? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ? github.com/google/syzkaller/pkg/rpctype [no test files] ? github.com/google/syzkaller/pkg/signal [no test files] ? github.com/google/syzkaller/pkg/testutil [no test files] ? github.com/google/syzkaller/pkg/tools [no test files] ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/executor 2.761s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 0.655s ok github.com/google/syzkaller/pkg/auth (cached) ? github.com/google/syzkaller/syz-runner [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fillreports [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-lore [no test files] ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-query-subsystems [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbed [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] ok github.com/google/syzkaller/pkg/bisect 38.456s ok github.com/google/syzkaller/pkg/build 37.863s ok github.com/google/syzkaller/pkg/compiler 3.746s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover 59.771s ok github.com/google/syzkaller/pkg/cover/backend 0.610s --- FAIL: TestGenerate (41.58s) --- FAIL: TestGenerate/fuchsia/amd64 (0.05s) testutil.go:33: seed=1686326483466337927 testutil.go:33: seed=1686326483509068440 --- FAIL: TestGenerate/fuchsia/amd64/0 (0.63s) csource_test.go:150: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_one(void) { intptr_t res = 0; *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); syz_future_time(/*when=*/0); syz_job_default(); syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); syz_process_self(); syz_thread_self(); syz_vmar_root_self(); } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :147:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :178:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor850787021 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/6 (0.63s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :280:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :317:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1070638648 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/2 (0.64s) csource_test.go:150: opts: {Threaded:true Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :274:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :311:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor736724225 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/8 (0.48s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:-9223372036854775808 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :280:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :317:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2854724229 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/7 (0.48s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); loop(); return 0; } :274:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :311:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1225417674 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/13 (0.48s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); fprintf(stderr, "### call=0 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); fprintf(stderr, "### call=1 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 2: res = -1; errno = EFAULT; res = syz_thread_self(); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); fprintf(stderr, "### call=3 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); fprintf(stderr, "### call=4 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 5: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); fprintf(stderr, "### call=5 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); fprintf(stderr, "### call=6 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 7: res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); fprintf(stderr, "### call=7 