover/backend (cached) --- FAIL: TestGenerate (31.10s) --- FAIL: TestGenerate/fuchsia/amd64 (0.07s) testutil.go:33: seed=1694634858891443561 testutil.go:33: seed=1694634858958310769 --- FAIL: TestGenerate/fuchsia/amd64/0 (0.54s) csource_test.go:150: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_one(void) { intptr_t res = 0; *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); syz_future_time(/*when=*/1); syz_job_default(); syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); syz_process_self(); syz_thread_self(); syz_vmar_root_self(); } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :225:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor4034829519 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/13 (0.27s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); fprintf(stderr, "### call=0 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 1: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); fprintf(stderr, "### call=1 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; errno = EFAULT; res = syz_future_time(/*when=*/0); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); fprintf(stderr, "### call=3 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 4: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); fprintf(stderr, "### call=4 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); fprintf(stderr, "### call=5 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); fprintf(stderr, "### call=6 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); fprintf(stderr, "### call=7 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); fprintf(stderr, "### call=8 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 9: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); fprintf(stderr, "### call=9 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); res = -1; errno = EFAULT; res = syz_execute_func(/*text=*/0x20000000); fprintf(stderr, "### call=10 errno=%u\n", res == -1 ? errno : 0); break; case 11: res = -1; errno = EFAULT; res = syz_future_time(/*when=*/1); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: res = -1; errno = EFAULT; res = syz_job_default(); fprintf(stderr, "### call=12 errno=%u\n", res == -1 ? errno : 0); break; case 13: res = -1; errno = EFAULT; res = syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); fprintf(stderr, "### call=13 errno=%u\n", res == -1 ? errno : 0); break; case 14: res = -1; errno = EFAULT; res = syz_process_self(); fprintf(stderr, "### call=14 errno=%u\n", res == -1 ? errno : 0); break; case 15: res = -1; errno = EFAULT; res = syz_thread_self(); fprintf(stderr, "### call=15 errno=%u\n", res == -1 ? errno : 0); break; case 16: res = -1; errno = EFAULT; res = syz_vmar_root_self(); fprintf(stderr, "### call=16 errno=%u\n", res == -1 ? errno : 0); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :386:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor3376724401 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/14 (0.29s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :374:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor288764550 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/10 (0.26s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); do_sandbox_none(); return 0; } :358:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1842321138 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/6 (0.28s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :370:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor3745045654 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/3 (0.25s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :370:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2878013644 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/9 (0.29s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :370:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor3756550630 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/7 (0.27s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); loop(); return 0; } :364:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor3723906436 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/8 (0.30s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:-9223372036854775808 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :370:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor182633927 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/5 (0.28s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call$fuchsia_cobalt_MetricEventLoggerLogCustomEvent(0x0, 0x0, 0x7fffffffffffffff, &(0x7f00000101c0)={&(0x7f0000000000)={{}, 0xff, {0x6, 0xffffffffffffffff}, {[{{0x9}, @string_valueInLine={0x1, {0x3ff, 0xffffffffffffffff}}}, {{0x1ff, 0xffffffffffffffff}, @double_value={0x3, 0x6}}, {{0x1}, @index_value={0x4, 0x23}}, {{0x9, 0xffffffffffffffff}, @index_value={0x4, 0x8}}, {{0x4, 0xffffffffffffffff}, @index_value={0x4, 0x80}}], [{}, {{'(-*^\\@'}}, {{'*@/'}}, {{'#)'}}, {}, {{'!