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); fprintf(stderr, "### call=8 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; res = -1; errno = EFAULT; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); fprintf(stderr, "### call=9 errno=%u\n", (intptr_t)(int)res == -1 ? errno : 0); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); res = -1; errno = EFAULT; res = syz_execute_func(/*text=*/0x20000000); fprintf(stderr, "### call=10 errno=%u\n", res == -1 ? errno : 0); break; case 11: res = -1; errno = EFAULT; res = syz_future_time(/*when=*/0); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: res = -1; errno = EFAULT; res = syz_job_default(); fprintf(stderr, "### call=12 errno=%u\n", res == -1 ? errno : 0); break; case 13: res = -1; errno = EFAULT; res = syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); fprintf(stderr, "### call=13 errno=%u\n", res == -1 ? errno : 0); break; case 14: res = -1; errno = EFAULT; res = syz_process_self(); fprintf(stderr, "### call=14 errno=%u\n", res == -1 ? errno : 0); break; case 15: res = -1; errno = EFAULT; res = syz_thread_self(); fprintf(stderr, "### call=15 errno=%u\n", res == -1 ? errno : 0); break; case 16: res = -1; errno = EFAULT; res = syz_vmar_root_self(); fprintf(stderr, "### call=16 errno=%u\n", res == -1 ? errno : 0); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :282:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :327:45: error: use of undeclared identifier 'zx_vcpu_enter' res = ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2713113974 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/1 (0.48s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :280:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :317:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1058658935 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/9 (0.49s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :280:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :317:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor1297830524 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/5 (0.65s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/14 (0.62s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :284:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :321:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor4176306867 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/3 (0.65s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: zx_channel_call_etc(0x0, 0x91, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)="090e3814ded5ca1bb9204ce0ceac3d95162fab16edf86329372435e1992cd148d29f73e3c25857bf66bb813d6abddde404f63980339937c16fe9e0c8ad309e70509ce52ae1c8e60ebe328caa31b91b7b1b8a9e3febb3fe1289f80a3b74dadcf3619e4eb03d257cd7a8fe5301e58d52aae4336355c0bc0ee7df9704e0ee190064372cd6f71629cec4cf897611a6f18453259fe803ee1464ebd6366490efad381aec2e773163b83a257d24277408221047d312b83defb54f5db6eb9db781f0a74e4a4513e78d1fef19337f8423952747348a1126db4a28fb98de2ffe4dc6cb4414498bf558c8cfec781cb59a4b28647f1aac9cf850970863788bfa319ab74945eb15fb78f3eee5446045512774ecfa8439fdbfafa0f767e9cdf291d1934c12a7ea791a9028bd2e0b346a4f68a24d1bced3bafc730f659d4225960b93827fa64384b88db55337fb5ae30fefe356ba4c116452b23477905dbaab6a2ddec32735f0db44ea41c37c710f67880a68cffcec5710c707288eb34109b24aaa4949ae1b9b333154d9c3b5d6b07095e94d1fb66be2845f466fa375fefd749168cbfabca45ef816389705f0d146b7c47aa5fa070faa0c82f6b366c94be41a00412b7107c4746c41482e94a1b23e9666a738ee4bcb5d5b9deea2fe70dd49f2fc095823d2c6f0c56eb2120b670014b3e41dea9163200efeec14bb92da2c22e03d15be29fd9ab265370f3878ad2818a27d7a1ba774f122d934b0b62077fa625874aacbb6fe8618311b1562d5225c3da1842f45dec3940d3d2306ee0b0183154834322b286e8e31f739c96f22e7272ce4e7a7571ded20ce2deb2754c6b44dce678953ef135675371a728ac6134d5a7873cbb60eac7064cb070bef012fbce09a468cbdeb01fbcd352ab03