*'}}, {{'\\&:'}}]}}, &(0x7f0000000140)={[{}, {}, {}]}, &(0x7f0000000180), &(0x7f0000010180), 0x114, 0x0, 0x10000}, &(0x7f0000010200), &(0x7f0000010240)) (fail_nth: 1) zx_event_create$VALID_OPTIONS(0x0, &(0x7f0000010280)=0x0) (async) r1 = syz_future_time(0x0) (rerun: 4) zx_channel_call$fuchsia_cobalt_ControllerListenForInitialized(r0, 0x0, r1, &(0x7f0000020380)={&(0x7f00000102c0), &(0x7f0000010300), &(0x7f0000010340), &(0x7f0000020340), 0x10, 0x0, 0x10000}, &(0x7f00000203c0), &(0x7f0000020400)) zx_clock_get_details(r0, 0x400000000000000, &(0x7f0000020440)={0x0, 0x0}) zx_channel_create$fuchsia_cobalt_LoggerFactory(0x0, &(0x7f00000214c0)=0x0, &(0x7f0000021500)) zx_channel_call_etc(r0, 0xded, r2, &(0x7f00000225c0)={&(0x7f00000204c0)="542646fd9e01404b2865df176fb8cf565d56c40da92b182965f281069f495adc4f35da84303852211c2013eed44a723410aecd75911736f8f0a02854faeded706621e35f092a7fad130d8e750ab60ea492cd08b08ce61c86b2e1b066131a28981f3b64a8562a53526585ef20e4a055c6d0524857ec3d1c6390aa0bad274ea3bae43a74de82b046dede08de676422e105718a3311eb002e2b0876b944b48109439b88094503bea528651e3fc1c5785cc38e12524f24ff011eff1f9e3ff2f2fe573f899b7163085f531bc0778fd928aa3de9c3bb857fac48132878070315c6c96cf637479074eeb7ad2ed83ed4896786a6e6fb84ea4d04d6590f358768a8ad9510fea160cffcf7fe24683a2d95ef110424a82a68be86d2a073e8c6ad620694604d24e1fb22a6be6021d3ed65bc18f1f299b944e23bda868f72db8868faeac8fc0c461df9e536e26abdaca788780b579494b54a5e832efd101990fe0d78dd63746e215cb697a6616b0e37e71430f4a3d8853a1a7e032a78fa1789318e79f912cb997d121ea59ff980e4f70f57813a252108fd7bfc84436ac48982d35b75261c25c732df70c7ba902e6f518b4bab19f62843b643d8fef7f07a8b64167a547dfae6c96f158e1cdc68fd4becba594cc1c2a0ccecc06e449d75196edda5c1cc99017ddbcca99f064f76c179e6d61b21bf9eafac2f8813f987c6c5ae2dd41dc296eae639487f782e898d86e2155715a0c92c880a7c781cee1ed5f53473f07e94c661416be1131a3eca459426aa6cd31c1f4bd33b77a37173b1a7dea99684445ad7abb279b908694f44635a4feceaa13b1450999ce3e99100a42c5e4d300ad24ea6cbe8e8bbfb47fc846f48387f6f167c30adb9d1c4e5695fc2bf8bd000b9edb3794f8028bb149eae3c7c9917379c1f62c46b47dc484b87b0bdd5f170852064526f28968729e1db05aec218d7971148652c34c0b8943b8ffdadd717e15002f25ec6428e477e1bec2f284a42df1054365ef4d3c1b71cb86c7a59f8cb8df6f867819a647c8406609ff0f4e354f777bc0d25ef7b07ef6500bb8b067da1caefa01acfa3c8e14b3438cd16b72def2bcc6d96e33bf2ad754c9bcf9d2d8bab8602b4960893c883c89318e97ff77d2911f4ea7f57bd709f2b2e9d989aeb1258bd9fb170e8e2e9b7c973be33e56169550c81d459cec25e5199743df3b6541abc6984735249e9aa60973d44b88ef8a350c6885e9fc260aaef901323bacece25e330ff2cd21d1191fbdeb2bf070f1d22e05fbe657606a46ce83a6d9d4f7934cbef759fa097092bc0788ef94130be9227939e170d986fa903bd4bd188640903bfdca8d6a48926c9a0a2e1144ad2365e19e64fc86532e6029fc7c861fc1e16a72261cb119ecd2f71bf6d3fc93b5e0b74daddc39d4d7aa2a6bb6c7a0002e4e25bb86dd6cad231334214433aced6c7761b34ecf3553a4b34c5cb0c988f0c36c50632b8544147c113dd22bc1d8adab7ac052ad798405c0057ca33947088015d87f410ec06b7b6b719593a4c6cd4cea4e711ad8c3f93bad32f869195e75286b7bbac261783e19f97efb8a9989a19ec6c7d43dafcd2c09a141c7671b4dd105932d663eed7c4b606f26523a116d1a42d628413624b8d9dd249f268e4cd72812433b9b7fbcb76e303c04eb257e5a143d6ed94dd8f1bdb5f40dcab5ac45c5c778a42d5ebf175c4a8ea5c3f3b92ec78471984e9784bf75c18ec20b9d3837267c67daa95f5e9eae608b619ac3583c783dd00ab5a93413999683001919bb89bb58a51eb1be1654a62e3019fe9cb3c43965cdb0893a5739004e713385d6703cdd7765dd3754e33163df54899127654128ab37b3c5e104912c9a878a5b6e69fd9d8d5f75511a4d0b8cd90a8dd9abc47b89bd027f2516b490763c3c4dca7956029b16c9059aa65b2777cdfad8a76f868ddc91f1f9c6fe99c52e4f07782d2e2661ee435e9899908ef60fe8657a3a7e5f93947f6fad929548c00ccaf365eb0d6c3cc456e3cc84d976c1feb3e0dbb2bdb20ae4031b50a94230c074d4b3cd182ac03f059df368c41ae9af89f4fb28ac556bb5c9aa02f183a783cb8fd2247acbce92a23ff9c01e7530e5b7bf789ea0a324bce612527ce8dc7b8d548a84b7ebdbd181ebd35212d7adf2582b6d83aff3a2c51144694f6bb0f7e42740461707c7149ed8888151ec0e50b52821c66a8713901fe0ae4e1224994328e3482dea2282e9cb13e1d7487d192e3817215236875a8177653dea3133302c9eb8193561b0b4a845528c2b89eb50a4e0ad81fd236f5f71ebcd89bf888340675df52a5cdb72be2504204016cd656e5a3a1a2f0932bb28a5ff49f83a9beed958ec4e088a15a86af6eda7969c2495382ce3a4093b7836750b7ea222fa1131224d9fb23acb2a5113d42bd700700c6e971b7bb3a8fe8ece22c892c449e0a454bb4d01cab6cb93a63ce00370a986cf3d3057c2950006f0415add05e00fcc72dfe86fbb65ae819cad2dc72161841e34a5a8844c2844c2cab0bcc6f15fdbf010b0ec1576e405e151916ab94f1ae70be1f3991fb6fb838ac4bccbbacdcda00cf2ea3aa5e574ade3453c92b0c847172ab5fccde891c781a8b94bbd4641f79c1fa75322c2525ba0b7d536a0743cf110868f4ff4ee32e36e47757bbf416c198bf1e94a649afc29adc07e56e525f2189b011565ca954a8f58f9b15503d59a5558fb4e712b5f5ecb46b980bd16871fece7759a013ff395f7dad194938206bb592153aea3ca5ed1742a4567b5f0ee61814d49b316cbd8a8c729f8b60308836aa9a3a272063585b530d1f80606fb50fef4a28d4f3cee5bdbf7daaf211