bebebe70a006f6dcce7b4078cffa0296bd40d5ded971f5a75b2fb4f54db33214470506c5c0dbca61e12fcb3d8207a82b47883b8efe3cfafcfb61ad5e4030cabd0a6f08c46238c18544210ff5a6f58a0a49dee51af9a1e2e6a8827074c2f948773e6b8273ea1197c731afe15561a156457b5011fccebebea49adda3e9c3afa2c63461f4a1451a0056589c64c0ee28678f04d282dfc86ce8d1b319d971c406d1f4798443f661495d8f8cd60dd45bba34341f1acfd1df41bd0827c0baa07a856c9185fb6dbedfc31fdcf7e548ceda8dd94311a062a4a9fb7df18420e66330ce428631a42abf9ae14b9b0c7dc0ddbae34da212bbe7a37276b059c495bbf184f45219c18bf5dc7140595f460391ccaa1ef26234a51882930977a004e675a4a10b82edfbf0b09b7d0a70e3dcc6c4760b92ee556bb00ad270777ea84e13932a4b36465c378f4f4c7566bda189fb3072cf4cb13d45f593295f96d37629ef12b9b8da1ad7a6853c5021f30077b893e92e9d18edbf7175cb725b33382476dd7a2734f304efc5ca6d26684b0668f43b5eae9a9bcf1dfca106a2e2e52e130d6908bc07b23cea685eedb6c93ec76c6097d69f577dd5cc14508218959109f301c9f27cd0a2956564c59ad12d0d939bb14e02bb806946b85ab39e3fdce3946bcf87bef3f53e0edcda9c72f42ed1d31fbc0b700890c4094df83923d0d5222be8466c562250dc9493cf74d1ab7d8ab9a4a7b0cf0cd56724c10a71a4272104937c11dcec74ec2dab996453178b40e173ed21e3c882878fcdf82a57359d71f59fafe5023e17f7a2bb9ab69095b269ad32df831529efdabbe5366f235d48f0ee328c6199b803c57a406febf46643204673a1f16a57d2a3bb70c8287c5405d2279a5b977d8936e1cf2d34b4783b9c4e15a51944320afc2eed1e5c7801596b63633801daa1999edf5548d97d056568dbb47a72440d6ebfb191bc86b95d69d768ac156feed10ca998aff5142796d47c3a3d583b92e32f641e36f810b576c2599febb22e795537d65b333f8b1a4f64e349dd39ecf83458ad2c5cbd13af5d7c4b5117a38639958d340f62b872c23c3f851a32a1a8ce5440a1ec9500b3ae9f56b0fd3a82e1755251499231f8babc682073fa40e18b516aabb702b560cd39c707c176bed3081e1856f940ca15ff9c5506d07ebd80ac2da5efe90b3554de46ae4408392a0707754f06bee43cd5a6c2650fce994a4d888ff3665212c7dc85150477094ca7f67888771f08ee26996cb8e907d100430b67226bf384c9c01488e4cf5aac03bcbdf33ce76c5632653955ebc74ddec21104b20d0b1458eb90928ecf103eb4ffbf3aa45156b71799cc69530be5ad8bda6923ddf3d7ffa9b2865f6689f3092fbf6251df191d1a64572326cddb22ad2aa4a654a669c7f3c2622a413c3c10f247d877f0375600f0605f694715628d14357a1874142e0024d4b1e52eccd35454d5162425a372c0c1215481fa7579397073ce80c6343f881dd1b2d8fa436e5a97fd578eaca113105e90f511923b69acbb269349de9f138e10f7cd4a180e38b025ebf29aa5d70883d830b5afc914432859b182e2ceaeb8444bdc1608fdd028669c30d33cc65f557c78427fce6130e82c8fb7eab095186c40f9a688ac2ec3b3fe7689c6aff2f0795083eb37855adb298a71c459469c410866d7370227aba87939004ebd04ad665bb51ee9d32bf08e7335536f0b63513c1ea9296ac30a9481df6ffb7fa374c4cb4b7d0ed168efbb13eeb58f4735548ba60124193941757f9ecf248e008ddcb82f57f366d327aaf3ce419189de0c42ea3434b4b0a1f21be00072dc647ce18f7862e52aa9bd74b7095663b7c08f027e6fc8969224df584c92bffc4b93106f70bf3f99675e6904e2641492c33de1da917b94e57bcd7afda2253198d5e81c3e46d0082490c2205a75ccea3a6845402ea443642b5925b4c5c65377b3a9d946fc15d44401098dde1e1ec3aa4858da8671b4c827c9f1337b07d09b9b07effdf666cdb8a320c34a4a709e9bbb18cacef547574c109659498f108c53a1796d82aaee504e01801f15bb63e7de6e0d8907a988fa8d3d69c20721b1afb10582ea3e9006f1ebe9a32da207916c675d6ae730fbb2beebe7273f01d8a18d78afd349619303e347b89d6d7a4bae7acb6b560d035021929eb53a7c5c4263ba39c2de7056899d36e73b8afbdc4a7e5b7efbf610683ee6155d7c3ae4d46c43d42d83497cd78ff1644d78d5a1068c028f0a6dd2997637c6b42719079d39b093561e9025851b1659cac8d1a5d5dc1ce434c787cebd1b6224b25afe18497584158942a04e9f3d6b744447c624fc7a8a36c03bdcb1341da7d7c24a03cc1eeb40b718623204e05632052e65db381892289c9a1bf547c3169140355ccc2141bb1794889cc47b4eb6c19fed2e54946e9a0f3ee9a0a6c9c32f159dbcff0645dbfb3bc461b7f6c499b9dad65f59d2b9d20486f012e0a93202a22950ac0a583aacc42aa3b0302b5be160f7abb5af5547ab2a395dfc58922a550dbad99034502f64a48c634a1344a4665bb054df08fa7a49562f7e6448bd0831df51ecee72f5d4b456af5502dd4e5be1901bb3aad0a8f949c63d5bfee80c48d8c41cd47d0a5e9cfeea4801721dd99260a9f4148ee37f0c6e60516b97146031bf532759340f0d965687ce38c4353a64232a0ce1ad154018b206fa3b1eefb6581f1e4fe9d40cee6859dbd2d6c970281844548d188701e37b1a87e0232b2cf50542d220d380c34b5705939fdab1dbb4cb3fdf44d8104d816cf372159d6172d72cc09ed565e34159adca136fd592515440a31a1b2b7200f01fd3ba195a980c004faf103b9f9e7713d3ed5d1c678bbdf889300908e7194f3b2b84e744c94f7b58f61ad6b84ee7c645be813a4ac5b1add1ffad0ffc0b27a1b47f4520186441b820cdac1fd4bae20c62bc817b17df2f79cb9746d1e653d8d8162376cbe81bcc5048358cdd42ca9f8207e7fb1267cac49ecb45aa6bc8002c3597cc074a88c2cced73e695c0cb96b3341deb58b0d41b9559f2d09838e05e406f99f962a0f619a7c02b5acc6210124f195024fd2e4ace58a239233f9f0fa4274ce28f6ee5de51e13742c19e8c1b313f900970a4db1b3641cb527a10592bfb9c526921232277d492499a61d6a20407330e55dae27787aed001b1666a3c0319bda9764618544a20016f12986e4ae1dd7585cd1efb147121bcca00e095e12559f579bf3c7605e9b6737105cb9fc1594e43d5707cd69c8bcd6603e697acec76957d3c6aa448807924666877a52eb2adb90a3de7906a80f47a2c388cba8776f63404b4b644c1086b3abfc8bbde496022826e2102c2f7a16f984be7ac29a68478f879f4c9b3023470641356c91053654568348c550c7083bdd2e61181ea325615aa9fbdbe5741882f3854426224bffa15dec146444e4001f5f8f6f61c0cead815bae2e81299eb3a7a49a664eb01e74c638cbe75e9d169a6e7507fbad9b36b92a09a24beac77e10636a25aa20d01dd37b26ffa99e8bfa8f15b4c19dcadcd9be383a11c732717e1dcb2968e8669d084aa15d7269c11c011eb2b1390398766eceb6378df58f0e796eb47ac5eb1cf53b2c6b4b61d40c0b4c005d0ab82384c45aae499699bc54263eefc29ed403d30b726824259e6c6ea24c7b8560b85baa91abf39ee1fba0a5dcb5a83db8c862c883bdac30684ab2898a391dd6ff6f8b851ebe752573bd1995c87ba3c6abf0394ddc6f05ed360cecfa35aed4cfa3201f55666205f707d09f8fbaa2c88f7ff9b06ef2dfa1700f7b7026a3fd269574eb22fe9a8f6a64dfea6e779cb0a281db2593f2ba8ea3da2b53cead01dbc42f53ee871ba957dbf5c9fc25641f11bf279b43df3916f74372963de32aa0528b511cc0c4d82953acd95f2df84935b609f1af30c35276a3fabf5d2ca7c9814363cab1b48b7b9a96f945e3d24191b70b5f03d0c4ae30b15e2f82ca318e8c9a5b2a2219967a13befaceeb251088671f3d747da72e52c9a22e7aeebcc77e1a024eb66ab09ef01a3aae329abf0035d1cf27911d8676a98431765a11753a5771958dfcbb59846971d2e2cf02d0c0e5a550ea98b93e367fe73f1bd30a09b11520623143609d0c2fa3c8aa376f440ad2963fbeb6671509a799a8528ce087abaf199662b1103142817c176a4e04b15bc6d473b483d9417176e0e23091938ac2fb9ba616c79c0699a0568d22d63362caa06add2423cb71895a1821dfab317811c2752b284d9d55fc5cfddc3c599e1b9118c99fb8d47fd761e6e72429f509c674913d2d36d569801f9284212424556e8caed16834eb076417023c990e5d3110cb31dea85279d40bcc714a676a893925151b550aabbe9548c4b74b309175f4eacfaf1461ae52293e44f92fa26067b50084f9ef982019e0d398058d23844f900c28c152d3eeda42578a0f1ff3002c929e6bca65eb0341778144a15eacfe4e1a63a4cdf1f25048a27261ba4342ee6569a3c6053b5e52f4e134a1e03a1530cf5c0eb17875e3ba44162071b439459bf16edb28508bce3e9f69d8930b0539c39bb74e63e4510e918b8349ccf6959e57550550a357c31649dd728c3fe77dc6920f0d3f4ec5d619b2f4c6eb90dfc17b26d6b30117a07c18f4b7cc96056a4fdc7dac68198cb8bcc6c64d496afa6081768e8dd4f435eb2eedd0b7b08f14114c13c4ff50a93d39afac2d633ef6eb33ac937404262e352f50f067791518ea058841abdd1f770940bca896fddb550c9ce09edc6bd522e318e5ca6ba00259029770d29d1fc4e2a74d7b33fbeaca945e149f241cc933624dba795d33f2ab0706bbc17e2383f6c32df765c116265b0efb585f587be9732beb0bed2e67cef0d1c42b", &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=""/8, &(0x7f0000001080)=[0x0, 0x0, 0x0], 0x1000, 0x3, 0x8, 0x3}, &(0x7f0000001100), &(0x7f0000001140)) (fail_nth: 1) zx_channel_call$fuchsia_ldsvc_LoaderClone(r0, 0x0, 0x7fffffffffffffff, &(0x7f0000011240)={&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200), &(0x7f0000011200), 0x14, 0x1, 0x10000}, &(0x7f0000011280), &(0x7f00000112c0)) (async) r3 = syz_thread_self() (rerun: 4) zx_vcpu_enter(r3, &(0x7f0000011300)={0x0, 0x0, 0x0, @interrupt}) zx_channel_call$fuchsia_io_DirectoryUnlink(0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000021400)={&(0x7f0000011340)={{}, {0x80000000, 0xffffffffffffffff}, {'\x00'}}, &(0x7f0000011380), &(0x7f00000113c0), &(0x7f00000213c0), 