dd0bb4f971528f67ccfc5909291cafa562c583932b456a04f64c1d68d545272685fdb793c458729854efab51cad297687d8e787205579f38984f6ff267e0adc8a3dc01504d4811ed3874093727b65af4f889a5d6ffd99cd115f6b8bad242671f5dfb76dbe5969a7aec93965f652165095279ed82ddaee328f01151a8db93467d8e96595816a6ff24047d9157339854f3c805e29e49addedf79b29b32de0085791e6f516a066ad35aea8e37892bd432c344edee98c2ca16867af6366701d7d40eb3e8dec4dd718b8ca3ddebbbf2d3c82494bc7694784bb3f0f48bafc63714da4b737ecabfb30c5cd038e19ddc314056b74380cb3aab06107e0506fafd43a04b32ebceaaae73f4e6c1885daa9d471e0478c04ce52e63339ce3e99b379a9ce0a016f619afa5c2cd587d28cf47401488eb3964c7bb289bc51f5b0a0baae6e1b3be7a9506babd110f9ceaec696b1b5e211b1197a3130ce9b93ce4f3b59d593796ba70a1c8e7a5d3c6079a5711ac13a3eb0c39fbd0118e1cc8e0f40231561bab91cd71d6c18eea42debaf1e948809206f1ac5c28238807c9d5c638b5ffec4a90dfe321af74e1bc9e19dc8189d709e61013544ea42bf4c2dcb2c99f3974aab0a3b669ed98a80d685abd3f48b29f1bf1737f2b3e15f7b8f0cd45658adb860c21a06a2b8418aa7d0f5397df5a39a44d49a33efa489ed2a0546fc562b8798d8a936bcc56a7f49c2520ca60ee2333fbf2ae69dbac1c9b5ccd7826cc95fac1c2bc284b60673d992b0278439e1dd988d7b2793ef35cff25dc31c4795effc43bb25cbae0a0e91bc29a725562c2e682b4655eb70561132d2fa4f605e5e5026bd0a929e8c55132f91c4b9d855e782109e14dbec676e73c1d35255b13ea3dcafde774798258ca129237b363d6e78f6135e3ad8221ed43fa4aff4f339441e1165341593ae873b4b94f392973d550dac2feacbf361400ebd3dcab544be1963bebf2774291dc287832b14a1a07da59762db633d0d30fd109c0bb67852bea173de5305a0348f785b9fcb9d56e50cf97cc6a6a076dde3fb9f55ef389fb48c7bd3177590cd5d62c4a29b719b8f03ca7bf43204d46b116b5679d909a94e334e8eae0e668196a62f4863de960057a21aae9b25938d7ad7daffb1485fbf90fbf7ac4f68e1264379de98e183fcf7ef09be5d0d62e37a6d88e8dfb37572d9c8dd51e5c7340eb89af63a2585194fffcd95269f9cca78bc87a467007cacaf345027901b8fb5b0aa418e75ba717fe3336e5ca1ee043bbf3cd2fb58e0a4404775af2dbfe9c06eb6c408e9463d5acbe8f51ba0c44a4decc03bcac7498098fc550f34d355c8f8cbfb5b349196eabbb5b75a493f91ea79dd64203235634c835b22e815ca823a3396b2fe78aeb7fa19e7b967cf6706ec9d12ecf78db964fe8311624dd5d7619a45d052069f4b76f1e9d160d686ab7e7e099b2003116bbe7409e775c44adb2195988e259c1f161ba6cd18b2843a24c8ea62a299808355cd673b17bff57bd6beff04e3c34bee3ce1d1927989da6761f1311a351c8b7b18141288861dea21e440baa338ea8c5306bfa5a51de4cc9c2ad9f7e4a9674e77c5dcc7d046d305bca5279358ec7684d84a292d16e07631f477abd9fd6d4e3e15691254f0317241068a9447cdf08f6a629e9952ef460c612cc483ec182899fd29f4599c5e8daee3447bff22aa7499cace59539ea3c88e29c90d294d5b095a00372109056e8d8919affa6e45c729abdb77ca6aeffdbc8eae2e43290b3056e4fdd6aacd8c39be97ae6b08ab14fdf246f28b2c30a03a2814f4e5132c6f4665cb1dfa009b85af279c261b44b4d22cb8b2a43c2f2e4607350c2764b870c90863f1629950133c32c8cf3ae6e8c63cc8c5a849c502ce18f6f6b506ea78c02bc5bb844a29d228813771a2198ee3edc4489fc5e9d8edecc6ae0a11acedec5034eca80d559dbe6d398ebeb732ffeab988065b3b0de4a71e40a676573ab7d753b2b8fc69e15ca339ea6576a0073dfc23eb42ee8381b7f401f3e8ed39514ac4e7a1aab17aecf35b7e4cd8521fc53e7eaa4b1016e134e35419eeb59e8d6c887b1b8bfd1321217f3569c03b430cde416918a8f30ba39b8eacdb8a7551b0f77651d8627186568ec6c0ab1f3035222dcbde3cf969e71afdd71ce8184812b3a35f3f52f901ce3e01c9d4bcd99c9f3749d83aec152b31c10fbf90eb474b6681e555bd2f3ebf80e8e4e99f7bb1a13a1d11e1f6f2a45fbb627a11514a2d23ec309e91edd5634fa5bd25f33a01513a69448ade4c13160c17b22395a0c41262985838c50d51e75f7892d7459751e6ae23ce6c781f81f8c312442c7ba9652a424132e157c8d51c3aafdbbe53a20e4958567bc30166c658a68c48582e4e84dc53ef4117792f2d4e205f6a0ea9dc168a8a06c75b359b7f9aea953dcdf3b2f1136abd2ebbf008769ef4776558fac02bfa2588943a11a00e74786397f96b985280b0a174f145fd3316164149c904a101cbcbe792b7820aa9a662f0f0c91d60239a553c964ee24fca4511f3d434f230b946a5f6f5f81f4e51fd6d9b88fc6b1d6350a21ab90056f188372e7531f820c89659c4d47031dfb3f2f6685b5c50bf448f796e2fd83b651af222fb44b94914deed83ebbb9a9b974cf2c36596a8385233da4b894f5e29ae0aab598bc735bc2421367339fece737d89df7ea0121cdf0673ed691baa4b3324f8d88a6cc484ed7c8ee597e3117c19da2df59dd1d2e9a0c111cb05401d6d564bd1928c043ad6623a56dfcc5e05f8dffb56e375ddf63942ec8692b484aba3b54795d06c42e7eacb7c50ec8fc211f02ea6a9908cea2f7549f00900c2707cc35c116552b760e254f4aca582b7f760b8b2ed69e875f4a9c301cd06a4fab8f538ed8c79bc5467ddede4148bacfbfc74f1d4cd9c9ada6bf328c7990c1f7ed523537e632ada4f008eb", &(0x7f0000021540)=[r3, r0, r0, r0], &(0x7f0000021580)=""/4096, &(0x7f0000022580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1000, 0x4, 0x1000, 0x8}, &(0x7f0000022600), &(0x7f0000022640)) zx_channel_call(r6, 0x0, r2, &(0x7f0000023780)={&(0x7f0000022680)="c0a163280660ce735969f5ee9cafa35f48193a8620d0f0d76dab09926648a2fd68b4cc6e54d1f7871d9cbe41420acc88f0f88f6f66e82258e9328cc2d3a279d3845df3ea63ec", &(0x7f0000022700)=[r3, r0, r0, r4, 0x0, r3], &(0x7f0000022740)=""/4096, &(0x7f0000023740)=[0x0], 0x46, 0x6, 0x1000, 0x1}, &(0x7f00000237c0), &(0x7f0000023800)) zx_channel_call$fuchsia_io_FileNodeSetFlags(r7, 0x0, r2, &(0x7f0000033900)={&(0x7f0000023840)={{}, 