0x28, 0x0, 0x10000}, &(0x7f0000021440), &(0x7f0000021480)) r4 = zx_deadline_after(0xffffffffffffffff) zx_channel_call$fuchsia_cobalt_LoggerBaseLogEvent(r0, 0x0, r4, &(0x7f0000031580)={&(0x7f00000214c0)={{}, 0x7, 0x5}, &(0x7f0000021500), &(0x7f0000021540), &(0x7f0000031540), 0x18, 0x0, 0x10000}, &(0x7f00000315c0), &(0x7f0000031600)) zx_vcpu_interrupt(r1, 0x2) zx_channel_write$fuchsia_io_DirectoryWatcherOnEvent(r0, 0x0, &(0x7f0000031640)={{}, {0x81, 0xffffffffffffffff}, "a57c37f0aa5a793d04cf1274e7e2c49a49f9b090d2df747c16d53d3cf3c00a94e6324ab320451b9fd52121ec87b894f7f28d509078b5af1e034fe2979badae"}, 0x5f, &(0x7f00000316c0), 0x0) zx_channel_call$fuchsia_io_NodeSync(r2, 0x0, r4, &(0x7f00000417c0)={&(0x7f0000031700), &(0x7f0000031740), &(0x7f0000031780), &(0x7f0000041780), 0x10, 0x0, 0x10000}, &(0x7f0000041800), &(0x7f0000041840)) syz_execute_func(&(0x7f0000000000)="c4c1ade0a5b9a66367c462013b6b0f0f76b7b700000098c4a2292d120f0f0ba03e450fd1ec0f2926c4619f7c531a660f3adf3900") syz_future_time(0x0) syz_job_default() syz_mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) syz_process_self() syz_thread_self() syz_vmar_root_self() csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/tmp/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) usleep(200); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout_ms) { uint64_t start = current_time_ms(); for (;;) { if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; if (current_time_ms() - start > timeout_ms) return 0; usleep(200); } } long syz_mmap(size_t addr, size_t size) { zx_handle_t root = zx_vmar_root_self(); zx_info_vmar_t info; zx_status_t status = zx_object_get_info(root, ZX_INFO_VMAR, &info, sizeof(info), 0, 0); if (status != ZX_OK) { return status; } zx_handle_t vmo; status = zx_vmo_create(size, 0, &vmo); if (status != ZX_OK) { return status; } uintptr_t mapped_addr; status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE, addr - info.base, vmo, 0, size, &mapped_addr); zx_status_t close_vmo_status = zx_handle_close(vmo); if (close_vmo_status != ZX_OK) { } return status; } static long syz_process_self(void) { return zx_process_self(); } static long syz_thread_self(void) { return zx_thread_self(); } static long syz_vmar_root_self(void) { return zx_vmar_root_self(); } static long syz_job_default(void) { return zx_job_default(); } static long syz_future_time(volatile long when) { zx_time_t delta_ms = 10000; switch (when) { case 0: delta_ms = 5; break; case 1: delta_ms = 30; break; } zx_time_t now = 0; zx_clock_read(ZX_CLOCK_MONOTONIC, &now); return now + delta_ms * 1000 * 1000; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } #define CAST(f) ({void* p = (void*)f; p; }) static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[5] = {0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x200010c0 = 0x20000000; memcpy((void*)0x20000000, "\x09\x0e\x38\x14\xde\xd5\xca\x1b\xb9\x20\x4c\xe0\xce\xac\x3d\x95\x16\x2f\xab\x16\xed\xf8\x63\x29\x37\x24\x35\xe1\x99\x2c\xd1\x48\xd2\x9f\x73\xe3\xc2\x58\x57\xbf\x66\xbb\x81\x3d\x6a\xbd\xdd\xe4\x04\xf6\x39\x80\x33\x99\x37\xc1\x6f\xe9\xe0\xc8\xad\x30\x9e\x70\x50\x9c\xe5\x2a\xe1\xc8\xe6\x0e\xbe\x32\x8c\xaa\x31\xb9\x1b\x7b\x1b\x8a\x9e\x3f\xeb\xb3\xfe\x12\x89\xf8\x0a\x3b\x74\xda\xdc\xf3\x61\x9e\x4e\xb0\x3d\x25\x7c\xd7\xa8\xfe\x53\x01\xe5\x8d\x52\xaa\xe4\x33\x63\x55\xc0\xbc\x0e\xe7\xdf\x97\x04\xe0\xee\x19\x00\x64\x37\x2c\xd6\xf7\x16\x29\xce\xc4\xcf\x89\x76\x11\xa6\xf1\x84\x53\x25\x9f\xe8\x03\xee\x14\x64\xeb\xd6\x36\x64\x90\xef\xad\x38\x1a\xec\x2e\x77\x31\x63\xb8\x3a\x25\x7d\x24\x27\x74\x08\x22\x10\x47\xd3\x12\xb8\x3d\xef\xb5\x4f\x5d\xb6\xeb\x9d\xb7\x81\xf0\xa7\x4e\x4a\x45\x13\xe7\x8d\x1f\xef\x19\x33\x7f\x84\x23\x95\x27\x47\x34\x8a\x11\x26\xdb\x4a\x28\xfb\x98\xde\x2f\xfe\x4d\xc6\xcb\x44\x14\x49\x8b\xf5\x58\xc8\xcf\xec\x78\x1c\xb5\x9a\x4b\x28\x64\x7f\x1a\xac\x9c\xf8\x50\x97\x08\x63\x78\x8b\xfa\x31\x9a\xb7\x49\x45\xeb\x15\xfb\x78\xf3\xee\xe5\x44\x60\x45\x51\x27\x74\xec\xfa\x84\x39\xfd\xbf\xaf\xa0\xf7\x67\xe9\xcd\xf2\x91\xd1\x93\x4c\x12\xa7\xea\x79\x1a\x90\x28\xbd\x2e\x0b\x34\x6a\x4f\x68\xa2\x4d\x1b\xce\xd3\xba\xfc\x73\x0f\x65\x9d\x42\x25\x96\x0b\x93\x82\x7f\xa6\x43\x84\xb8\x8d\xb5\x53\x37\xfb\x5a\xe3\x0f\xef\xe3\x56\xba\x4c\x11\x64\x52\xb2\x34\x77\x90\x5d\xba\xab\x6a\x2d\xde\xc3\x27\x35\xf0\xdb\x44\xea\x41\xc3\x7c\x71\x0f\x67\x88\x0a\x68\xcf\xfc\xec\x57\x10\xc7\x07\x28\x8e\xb3\x41\x09\xb2\x4a\xaa\x49\x49\xae\x1b\x9b\x33\x31\x54\xd9\xc3\xb5\xd6\xb0\x70\x95\xe9\x4d\x1f\xb6\x6b\xe2\x84\x5f\x46\x6f\xa3\x75\xfe\xfd\x74\x91\x68\xcb\xfa\xbc\xa4\x5e\xf8\x16\x38\x97\x05\xf0\xd1\x46\xb7\xc4\x7a\xa5\xfa\x07\x0f\xaa\x0c\x82\xf6\xb3\x66\xc9\x4b\xe4\x1a\x00\x41\x2b\x71\x07\xc4\x74\x6c\x41\x48\x2e\x94\xa1\xb2\x3e\x96\x66\xa7\x38\xee\x4b\xcb\x5d\x5b\x9d\xee\xa2\xfe\x70\xdd\x49\xf2\xfc\x09\x58\x23\xd2\xc6\xf0\xc5\x6e\xb2\x12\x0b\x67\x00\x14\xb3\xe4\x1d\xea\x91\x63\x20\x0e\xfe\xec\x14\xbb\x92\xda\x2c\x22\xe0\x3d\x15\xbe\x29\xfd\x9a\xb2\x65\x37\x0f\x38\x78\xad\x28\x18\xa2\x7d\x7a\x1b\xa7\x74\xf1\x22\xd9\x34\xb0\xb6\x20\x77\xfa\x62\x58\x74\xaa\xcb\xb6\xfe\x86\x18\x31\x1b\x15\x62\xd5\x22\x5c\x3d\xa1\x84\x2f\x45\xde\xc3\x94\x0d\x3d\x23\x06\xee\x0b\x01\x83\x15\x48\x34\x32\x2b\x28\x6e\x8e\x31\xf7\x39\xc9\x6f\x22\xe7\x27\x2c\xe4\xe7\xa7\x57\x1d\xed\x20\xce\x2d\xeb\x27\x54\xc6\xb4\x4d\xce\x67\x89\x53\xef\x13\x56\x75\x37\x1a\x72\x8a\xc6\x13\x4d\x5a\x78\x73\xcb\xb6\x0e\xac\x70\x64\xcb\x07\x0b\xef\x01\x2f\xbc\xe0\x9a\x46\x8c\xbd\xeb\x01\xfb\xcd\x35\x2a\xb0\x3b\xeb\xeb\xe7\x0a\x00\x6f\x6d\xcc\xe7\xb4\x07\x8c\xff\xa0\x29\x6b\xd4\x0d\x5d\xed\x97\x1f\x5a\x75\xb2\xfb\x4f\x54\xdb\x33\x21\x44\x70\x50\x6c\x5c\x0d\xbc\xa6\x1e\x12\xfc\xb3\xd8\x20\x7a\x82\xb4\x78\x83\xb8\xef\xe3\xcf\xaf\xcf\xb6\x1a\xd5\xe4\x03\x0c\xab\xd0\xa6\xf0\x8c\x46\x23\x8c\x18\x54\x42\x10\xff\x5a\x6f\x58\xa0\xa4\x9d\xee\x51\xaf\x9a\x1e\x2e\x6a\x88\x27\x07\x4c\x2f\x94\x87\x73\xe6\xb8\x27\x3e\xa1\x19\x7c\x73\x1a\xfe\x15\x56\x1a\x15\x64\x57\xb5\x01\x1f\xcc\xeb\xeb\xea\x49\xad\xda\x3e\x9c\x3a\xfa\x2c\x63\x46\x1f\x4a\x14\x51\xa0\x05\x65\x89\xc6\x4c\x0e\xe2\x86\x78\xf0\x4d\x28\x2d\xfc\x86\xce\x8d\x1b\x31\x9d\x97\x1c\x40\x6d\x1f\x47\x98\x44\x3f\x66\x14\x95\xd8\xf8\xcd\x60\xdd\x45\xbb\xa3\x43\x41\xf1\xac\xfd\x1d\xf4\x1b\xd0\x82\x7c\x0b\xaa\x07\xa8\x56\xc9\x18\x5f\xb6\xdb\xed\xfc\x31\xfd\xcf\x7e\x54\x8c\xed\xa8\xdd\x94\x31\x1a\x06\x2a\x4a\x9f\xb7\xdf\x18\x42\x0e\x66\x33\x0c\xe4\x28\x63\x1a\x42\xab\xf9\xae\x14\xb9\xb0\xc7\xdc\x0d\xdb\xae\x34\xda\x21\x2b\xbe\x7a\x37\x27\x6b\x05\x9c\x49\x5b\xbf\x18\x4f\x45\x21\x9c\x18\xbf\x5d\xc7\x14\x05\x95\xf4\x60\x39\x1c\xca\xa1\xef\x26\x23\x4a\x51\x88\x29\x30\x97\x7a\x00\x4e\x67\x5a\x4a\x10\xb8\x2e\xdf\xbf\x0b\x09\xb7\xd0\xa7\x0e\x3d\xcc\x6c\x47\x60\xb9\x2e\xe5\x56\xbb\x00\xad\x27\x07\x77\xea\x84\xe1\x39\x32\xa4\xb3\x64\x65\xc3\x78\xf4\xf4\xc7\x56\x6b\xda\x18\x9f\xb3\x07\x2c\xf4\xcb\x13\xd4\x5f\x59\x32\x95\xf9\x6d\x37\x62\x9e\xf1\x2b\x9b\x8d\xa1\xad\x7a\x68\x53\xc5\x02\x1f\x30\x07\x7b\x89\x3e\x92\xe9\xd1\x8e\xdb\xf7\x17\x5c\xb7\x25\xb3\x33\x82\x47\x6d\xd7\xa2\x73\x4f\x30\x4e\xfc\x5c\xa6\xd2\x66\x84\xb0\x66\x8f\x43\xb5\xea\xe9\xa9\xbc\xf1\xdf\xca\x10\x6a\x2e\x2e\x52\xe1\x30\xd6\x90\x8b\xc0\x7b\x23\xce\xa6\x85\xee\xdb\x6c\x93\xec\x76\xc6\x09\x7d\x69\xf5\x77\xdd\x5c\xc1\x45\x08\x21\x89\x59\x10\x9f\x30\x1c\x9f\x27\xcd\x0a\x29\x56\x56\x4c\x59\xad\x12\xd0\xd9\x39\xbb\x14\xe0\x2b\xb8\x06\x94\x6b\x85\xab\x39\xe3\xfd\xce\x39\x46\xbc\xf8\x7b\xef\x3f\x53\xe0\xed\xcd\xa9\xc7\x2f\x42\xed\x1d\x31\xfb\xc0\xb7\x00\x89\x0c\x40\x94\xdf\x83\x92\x3d\x0d\x52\x22\xbe\x84\x66\xc5\x62\x25\x0d\xc9\x49\x3c\xf7\x4d\x1a\xb7\xd8\xab\x9a\x4a\x7b\x0c\xf0\xcd\x56\x72\x4c\x10\xa7\x1a\x42\x72\x10\x49\x37\xc1\x1d\xce\xc7\x4e\xc2\xda\xb9\x96\x45\x31\x78\xb4\x0e\x17\x3e\