0x3fe00000}, &(0x7f0000023880), &(0x7f00000238c0), &(0x7f00000338c0), 0x14, 0x0, 0x10000}, &(0x7f0000033940), &(0x7f0000033980)) zx_object_get_info$ZX_INFO_PROCESS_VMOS(r5, 0x1000000e, &(0x7f00000339c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x3f0, &(0x7f0000033dc0), &(0x7f0000033e00)) syz_execute_func(&(0x7f0000000000)="f2490f2d3b26f32e3e42ffe0400f490e36660f3adf83021000006b580f85d6be00006466420f154c6904c4835d7f4f0006c4626dbbfdf34e0f1ecd") syz_future_time(0x1) syz_job_default() syz_mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200101c0 = 0x20000000; *(uint32_t*)0x20000000 = 0; memset((void*)0x20000004, 0, 3); *(uint8_t*)0x20000007 = 1; *(uint64_t*)0x20000008 = 0x6e32641800000000; *(uint32_t*)0x20000010 = 0xff; *(uint64_t*)0x20000014 = 6; *(uint64_t*)0x2000001c = -1; *(uint64_t*)0x20000024 = 9; *(uint64_t*)0x2000002c = 0; *(uint32_t*)0x20000034 = 1; *(uint64_t*)0x2000003c = 0x3ff; *(uint64_t*)0x20000044 = -1; *(uint64_t*)0x2000004c = 0x1ff; *(uint64_t*)0x20000054 = -1; *(uint32_t*)0x2000005c = 3; *(uint64_t*)0x20000064 = 6; *(uint64_t*)0x20000074 = 1; *(uint64_t*)0x2000007c = 0; *(uint32_t*)0x20000084 = 4; *(uint32_t*)0x20000088 = 0x23; *(uint64_t*)0x2000009c = 9; *(uint64_t*)0x200000a4 = -1; *(uint32_t*)0x200000ac = 4; *(uint32_t*)0x200000b0 = 8; *(uint64_t*)0x200000c4 = 4; *(uint64_t*)0x200000cc = -1; *(uint32_t*)0x200000d4 = 4; *(uint32_t*)0x200000d8 = 0x80; memcpy((void*)0x200000ec, "(-*^\\@", 6); memcpy((void*)0x200000f4, "*@/", 3); memcpy((void*)0x200000fc, "#)", 2); memcpy((void*)0x20000104, "!*", 2); memcpy((void*)0x2000010c, "\\&:", 3); *(uint64_t*)0x200101c8 = 0x20000140; *(uint64_t*)0x200101d0 = 0x20000180; *(uint64_t*)0x200101d8 = 0x20010180; *(uint32_t*)0x200101e0 = 0x114; *(uint32_t*)0x200101e4 = 0; *(uint32_t*)0x200101e8 = 0x10000; *(uint32_t*)0x200101ec = 0; inject_fault(1); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x200101c0, /*actual_bytes=*/0x20010200, /*actual_handles=*/0x20010240); break; case 1: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_event_create))(/*options=*/0, /*out=*/0x20010280); if (res == ZX_OK) r[0] = *(uint32_t*)0x20010280; break; case 2: res = -1; res = syz_future_time(/*when=*/0); { int i; for(i = 0; i < 4; i++) { syz_future_time(/*when=*/0); } } if ((int)res != -1) r[1] = res; break; case 3: *(uint64_t*)0x20020380 = 0x200102c0; *(uint32_t*)0x200102c0 = 0; memset((void*)0x200102c4, 0, 3); *(uint8_t*)0x200102c7 = 1; *(uint64_t*)0x200102c8 = 0x3558f75800000000; *(uint64_t*)0x20020388 = 0x20010300; *(uint64_t*)0x20020390 = 0x20010340; *(uint64_t*)0x20020398 = 0x20020340; *(uint32_t*)0x200203a0 = 0x10; *(uint32_t*)0x200203a4 = 0; *(uint32_t*)0x200203a8 = 0x10000; *(uint32_t*)0x200203ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[1], /*args=*/0x20020380, /*actual_bytes=*/0x200203c0, /*actual_handles=*/0x20020400); break; case 4: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_clock_get_details))(/*handle=*/r[0], /*option=*/0x400000000000000, /*details=*/0x20020440); if (res == ZX_OK) r[2] = *(uint64_t*)0x20020448; break; case 5: res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(zx_channel_create))(/*options=*/0, /*out0=*/0x200214c0, /*out1=*/0x20021500); if (res == ZX_OK) r[3] = *(uint32_t*)0x200214c0; break; case 6: *(uint64_t*)0x200225c0 = 0x200204c0; memcpy((void*)0x200204c0, "\x54\x26\x46\xfd\x9e\x01\x40\x4b\x28\x65\xdf\x17\x6f\xb8\xcf\x56\x5d\x56\xc4\x0d\xa9\x2b\x18\x29\x65\xf2\x81\x06\x9f\x49\x5a\xdc\x4f\x35\xda\x84\x30\x38\x52\x21\x1c\x20\x13\xee\xd4\x4a\x72\x34\x10\xae\xcd\x75\x91\x17\x36\xf8\xf0\xa0\x28\x54\xfa\xed\xed\x70\x66\x21\xe3\x5f\x09\x2a\x7f\xad\x13\x0d\x8e\x75\x0a\xb6\x0e\xa4\x92\xcd\x08\xb0\x8c\xe6\x1c\x86\xb2\xe1\xb0\x66\x13\x1a\x28\x98\x1f\x3b\x64\xa8\x56\x2a\x53\x52\x65\x85\xef\x20\xe4\xa0\x55\xc6\xd0\x52\x48\x57\xec\x3d\x1c\x63\x90\xaa\x0b\xad\x27\x4e\xa3\xba\xe4\x3a\x74\xde\x82\xb0\x46\xde\xde\x08\xde\x67\x64\x22\xe1\x05\x71\x8a\x33\x11\xeb\x00\x2e\x2b\x08\x76\xb9\x44\xb4\x81\x09\x43\x9b\x88\x09\x45\x03\xbe\xa5\x28\x65\x1e\x3f\xc1\xc5\x78\x5c\xc3\x8e\x12\x52\x4f\x24\xff\x01\x1e\xff\x1f\x9e\x3f\xf2\xf2\xfe\x57\x3f\x89\x9b\x71\x63\x08\x5f\x53\x1b\xc0\x77\x8f\xd9\x28\xaa\x3d\xe9\xc3\xbb\x85\x7f\xac\x48\x13\x28\x78\x07\x03\x15\xc6\xc9\x6c\xf6\x37\x47\x90\x74\xee\xb7\xad\x2e\xd8\x3e\xd4\x89\x67\x86\xa6\xe6\xfb\x84\xea\x4d\x04\xd6\x59\x0f\x35\x87\x68\xa8\xad\x95\x10\xfe\xa1\x60\xcf\xfc\xf7\xfe\x24\x68\x3a\x2d\x95\xef\x11\x04\x24\xa8\x2a\x68\xbe\x86\xd2\xa0\x73\xe8\xc6\xad\x62\x06\x94\x60\x4d\x24\xe1\xfb\x22\xa6\xbe\x60\x21\xd3\xed\x65\xbc\x18\xf1\xf2\x99\xb9\x44\xe2\x3b\xda\x86\x8f\x72\xdb\x88\x68\xfa\xea\xc8\xfc\x0c\x46\x1d\xf9\xe5\x36\xe2\x6a\xbd\xac\xa7\x88\x78\x0b\x57\x94\x94\xb5\x4a\x5e\x83\x2e\xfd\x10\x19\x90\xfe\x0d\x78\xdd\x63\x74\x6e\x21\x5c\xb6\x97\xa6\x61\x6b\x0e\x37\xe7\x14\x30\xf4\xa3\xd8\x85\x3a\x1a\x7e\x03\x2a\x78\xfa\x17\x89\x31\x8e\x79\xf9\x12\xcb\x99\x7d\x12\x1e\xa5\x9f\xf9\x80\xe4\xf7\x0f\x57\x81\x3a\x25\x21\x08\xfd\x7b\xfc\x84\x43\x6a\xc4\x89\x82\xd3\x5b\x75\x26\x1c\x25\xc7\x32\xdf\x70\xc7\xba\x90\x2e\x6f\x51\x8b\x4b\xab\x19\xf6\x28\x43\xb6\x43\xd8\xfe\xf7\xf0\x7a\x8b\x64\x16\x7a\x54\x7d\xfa\xe6\xc9\x6f\x15\x8e\x1c\xdc\x68\xfd\x4b\xec\xba\x59\x4c\xc1\xc2\xa0\xcc\xec\xc0\x6e\x44\x9d\x75\x19\x6e\xdd\xa5\xc1\xcc\x99\x01\x7d\xdb\xcc\xa9\x9f\x06\x4f\x76\xc1\x79\xe6\xd6\x1b\x21\xbf\x9e\xaf\xac\x2f\x88\x13\xf9\x87\xc6\xc5\xae\x2d\xd4\x1d\xc2\x96\xea\xe6\x39\x48\x7f\x78\x2e\x89\x8d\x86\xe2\x15\x57\x15\xa0\xc9\x2c\x88\x0a\x7c\x78\x1c\xee\x1e\xd5\xf5\x34\x73\xf0\x7e\x94\xc6\x61\x41\x6b\xe1\x13\x1a\x3e\xca\x45\x94\x26\xaa\x6c\xd3\x1c\x1f\x4b\xd3\x3b\x77\xa3\x71\x73\xb1\xa7\xde\xa9\x96\x84\x44\x5a\xd7\xab\xb2\x79\xb9\x08\x69\x4f\x44\x63\x5a\x4f\xec\xea\xa1\x3b\x14\x50\x99\x9c\xe3\xe9\x91\x00\xa4\x2c\x5e\x4d\x30\x0a\xd2\x4e\xa6\xcb\xe8\xe8\xbb\xfb\x47\xfc\x84\x6f\x48\x38\x7f\x6f\x16\x7c\x30\xad\xb9\xd1\xc4\xe5\x69\x5f\xc2\xbf\x8b\xd0\x00\xb9\xed\xb3\x79\x4f\x80\x28\xbb\x14\x9e\xae\x3c\x7c\x99\x17\x37\x9c\x1f\x62\xc4\x6b\x47\xdc\x48\x4b\x87\xb0\xbd\xd5\xf1\x70\x85\x20\x64\x52\x6f\x28\x96\x87\x29\xe1\xdb\x05\xae\xc2\x18\xd7\x97\x11\x48\x65\x2c\x34\xc0\xb8\x94\x3b\x8f\xfd\xad\xd7\x17\xe1\x50\x02\xf2\x5e\xc6\x42\x8e\x47\x7e\x1b\xec\x2f\x28\x4a\x42\xdf\x10\x54\x36\x5e\xf4\xd3\xc1\xb7\x1c\xb8\x6c\x7a\x59\xf8\xcb\x8d\xf6\xf8\x67\x81\x9a\x64\x7c\x84\x06\x60\x9f\xf0\xf4\xe3\x54\xf7\x77\xbc\x0d\x25\xef\x7b\x07\xef\x65\x00\xbb\x8b\x06\x7d\xa1\xca\xef\xa0\x1a\xcf\xa3\xc8\xe1\x4b\x34\x38\xcd\x16\xb7\x2d\xef\x2b\xcc\x6d\x96\xe3\x3b\xf2\xad\x75\x4c\x9b\xcf\x9d\x2d\x8b\xab\x86\x02\xb4\x96\x08\x93\xc8\x83\xc8\x93\x18\xe9\x7f\xf7\x7d\x29\x11\xf4\xea\x7f\x57\xbd\x70\x9f\x2b\x2e\x9d\x98\x9a\xeb\x12\x58\xbd\x9f\xb1\x70\xe8\xe2\xe9\xb7\xc9\x73\xbe\x33\xe5\x61\x69\x55\x0c\x81\xd4\x59\xce\xc2\x5e\x51\x99\x74\x3d\xf3\xb6\x54\x1a\xbc\x69\x84\x73\x52\x49\xe9\xaa\x60\x97\x3d\x44\xb8\x8e\xf8\xa3\x50\xc6\x88\x5e\x9f\xc2\x60\xaa\xef\x90\x13\x23\xba\xce\xce\x25\xe3\x30\xff\x2c\xd2\x1d\x11\x91\xfb\xde\xb2\xbf\x07\x0f\x1d\x22\xe0\x5f\xbe\x65\x76\x06\xa4\x6c\xe8\x3a\x6d\x9d\x4f\x79\x34\xcb\xef\x75\x9f\xa0\x97\x09\x2b\xc0\x78\x8e\xf9\x41\x30\xbe\x92\x27\x93\x9e\x17\x0d\x98\x6f\xa9\x03\xbd\x4b\xd1\x88\x64\x09\x03\xbf\xdc\xa8\xd6\xa4\x89\x26\xc9\xa0\xa2\xe1\x14\x4a\xd2\x36\x5e\x19\xe6\x4f\xc8\x65\x32\xe6\x02\x9f\xc7\xc8\x61\xfc\x1e\x16\xa7\x22\x61\xcb\x11\x9e\xcd\x2f\x71\xbf\x6d\x3f\xc9\x3b\x5e\x0b\x74\xda\xdd\xc3\x9d\x4d\x7a\xa2\xa6\xbb\x6c\x7a\x00\x02\xe4\xe2\x5b\xb8\x6d\xd6\xca\xd2\x31\x33\x42\x14\x43\x3a\xce\xd6\xc7\x76\x1b\x34\xec\xf3\x55\x3a\x4b\x34\xc5\xcb\x0c\x98\x8f\x0c\x36\xc5\x06\x32\xb8\x54\x41\x47\xc1\x13\xdd\x22\xbc\x1d\x8a\xda\xb7\xac\x05\x2a\xd7\x98\x40\x5c\x00\x57\xca\x33\x94\x70\x88\x01\x5d\x87\xf4\x10\xec\x06\xb7\xb6\xb7\x19\x59\x3a\x4c\x6c\xd4\xce\xa4\xe7\x11\xad\x8c\x3f\x93\xba\xd3\x2f\x86\x91\x95\xe7\x52\x86\xb7\xbb\xac\x26\x17\x83\xe1\x9f\x97\xef\xb8\xa9\x98\x9a\x19\xec\x6c\x7d\x43\xda\xfc\xd2\xc0\x9a\x14\x1c\x76\x71\xb4\xdd\x10\x59\x32\xd6\x63\xee\xd7\xc4\xb6\x06\xf2\x65\x23\xa1\x16\xd1\xa4\x2d\x62\x84\x13\x62\x4b\x8d\x9d\xd2\x49\xf2\x68\xe4\xcd\x72\x81\x24\x33\xb9\xb7\xfb\xcb\x76\xe3\x03\xc0\x4e\xb2\x57\xe5\xa1\x43\xd6\xed\x94\xdd\x8f\x1b\xdb\x5f\x40\xdc\xab\x5a\xc4\x5c\x5c\x77\x8a\x42\xd5\xeb\xf1\x75\xc4\xa8\xea\x5c\x3f\x3b\x92\xec\x78\x47\x19\x84\xe9\x78\x4b\xf7\x5c\x18\xec\x20\xb9\xd3\x83\x72\x67\xc6\x7d\xaa\x95\xf5\xe9\xea\xe6\x08\xb6\x19\xac\x35\x83\xc7\x83\xdd\x00\xab\x5a\x93\x41\x39\x99\x68\x30\x01\x91\x9b\xb8\x9b\xb5\x8a\x51\xeb\x1b\xe1\x65\x4a\x62\xe3\x01\x9f\xe9\xcb\x3c\x43\x96\x5c\xdb\x08\x93\xa5\x73\x90\x04\xe7\x13\x38\x5d\x67\x03\xcd\xd7\x76\x5d\xd3\x75\x4e\x33\x16\x3d\xf5\x48\x99\x12\x76\x54\x12\x8a\xb3\x7b\x3c\x5e\x10\x49\x12\xc9\xa8\x78\xa5\xb6\xe6\x9f\xd9\xd8\xd5\xf7\x55\x11\xa4\xd0\xb8\xcd\x90\xa8\xdd\x9a\xbc\x47\xb8\x9b\xd0\x27\xf2\x51\x6b\x49\x07\x63\xc3\xc4\xdc\xa7\x95\x60\x29\xb1\x6c\x90\x59\xaa\x65\xb2\x77\x7c\xdf\xad\x8a\x76\xf8\x68\xdd\xc9\x1f\x1f\x9c\x6f\xe9\x9c\x52\xe4\xf0\x77\x82\xd2\xe2\x66\x1e\xe4\x35\xe9\x89\x99\x08\xef\x60\xfe\x86\x57\xa3\xa7\xe5\xf9\x39\x47\xf6\xfa\xd9\x29\x54\x8c\x00\xcc\xaf\x36\x5e\xb0\xd6\xc3\xcc\x45\x6e\x3c\xc8\x4d\x97\x6c\x1f\xeb\x3e\x0d\xbb\x2b\xdb\x20\xae\x40\x31\xb5\x0a\x94\x23\x0c\x07\x4d\x4b\x3c\xd1\x82\xac\x03\xf0\x59\xdf\x36\x8c\x41\xae\x9a\xf8\x9f\x4f\xb2\x8a\xc5\x56\xbb\x5c\x9a\xa0\x2f\x18\x3a\x78\x3c\xb8\xfd\x22\x47\xac\xbc\xe9\x2a\x23\xff\x9c\x01\xe7\x53\x0e\x5b\x7b\xf7\x89\xea\x0a\x32\x4b\xce\x61\x25\x27\xce\x8d\xc7\xb8\xd5\x48\xa8\x4b\x7e\xbd\xbd\x18\x1e\xbd\x35\x21\x2d\x7a\xdf\x25\x82\xb6\xd8\x3a\xff\x3a\x2c\x51\x14\x46\x94\xf6\xbb\x0f\x7e\x42\x74\x04\x61\x70\x7c\x71\x49\xed\x88\x88\x15\x1e\xc0\xe5\x0b\x52\x82\x1c\x66\xa8\x71\x39\x01\xfe\x0a\xe4\xe1\x22\x49\x94\x32\x8e\x34\x82\xde\xa2\x28\x2e\x9c\xb1\x3e\x1d\x74\x87\xd1\x92\xe3\x81\x72\x