xd2\x1e\x3c\x88\x28\x78\xfc\xdf\x82\xa5\x73\x59\xd7\x1f\x59\xfa\xfe\x50\x23\xe1\x7f\x7a\x2b\xb9\xab\x69\x09\x5b\x26\x9a\xd3\x2d\xf8\x31\x52\x9e\xfd\xab\xbe\x53\x66\xf2\x35\xd4\x8f\x0e\xe3\x28\xc6\x19\x9b\x80\x3c\x57\xa4\x06\xfe\xbf\x46\x64\x32\x04\x67\x3a\x1f\x16\xa5\x7d\x2a\x3b\xb7\x0c\x82\x87\xc5\x40\x5d\x22\x79\xa5\xb9\x77\xd8\x93\x6e\x1c\xf2\xd3\x4b\x47\x83\xb9\xc4\xe1\x5a\x51\x94\x43\x20\xaf\xc2\xee\xd1\xe5\xc7\x80\x15\x96\xb6\x36\x33\x80\x1d\xaa\x19\x99\xed\xf5\x54\x8d\x97\xd0\x56\x56\x8d\xbb\x47\xa7\x24\x40\xd6\xeb\xfb\x19\x1b\xc8\x6b\x95\xd6\x9d\x76\x8a\xc1\x56\xfe\xed\x10\xca\x99\x8a\xff\x51\x42\x79\x6d\x47\xc3\xa3\xd5\x83\xb9\x2e\x32\xf6\x41\xe3\x6f\x81\x0b\x57\x6c\x25\x99\xfe\xbb\x22\xe7\x95\x53\x7d\x65\xb3\x33\xf8\xb1\xa4\xf6\x4e\x34\x9d\xd3\x9e\xcf\x83\x45\x8a\xd2\xc5\xcb\xd1\x3a\xf5\xd7\xc4\xb5\x11\x7a\x38\x63\x99\x58\xd3\x40\xf6\x2b\x87\x2c\x23\xc3\xf8\x51\xa3\x2a\x1a\x8c\xe5\x44\x0a\x1e\xc9\x50\x0b\x3a\xe9\xf5\x6b\x0f\xd3\xa8\x2e\x17\x55\x25\x14\x99\x23\x1f\x8b\xab\xc6\x82\x07\x3f\xa4\x0e\x18\xb5\x16\xaa\xbb\x70\x2b\x56\x0c\xd3\x9c\x70\x7c\x17\x6b\xed\x30\x81\xe1\x85\x6f\x94\x0c\xa1\x5f\xf9\xc5\x50\x6d\x07\xeb\xd8\x0a\xc2\xda\x5e\xfe\x90\xb3\x55\x4d\xe4\x6a\xe4\x40\x83\x92\xa0\x70\x77\x54\xf0\x6b\xee\x43\xcd\x5a\x6c\x26\x50\xfc\xe9\x94\xa4\xd8\x88\xff\x36\x65\x21\x2c\x7d\xc8\x51\x50\x47\x70\x94\xca\x7f\x67\x88\x87\x71\xf0\x8e\xe2\x69\x96\xcb\x8e\x90\x7d\x10\x04\x30\xb6\x72\x26\xbf\x38\x4c\x9c\x01\x48\x8e\x4c\xf5\xaa\xc0\x3b\xcb\xdf\x33\xce\x76\xc5\x63\x26\x53\x95\x5e\xbc\x74\xdd\xec\x21\x10\x4b\x20\xd0\xb1\x45\x8e\xb9\x09\x28\xec\xf1\x03\xeb\x4f\xfb\xf3\xaa\x45\x15\x6b\x71\x79\x9c\xc6\x95\x30\xbe\x5a\xd8\xbd\xa6\x92\x3d\xdf\x3d\x7f\xfa\x9b\x28\x65\xf6\x68\x9f\x30\x92\xfb\xf6\x25\x1d\xf1\x91\xd1\xa6\x45\x72\x32\x6c\xdd\xb2\x2a\xd2\xaa\x4a\x65\x4a\x66\x9c\x7f\x3c\x26\x22\xa4\x13\xc3\xc1\x0f\x24\x7d\x87\x7f\x03\x75\x60\x0f\x06\x05\xf6\x94\x71\x56\x28\xd1\x43\x57\xa1\x87\x41\x42\xe0\x02\x4d\x4b\x1e\x52\xec\xcd\x35\x45\x4d\x51\x62\x42\x5a\x37\x2c\x0c\x12\x15\x48\x1f\xa7\x57\x93\x97\x07\x3c\xe8\x0c\x63\x43\xf8\x81\xdd\x1b\x2d\x8f\xa4\x36\xe5\xa9\x7f\xd5\x78\xea\xca\x11\x31\x05\xe9\x0f\x51\x19\x23\xb6\x9a\xcb\xb2\x69\x34\x9d\xe9\xf1\x38\xe1\x0f\x7c\xd4\xa1\x80\xe3\x8b\x02\x5e\xbf\x29\xaa\x5d\x70\x88\x3d\x83\x0b\x5a\xfc\x91\x44\x32\x85\x9b\x18\x2e\x2c\xea\xeb\x84\x44\xbd\xc1\x60\x8f\xdd\x02\x86\x69\xc3\x0d\x33\xcc\x65\xf5\x57\xc7\x84\x27\xfc\xe6\x13\x0e\x82\xc8\xfb\x7e\xab\x09\x51\x86\xc4\x0f\x9a\x68\x8a\xc2\xec\x3b\x3f\xe7\x68\x9c\x6a\xff\x2f\x07\x95\x08\x3e\xb3\x78\x55\xad\xb2\x98\xa7\x1c\x45\x94\x69\xc4\x10\x86\x6d\x73\x70\x22\x7a\xba\x87\x93\x90\x04\xeb\xd0\x4a\xd6\x65\xbb\x51\xee\x9d\x32\xbf\x08\xe7\x33\x55\x36\xf0\xb6\x35\x13\xc1\xea\x92\x96\xac\x30\xa9\x48\x1d\xf6\xff\xb7\xfa\x37\x4c\x4c\xb4\xb7\xd0\xed\x16\x8e\xfb\xb1\x3e\xeb\x58\xf4\x73\x55\x48\xba\x60\x12\x41\x93\x94\x17\x57\xf9\xec\xf2\x48\xe0\x08\xdd\xcb\x82\xf5\x7f\x36\x6d\x32\x7a\xaf\x3c\xe4\x19\x18\x9d\xe0\xc4\x2e\xa3\x43\x4b\x4b\x0a\x1f\x21\xbe\x00\x07\x2d\xc6\x47\xce\x18\xf7\x86\x2e\x52\xaa\x9b\xd7\x4b\x70\x95\x66\x3b\x7c\x08\xf0\x27\xe6\xfc\x89\x69\x22\x4d\xf5\x84\xc9\x2b\xff\xc4\xb9\x31\x06\xf7\x0b\xf3\xf9\x96\x75\xe6\x90\x4e\x26\x41\x49\x2c\x33\xde\x1d\xa9\x17\xb9\x4e\x57\xbc\xd7\xaf\xda\x22\x53\x19\x8d\x5e\x81\xc3\xe4\x6d\x00\x82\x49\x0c\x22\x05\xa7\x5c\xce\xa3\xa6\x84\x54\x02\xea\x44\x36\x42\xb5\x92\x5b\x4c\x5c\x65\x37\x7b\x3a\x9d\x94\x6f\xc1\x5d\x44\x40\x10\x98\xdd\xe1\xe1\xec\x3a\xa4\x85\x8d\xa8\x67\x1b\x4c\x82\x7c\x9f\x13\x37\xb0\x7d\x09\xb9\xb0\x7e\xff\xdf\x66\x6c\xdb\x8a\x32\x0c\x34\xa4\xa7\x09\xe9\xbb\xb1\x8c\xac\xef\x54\x75\x74\xc1\x09\x65\x94\x98\xf1\x08\xc5\x3a\x17\x96\xd8\x2a\xae\xe5\x04\xe0\x18\x01\xf1\x5b\xb6\x3e\x7d\xe6\xe0\xd8\x90\x7a\x98\x8f\xa8\xd3\xd6\x9c\x20\x72\x1b\x1a\xfb\x10\x58\x2e\xa3\xe9\x00\x6f\x1e\xbe\x9a\x32\xda\x20\x79\x16\xc6\x75\xd6\xae\x73