15\x23\x68\x75\xa8\x17\x76\x53\xde\xa3\x13\x33\x02\xc9\xeb\x81\x93\x56\x1b\x0b\x4a\x84\x55\x28\xc2\xb8\x9e\xb5\x0a\x4e\x0a\xd8\x1f\xd2\x36\xf5\xf7\x1e\xbc\xd8\x9b\xf8\x88\x34\x06\x75\xdf\x52\xa5\xcd\xb7\x2b\xe2\x50\x42\x04\x01\x6c\xd6\x56\xe5\xa3\xa1\xa2\xf0\x93\x2b\xb2\x8a\x5f\xf4\x9f\x83\xa9\xbe\xed\x95\x8e\xc4\xe0\x88\xa1\x5a\x86\xaf\x6e\xda\x79\x69\xc2\x49\x53\x82\xce\x3a\x40\x93\xb7\x83\x67\x50\xb7\xea\x22\x2f\xa1\x13\x12\x24\xd9\xfb\x23\xac\xb2\xa5\x11\x3d\x42\xbd\x70\x07\x00\xc6\xe9\x71\xb7\xbb\x3a\x8f\xe8\xec\xe2\x2c\x89\x2c\x44\x9e\x0a\x45\x4b\xb4\xd0\x1c\xab\x6c\xb9\x3a\x63\xce\x00\x37\x0a\x98\x6c\xf3\xd3\x05\x7c\x29\x50\x00\x6f\x04\x15\xad\xd0\x5e\x00\xfc\xc7\x2d\xfe\x86\xfb\xb6\x5a\xe8\x19\xca\xd2\xdc\x72\x16\x18\x41\xe3\x4a\x5a\x88\x44\xc2\x84\x4c\x2c\xab\x0b\xcc\x6f\x15\xfd\xbf\x01\x0b\x0e\xc1\x57\x6e\x40\x5e\x15\x19\x16\xab\x94\xf1\xae\x70\xbe\x1f\x39\x91\xfb\x6f\xb8\x38\xac\x4b\xcc\xbb\xac\xdc\xda\x00\xcf\x2e\xa3\xaa\x5e\x57\x4a\xde\x34\x53\xc9\x2b\x0c\x84\x71\x72\xab\x5f\xcc\xde\x89\x1c\x78\x1a\x8b\x94\xbb\xd4\x64\x1f\x79\xc1\xfa\x75\x32\x2c\x25\x25\xba\x0b\x7d\x53\x6a\x07\x43\xcf\x11\x08\x68\xf4\xff\x4e\xe3\x2e\x36\xe4\x77\x57\xbb\xf4\x16\xc1\x98\xbf\x1e\x94\xa6\x49\xaf\xc2\x9a\xdc\x07\xe5\x6e\x52\x5f\x21\x89\xb0\x11\x56\x5c\xa9\x54\xa8\xf5\x8f\x9b\x15\x50\x3d\x59\xa5\x55\x8f\xb4\xe7\x12\xb5\xf5\xec\xb4\x6b\x98\x0b\xd1\x68\x71\xfe\xce\x77\x59\xa0\x13\xff\x39\x5f\x7d\xad\x19\x49\x38\x20\x6b\xb5\x92\x15\x3a\xea\x3c\xa5\xed\x17\x42\xa4\x56\x7b\x5f\x0e\xe6\x18\x14\xd4\x9b\x31\x6c\xbd\x8a\x8c\x72\x9f\x8b\x60\x30\x88\x36\xaa\x9a\x3a\x27\x20\x63\x58\x5b\x53\x0d\x1f\x80\x60\x6f\xb5\x0f\xef\x4a\x28\xd4\xf3\xce\xe5\xbd\xbf\x7d\xaa\xf2\x11\xdd\x0b\xb4\xf9\x71\x52\x8f\x67\xcc\xfc\x59\x09\x29\x1c\xaf\xa5\x62\xc5\x83\x93\x2b\x45\x6a\x04\xf6\x4c\x1d\x68\xd5\x45\x27\x26\x85\xfd\xb7\x93\xc4\x58\x72\x98\x54\xef\xab\x51\xca\xd2\x97\x68\x7d\x8e\x78\x72\x05\x57\x9f\x38\x98\x4f\x6f\xf2\x67\xe0\xad\xc8\xa3\xdc\x01\x50\x4d\x48\x11\xed\x38\x74\x09\x37\x27\xb6\x5a\xf4\xf8\x89\xa5\xd6\xff\xd9\x9c\xd1\x15\xf6\xb8\xba\xd2\x42\x67\x1f\x5d\xfb\x76\xdb\xe5\x96\x9a\x7a\xec\x93\x96\x5f\x65\x21\x65\x09\x52\x79\xed\x82\xdd\xae\xe3\x28\xf0\x11\x51\xa8\xdb\x93\x46\x7d\x8e\x96\x59\x58\x16\xa6\xff\x24\x04\x7d\x91\x57\x33\x98\x54\xf3\xc8\x05\xe2\x9e\x49\xad\xde\xdf\x79\xb2\x9b\x32\xde\x00\x85\x79\x1e\x6f\x51\x6a\x06\x6a\xd3\x5a\xea\x8e\x37\x89\x2b\xd4\x32\xc3\x44\xed\xee\x98\xc2\xca\x16\x86\x7a\xf6\x36\x67\x01\xd7\xd4\x0e\xb3\xe8\xde\xc4\xdd\x71\x8b\x8c\xa3\xdd\xeb\xbb\xf2\xd3\xc8\x24\x94\xbc\x76\x94\x78\x4b\xb3\xf0\xf4\x8b\xaf\xc6\x37\x14\xda\x4b\x73\x7e\xca\xbf\xb3\x0c\x5c\xd0\x38\xe1\x9d\xdc\x31\x40\x56\xb7\x43\x80\xcb\x3a\xab\x06\x10\x7e\x05\x06\xfa\xfd\x43\xa0\x4b\x32\xeb\xce\xaa\xae\x73\xf4\xe6\xc1\x88\x5d\xaa\x9d\x47\x1e\x04\x78\xc0\x4c\xe5\x2e\x63\x33\x9c\xe3\xe9\x9b\x37\x9a\x9c\xe0\xa0\x16\xf6\x19\xaf\xa5\xc2\xcd\x58\x7d\x28\xcf\x47\x40\x14\x88\xeb\x39\x64\xc7\xbb\x28\x9b\xc5\x1f\x5b\x0a\x0b\xaa\xe6\xe1\xb3\xbe\x7a\x95\x06\xba\xbd\x11\x0f\x9c\xea\xec\x69\x6b\x1b\x5e\x21\x1b\x11\x97\xa3\x13\x0c\xe9\xb9\x3c\xe4\xf3\xb5\x9d\x59\x37\x96\xba\x70\xa1\xc8\xe7\xa5\xd3\xc6\x07\x9a\x57\x11\xac\x13\xa3\xeb\x0c\x39\xfb\xd0\x11\x8e\x1c\xc8\xe0\xf4\x02\x31\x56\x1b\xab\x91\xcd\x71\xd6\xc1\x8e\xea\x42\xde\xba\xf1\xe9\x48\x80\x92\x06\xf1\xac\x5c\x28\x23\x88\x07\xc9\xd5\xc6\x38\xb5\xff\xec\x4a\x90\xdf\xe3\x21\xaf\x74\xe1\xbc\x9e\x19\xdc\x81\x89\xd7\x09\xe6\x10\x13\x54\x4e\xa4\x2b\xf4\xc2\xdc\xb2\xc9\x9f\x39\x74\xaa\xb0\xa3\xb6\x69\xed\x98\xa8\x0d\x68\x5a\xbd\x3f\x48\xb2\x9f\x1b\xf1\x73\x7f\x2b\x3e\x15\xf7\xb8\xf0\xcd\x45\x65\x8a\xdb\x86\x0c\x21\xa0\x6a\x2b\x84\x18\xaa\x7d\x0f\x53\x97\xdf\x5a\x39\xa4\x4d\x49\xa3\x3e\xfa\x48\x9e\xd2\xa0\x54\x6f\xc5\x62\xb8\x79\x8d\x8a\x93\x6b\xcc\x56\xa7\xf4\x9c\x25\x20\xca\x60\xee\x23\x33\xfb\xf2\xae\x69\xdb\xac\x1c\x9b\x5c\xcd\x78\x26\xcc\x95\xfa\xc1\xc2\xbc\x28\x4b\x60\x67\x3d\x99\x2b\x02\x78\x43\x9e\x1d\xd9\x88\xd7\xb2\x79\x3e\xf3\x5c\xff\x25\xdc\x31\xc4\x79\x5e\xff\xc4\x3b\xb2\x5c\xba\xe0\xa0\xe9\x1b\xc2\x9a\x72\x55\x62\xc2\xe6\x82\xb4\x65\x5e\xb7\x05\x61\x13\x2d\x2f\xa4\xf6\x05\xe5\xe5\x02\x6b\xd0\xa9\x29\xe8\xc5\x51\x32\xf9\x1c\x4b\x9d\x85\x5e\x78\x21\x09\xe1\x4d\xbe\xc6\x76\xe7\x3c\x1d\x35\x25\x5b\x13\xea\x3d\xca\xfd\xe7\x74\x79\x82\x58\xca\x12\x92\x37\xb3\x63\xd6\xe7\x8f\x61\x35\xe3\xad\x82\x21\xed\x43\xfa\x4a\xff\x4f\x33\x94\x41\xe1\x16\x53\x41\x59\x3a\xe8\x73\xb4\xb9\x4f\x39\x29\x73\xd5\x50\xda\xc2\xfe\xac\xbf\x36\x14\x00\xeb\xd3\xdc\xab\x54\x4b\xe1\x96\x3b\xeb\xf2\x77\x42\x91\xdc\x28\x78\x32\xb1\x4a\x1a\x07\xda\x59\x76\x2d\xb6\x33\xd0\xd3\x0f\xd1\x09\xc0\xbb\x67\x85\x2b\xea\x17\x3d\xe5\x30\x5a\x03\x48\xf7\x85\xb9\xfc\xb9\xd5\x6e\x50\xcf\x97\xcc\x6a\x6a\x07\x6d\xde\x3f\xb9\xf5\x5e\xf3\x89\xfb\x48\xc7\xbd\x31\x77\x59\x0c\xd5\xd6\x2c\x4a\x29\xb7\x19\xb8\xf0\x3c\xa7\xbf\x43\x20\x4d\x46\xb1\x16\xb5\x67\x9d\x90\x9a\x94\xe3\x34\xe8\xea\xe0\xe6\x68\x19\x6a\x62\xf4\x86\x3d\xe9\x60\x05\x7a\x21\xaa\xe9\xb2\x59\x38\xd7\xad\x7d\xaf\xfb\x14\x85\xfb\xf9\x0f\xbf\x7a\xc4\xf6\x8e\x12\x64\x37\x9d\xe9\x8e\x18\x3f\xcf\x7e\xf0\x9b\xe5\xd0\xd6\x2e\x37\xa6\xd8\x8e\x8d\xfb\x37\x57\x2d\x9c\x8d\xd5\x1e\x5c\x73\x40\xeb\x89\xaf\x63\xa2\x58\x51\x94\xff\xfc\xd9\x52\x69\xf9\xcc\xa7\x8b\xc8\x7a\x46\x70\x07\xca\xca\xf3\x45\x02\x79\x01\xb8\xfb\x5b\x0a\xa4\x18\xe7\x5b\xa7\x17\xfe\x33\x36\xe5\xca\x1e\xe0\x43\xbb\xf3\xcd\x2f\xb5\x8e\x0a\x44\x04\x77\x5a\xf2\xdb\xfe\x9c\x06\xeb\x6c\x40\x8e\x94\x63\xd5\xac\xbe\x8f\x51\xba\x0c\x44\xa4\xde\xcc\x03\xbc\xac\x74\x98\x09\x8f\xc5\x50\xf3\x4d\x35\x5c\x8f\x8c\xbf\xb5\xb3\x49\x19\x6e\xab\xbb\x5b\x75\xa4\x93\xf9\x1e\xa7\x9d\xd6\x42\x03\x23\x56\x34\xc8\x35\xb2\x2e\x81\x5c\xa8\x23\xa3\x39\x6b\x2f\xe7\x8a\xeb\x7f\xa1\x9e\x7b\x96\x7c\xf6\x70\x6e\xc9\xd1\x2e\xcf\x78\xdb\x96\x4f\xe8\x31\x16\x24\xdd\x5d\x76\x19\xa4\x5d\x05\x20\x69\xf4\xb7\x6f\x1e\x9d\x16\x0d\x68\x6a\xb7\xe7\xe0\x99\xb2\x00\x31\x16\xbb\xe7\x40\x9e\x77\x5c\x44\xad\xb2\x19\x59\x88\xe2\x59\xc1\xf1\x61\xba\x6c\xd1\x8b\x28\x43\xa2\x4c\x8e\xa6\x2a\x29\x98\x08\x35\x5c\xd6\x73\xb1\x7b\xff\x57\xbd\x6b\xef\xf0\x4e\x3c\x34\xbe\xe3\xce\x1d\x19\x27\x98\x9d\xa6\x76\x1f\x13\x11\xa3\x51\xc8\xb7\xb1\x81\x41\x28\x88\x61\xde\xa2\x1e\x44\x0b\xaa\x33\x8e\xa8\xc5\x30\x6b\xfa\x5a\x51\xde\x4c\xc9\xc2\xad\x9f\x7e\x4a\x96\x74\xe7\x7c\x5d\xcc\x7d\x04\x6d\x30\x5b\xca\x52\x79\x35\x8e\xc7\x68\x4d\x84\xa2\x92\xd1\x6e\x07\x63\x1f\x47\x7a\xbd\x9f\xd6\xd4\xe3\xe1\x56\x91\x25\x4f\x03\x17\x24\x10\x68\xa9\x44\x7c\xdf\x08\xf6\xa6\x29\xe9\x95\x2e\xf4\x60\xc6\x12\xcc\x48\x3e\xc1\x82\x89\x9f\xd2\x9f\x45\x99\xc5\xe8\xda\xee\x34\x47\xbf\xf2\x2a\xa7\x49\x9c\xac\xe5\x95\x39\xea\x3c\x88\xe2\x9c\x90\xd2\x94\xd5\xb0\x95\xa0\x03\x72\x10\x90\x56\xe8\xd8\x91\x9a\xff\xa6\xe4\x5c\x72\x9a\xbd\xb7\x7c\xa6\xae\xff\xdb\xc8\xea\xe2\xe4\x32\x90\xb3\x05\x6e\x4f\xdd\x6a\xac\xd8\xc3\x9b\xe9\x7a\xe6\xb0\x8a\xb1\x4f\xdf\x24\x6f\x28\xb2\xc3\x0a\x03\xa2\x81\x4f\x4e\x51\x32\xc6\xf4\x66\x5c\xb1\xdf\xa0\x09\xb8\x5a\xf2\x79\xc2\x61\xb4\x4b\x4d\x22\xcb\x8b\x2a\x43\xc2\xf2\xe4\x60\x73\x50\xc2\x76\x4b\x87\x0c\x90\x86\x3f\x16\x29\x95\x01\x33\xc3\x2c\x8c\xf3\xae\x6e\x8c\x63\xcc\x8c\x5a\x84\x9c\x50\x2c\xe1\x8f\x6f\x6b\x50\x6e\xa7\x8c\x02\xbc\x5b\xb8\x44\xa2\x9d\x22\x88\x13\x77\x1a\x21\x98\xee\x3e\xdc\x44\x89\xfc\x5e\x9d\x8e\xde\xcc\x6a\xe0\xa1\x1a\xce\xde\xc5\x03\x4e\xca\x80\xd5\x59\xdb\xe6\xd3\x98\xeb\xeb\x73\x2f\xfe\xab\x98\x80\x65\xb3\xb0\xde\x4a\x71\xe4\x0a\x67\x65\x73\xab\x7d\x75\x3b\x2b\x8f\xc6\x9e\x15\xca\x33\x9e\xa6\x57\x6a\x00\x73\xdf\xc2\x3e\xb4\x2e\xe8\x38\x1b\x7f\x40\x1f\x3e\x8e\xd3\x95\x14\xac\x4e\x7a\x1a\xab\x17\xae\xcf\x35\xb7\xe4\xcd\x85\x21\xfc\x53\xe7\xea\xa4\xb1\x01\x6e\x13\x4e\x35\x41\x9e\xeb\x59\xe8\xd6\xc8\x87\xb1\xb8\xbf\xd1\x32\x12\x17\xf3\x56\x9c\x03\xb4\x30\xcd\xe4\x16\x91\x8a\x8f\x30\xba\x39\xb8\xea\xcd\xb8\xa7\x55\x1b\x0f\x77\x65\x1d\x86\x27\x18\x65\x68\xec\x6c\x0a\xb1\xf3\x03\x52\x22\xdc\xbd\xe3\xcf\x96\x9e\x71\xaf\xdd\x71\xce\x81\x84\x81\x2b\x3a\x35\xf3\xf5\x2f\x90\x1c\xe3\xe0\x1c\x9d\x4b\xcd\x99\xc9\xf3\x74\x9d\x83\xae\xc1\x52\xb3\x1c\x10\xfb\xf9\x0e\xb4\x74\xb6\x68\x1e\x55\x5b\xd2\xf3\xeb\xf8\x0e\x8e\x4e\x99\xf7\xbb\x1a\x13\xa1\xd1\x1e\x1f\x6f\x2a\x45\xfb\xb6\x27\xa1\x15\x14\xa2\xd2\x3e\xc3\x09\xe9\x1e\xdd\x56\x34\xfa\x5b\xd2\x5f\x33\xa0\x15\x13\xa6\x94\x48\xad\xe4\xc1\x31\x60\xc1\x7b\x22\x39\x5a\x0c\x41\x26\x29\x85\x83\x8c\x50\xd5\x1e\x75\xf7\x89\x2d\x74\x59\x75\x1e\x6a\xe2\x3c\xe6\xc7\x81\xf8\x1f\x8c\x31\x24\x42\xc7\xba\x96\x52\xa4\x24\x13\x2e\x15\x7c\x8d\x51\xc3\xaa\xfd\xbb\xe5\x3a\x20\xe4\x95\x85\x67\xbc\x30\x16\x6c\x65\x8a\x68\xc4\x85\x82\xe4\xe8\x4d\xc5\x3e\xf4\x11\x77\x92\xf2\xd4\xe2\x05\xf6\xa0\xea\x9d\xc1\x68\xa8\xa0\x6c\x75\xb3\x59\xb7\xf9\xae\xa9\x53\xdc\xdf\x3b\x2f\x11\x36\xab\xd2\xeb\xbf\x00\x87\x69\xef\x47\x76\x55\x8f\xac\x02\xbf\xa2\x58\x89\x43\xa1\x1a\x00\xe7\x47\x86\x39\x7f\x96\xb9\x85\x28\x0b\x0a\x17\x4f\x14\x5f\xd3\x31\x61\x64\x14\x9c\x90\x4a\x10\x1c\xbc\xbe\x79\x2b\x78\x20\xaa\x9a\x66\x2f\x0f\x0c\x91\xd6\x02\x39\xa5\x53\xc9\x64\xee\x24\xfc\xa4\x51\x1f\x3d\x43\x4f\x23\x0b\x94\x6a\x5f\x6f\x5f\x81\xf4\xe5\x1f\xd6\xd9\xb8\x8f\xc6\xb1\xd6\x35\x0a\x21\xab\x90\x05\x6f\x18\x83\x72\xe7\x53\x1f\x82\x0c\x89\x65\x9c\x4d\x47\x03\x1d\xfb\x3f\x2f\x66\x85\xb5\xc5\x0b\xf4\x48\xf7\x96\xe2\xfd\x83\xb6\x51\xaf\x22\x2f\xb4\x4b\x94\x91\x4d\xee\xd8\x3e\xbb\xb9\xa9\xb9\x74\xcf\x2c\x36\x59\x6a\x83\x85\x23\x3d\xa4\xb8\x94\xf5\xe2\x9a\xe0\xaa\xb5\x98\xbc\x73\x5b\xc2\x42\x13\x67\x33\x9f\xec\xe7\x37\xd8\x9d\xf7\xea\x01\x21\xcd\xf0\x67\x3e\xd6\x91\xba\xa4\xb3\x32\x4f\x8d\x88\xa6\xcc\x48\x4e\xd7\xc8\xee\x59\x7e\x31\x17\xc1\x9d\xa2\xdf\x59\xdd\x1d\x2e\x9a\x0c\x11\x1c\xb0\x54\x01\xd6\xd5\x64\xbd\x19\x28\xc0\x43\xad\x66\x23\xa5\x6d\xfc\xc5\xe0\x5f\x8d\xff\xb5\x6e\x37\x5d\xdf\x63\x94\x2e\xc8\x69\x2b\x48\x4a\xba\x3b\x54\x79\x5d\x06\xc4\x2e\x7e\xac\xb7\xc5\x0e\xc8\xfc\x21\x1f\x02\xea\x6a\x99\x08\xce\xa2\xf7\x54\x9f\x00\x90\x0c\x27\x07\xcc\x35\xc1\x16\x55\x2b\x76\x0e\x25\x4f\x4a\xca\x58\x2b\x7f\x76\x0b\x8b\x2e\xd6\x9e\x87\x5f\x4a\x9c\x30\x1c\xd0\x6a\x4f\xab\x8f\x53\x8e\xd8\xc7\x9b\xc5\x46\x7d\xde\xde\x41\x48\xba\xcf\xbf\xc7\x4f\x1d\x4c\xd9\xc9\xad\xa6\xbf\x32\x8c\x79\x90\xc1\xf7\xed\x52\x35\x37\xe6\x32\xad\xa4\xf0\x08\xeb", 4096); *(uint64_t*)0x200225c8 = 0x20021540; *(uint32_t*)0x20021540 = r[3]; *(uint32_t*)0x20021544 = r[0]; *(uint32_t*)0x20021548 = r[0]; *(uint32_t*)0x2002154c = r[0]; *(uint64_t*)0x200225d0 = 0x20021580; *(uint64_t*)0x200225d8 = 0x20022580; *(uint32_t*)0x200225e0 = 0x1000; *(uint32_t*)0x200225e4 = 4; *(uint32_t*)0x200225e8 = 0x1000; *(uint32_t*)0x200225ec = 8; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); if (res == ZX_OK) { r[4] = *(uint32_t*)0x20022580; r[5] = *(uint32_t*)0x20022590; r[6] = *(uint32_t*)0x20022598; } break; case 7: *(uint64_t*)0x20023780 = 0x20022680; memcpy((void*)0x20022680, "\xc0\xa1\x63\x28\x06\x60\xce\x73\x59\x69\xf5\xee\x9c\xaf\xa3\x5f\x48\x19\x3a\x86\x20\xd0\xf0\xd7\x6d\xab\x09\x92\x66\x48\xa2\xfd\x68\xb4\xcc\x6e\x54\xd1\xf7\x87\x1d\x9c\xbe\x41\x42\x0a\xcc\x88\xf0\xf8\x8f\x6f\x66\xe8\x22\x58\xe9\x32\x8c\xc2\xd3\xa2\x79\xd3\x84\x5d\xf3\xea\x63\xec", 70); *(uint64_t*)0x20023788 = 0x20022700; *(uint32_t*)0x20022700 = r[3]; *(uint32_t*)0x20022704 = r[0]; *(uint32_t*)0x20022708 = r[0]; *(uint32_t*)0x2002270c = r[4]; *(uint32_t*)0x20022710 = 0; *(uint32_t*)0x20022714 = r[3]; *(uint64_t*)0x20023790 = 0x20022740; *(uint64_t*)0x20023798 = 0x20023740; *(uint32_t*)0x200237a0 = 0x46; *(uint32_t*)0x200237a4 = 6; *(uint32_t*)0x200237a8 = 0x1000; *(uint32_t*)0x200237ac = 1; res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[6], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20023780, /*actual_bytes=*/0x200237c0, /*actual_handles=*/0x20023800); if (res == ZX_OK) r[7] = *(uint32_t*)0x20023740; break; case 8: *(uint64_t*)0x20033900 = 0x20023840; *(uint32_t*)0x20023840 = 0; memset((void*)0x20023844, 0, 3); *(uint8_t*)0x20023847 = 1; *(uint64_t*)0x20023848 = 0x46940c1600000000; *(uint32_t*)0x20023850 = 0x3fe00000; *(uint64_t*)0x20033908 = 0x20023880; *(uint64_t*)0x20033910 = 0x200238c0; *(uint64_t*)0x20033918 = 0x200338c0; *(uint32_t*)0x20033920 = 0x14; *(uint32_t*)0x20033924 = 0; *(uint32_t*)0x20033928 = 0x10000; *(uint32_t*)0x2003392c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[7], /*options=*/0, /*deadline=*/r[2], /*args=*/0x20033900, /*actual_bytes=*/0x20033940, /*actual_handles=*/0x20033980); break; case 9: ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_object_get_info))(/*handle=*/r[5], /*topic=*/0x1000000e, /*buffer=*/0x200339c0, /*buffer_size=*/0x3f0, /*actual=*/0x20033dc0, /*avail=*/0x20033e00); break; case 10: memcpy((void*)0x20000000, "\xf2\x49\x0f\x2d\x3b\x26\xf3\x2e\x3e\x42\xff\xe0\x40\x0f\x49\x0e\x36\x66\x0f\x3a\xdf\x83\x02\x10\x00\x00\x6b\x58\x0f\x85\xd6\xbe\x00\x00\x64\x66\x42\x0f\x15\x4c\x69\x04\xc4\x83\x5d\x7f\x4f\x00\x06\xc4\x62\x6d\xbb\xfd\xf3\x4e\x0f\x1e\xcd", 59); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/1); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x2000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :372:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/r[0], /*options=*/0xded, /*deadline=*/r[2], /*args=*/0x200225c0, /*actual_bytes=*/0x20022600, /*actual_handles=*/0x20022640); ^ 1 error generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1014073033 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/4 (0.27s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/2 (0.27s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/1 (0.27s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/12 (0.27s) csource_test.go:148: FAIL FAIL github.com/google/syzkaller/pkg/csource 37.453s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ok github.com/google/syzkaller/pkg/email/lore (cached) ok github.com/google/syzkaller/pkg/host (cached) ok github.com/google/syzkaller/pkg/html (cached) ok github.com/google/syzkaller/pkg/ifuzz (cached) ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ok github.com/google/syzkaller/pkg/kconfig (cached) ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/subsystem/linux (cached) ok github.com/google/syzkaller/pkg/subsystem/lists (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ok github.com/google/syzkaller/sys/linux (cached) ok github.com/google/syzkaller/sys/netbsd (cached) ok github.com/google/syzkaller/sys/openbsd (cached) ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager (cached) ok github.com/google/syzkaller/syz-verifier (cached) ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ok github.com/google/syzkaller/vm (cached) ok github.com/google/syzkaller/vm/isolated (cached) ok github.com/google/syzkaller/vm/proxyapp (cached) ok github.com/google/syzkaller/vm/vmimpl (cached) FAIL