\x0f\xbb\x2b\xee\xbe\x72\x73\xf0\x1d\x8a\x18\xd7\x8a\xfd\x34\x96\x19\x30\x3e\x34\x7b\x89\xd6\xd7\xa4\xba\xe7\xac\xb6\xb5\x60\xd0\x35\x02\x19\x29\xeb\x53\xa7\xc5\xc4\x26\x3b\xa3\x9c\x2d\xe7\x05\x68\x99\xd3\x6e\x73\xb8\xaf\xbd\xc4\xa7\xe5\xb7\xef\xbf\x61\x06\x83\xee\x61\x55\xd7\xc3\xae\x4d\x46\xc4\x3d\x42\xd8\x34\x97\xcd\x78\xff\x16\x44\xd7\x8d\x5a\x10\x68\xc0\x28\xf0\xa6\xdd\x29\x97\x63\x7c\x6b\x42\x71\x90\x79\xd3\x9b\x09\x35\x61\xe9\x02\x58\x51\xb1\x65\x9c\xac\x8d\x1a\x5d\x5d\xc1\xce\x43\x4c\x78\x7c\xeb\xd1\xb6\x22\x4b\x25\xaf\xe1\x84\x97\x58\x41\x58\x94\x2a\x04\xe9\xf3\xd6\xb7\x44\x44\x7c\x62\x4f\xc7\xa8\xa3\x6c\x03\xbd\xcb\x13\x41\xda\x7d\x7c\x24\xa0\x3c\xc1\xee\xb4\x0b\x71\x86\x23\x20\x4e\x05\x63\x20\x52\xe6\x5d\xb3\x81\x89\x22\x89\xc9\xa1\xbf\x54\x7c\x31\x69\x14\x03\x55\xcc\xc2\x14\x1b\xb1\x79\x48\x89\xcc\x47\xb4\xeb\x6c\x19\xfe\xd2\xe5\x49\x46\xe9\xa0\xf3\xee\x9a\x0a\x6c\x9c\x32\xf1\x59\xdb\xcf\xf0\x64\x5d\xbf\xb3\xbc\x46\x1b\x7f\x6c\x49\x9b\x9d\xad\x65\xf5\x9d\x2b\x9d\x20\x48\x6f\x01\x2e\x0a\x93\x20\x2a\x22\x95\x0a\xc0\xa5\x83\xaa\xcc\x42\xaa\x3b\x03\x02\xb5\xbe\x16\x0f\x7a\xbb\x5a\xf5\x54\x7a\xb2\xa3\x95\xdf\xc5\x89\x22\xa5\x50\xdb\xad\x99\x03\x45\x02\xf6\x4a\x48\xc6\x34\xa1\x34\x4a\x46\x65\xbb\x05\x4d\xf0\x8f\xa7\xa4\x95\x62\xf7\xe6\x44\x8b\xd0\x83\x1d\xf5\x1e\xce\xe7\x2f\x5d\x4b\x45\x6a\xf5\x50\x2d\xd4\xe5\xbe\x19\x01\xbb\x3a\xad\x0a\x8f\x94\x9c\x63\xd5\xbf\xee\x80\xc4\x8d\x8c\x41\xcd\x47\xd0\xa5\xe9\xcf\xee\xa4\x80\x17\x21\xdd\x99\x26\x0a\x9f\x41\x48\xee\x37\xf0\xc6\xe6\x05\x16\xb9\x71\x46\x03\x1b\xf5\x32\x75\x93\x40\xf0\xd9\x65\x68\x7c\xe3\x8c\x43\x53\xa6\x42\x32\xa0\xce\x1a\xd1\x54\x01\x8b\x20\x6f\xa3\xb1\xee\xfb\x65\x81\xf1\xe4\xfe\x9d\x40\xce\xe6\x85\x9d\xbd\x2d\x6c\x97\x02\x81\x84\x45\x48\xd1\x88\x70\x1e\x37\xb1\xa8\x7e\x02\x32\xb2\xcf\x50\x54\x2d\x22\x0d\x38\x0c\x34\xb5\x70\x59\x39\xfd\xab\x1d\xbb\x4c\xb3\xfd\xf4\x4d\x81\x04\xd8\x16\xcf\x37\x21\x59\xd6\x17\x2d\x72\xcc\x09\xed\x56\x5e\x34\x15\x9a\xdc\xa1\x36\xfd\x59\x25\x15\x44\x0a\x31\xa1\xb2\xb7\x20\x0f\x01\xfd\x3b\xa1\x95\xa9\x80\xc0\x04\xfa\xf1\x03\xb9\xf9\xe7\x71\x3d\x3e\xd5\xd1\xc6\x78\xbb\xdf\x88\x93\x00\x90\x8e\x71\x94\xf3\xb2\xb8\x4e\x74\x4c\x94\xf7\xb5\x8f\x61\xad\x6b\x84\xee\x7c\x64\x5b\xe8\x13\xa4\xac\x5b\x1a\xdd\x1f\xfa\xd0\xff\xc0\xb2\x7a\x1b\x47\xf4\x52\x01\x86\x44\x1b\x82\x0c\xda\xc1\xfd\x4b\xae\x20\xc6\x2b\xc8\x17\xb1\x7d\xf2\xf7\x9c\xb9\x74\x6d\x1e\x65\x3d\x8d\x81\x62\x37\x6c\xbe\x81\xbc\xc5\x04\x83\x58\xcd\xd4\x2c\xa9\xf8\x20\x7e\x7f\xb1\x26\x7c\xac\x49\xec\xb4\x5a\xa6\xbc\x80\x02\xc3\x59\x7c\xc0\x74\xa8\x8c\x2c\xce\xd7\x3e\x69\x5c\x0c\xb9\x6b\x33\x41\xde\xb5\x8b\x0d\x41\xb9\x55\x9f\x2d\x09\x83\x8e\x05\xe4\x06\xf9\x9f\x96\x2a\x0f\x61\x9a\x7c\x02\xb5\xac\xc6\x21\x01\x24\xf1\x95\x02\x4f\xd2\xe4\xac\xe5\x8a\x23\x92\x33\xf9\xf0\xfa\x42\x74\xce\x28\xf6\xee\x5d\xe5\x1e\x13\x74\x2c\x19\xe8\xc1\xb3\x13\xf9\x00\x97\x0a\x4d\xb1\xb3\x64\x1c\xb5\x27\xa1\x05\x92\xbf\xb9\xc5\x26\x92\x12\x32\x27\x7d\x49\x24\x99\xa6\x1d\x6a\x20\x40\x73\x30\xe5\x5d\xae\x27\x78\x7a\xed\x00\x1b\x16\x66\xa3\xc0\x31\x9b\xda\x97\x64\x61\x85\x44\xa2\x00\x16\xf1\x29\x86\xe4\xae\x1d\xd7\x58\x5c\xd1\xef\xb1\x47\x12\x1b\xcc\xa0\x0e\x09\x5e\x12\x55\x9f\x57\x9b\xf3\xc7\x60\x5e\x9b\x67\x37\x10\x5c\xb9\xfc\x15\x94\xe4\x3d\x57\x07\xcd\x69\xc8\xbc\xd6\x60\x3e\x69\x7a\xce\xc7\x69\x57\xd3\xc6\xaa\x44\x88\x07\x92\x46\x66\x87\x7a\x52\xeb\x2a\xdb\x90\xa3\xde\x79\x06\xa8\x0f\x47\xa2\xc3\x88\xcb\xa8\x77\x6f\x63\x40\x4b\x4b\x64\x4c\x10\x86\xb3\xab\xfc\x8b\xbd\xe4\x96\x02\x28\x26\xe2\x10\x2c\x2f\x7a\x16\xf9\x84\xbe\x7a\xc2\x9a\x68\x47\x8f\x87\x9f\x4c\x9b\x30\x23\x47\x06\x41\x35\x6c\x91\x05\x36\x54\x56\x83\x48\xc5\x50\xc7\x08\x3b\xdd\x2e\x61\x18\x1e\xa3\x25\x61\x5a\xa9\xfb\xdb\xe5\x74\x18\x82\xf3\x85\x44\x26\x22\x4b\xff\xa1\x5d\xec\x14\x64\x44\xe4\x00\x1f\x5f\x8f\x6f\x61\xc0\xce\xad\x81\x5b\xae\x2e\x81\x29\x9e\xb3\xa7\xa4\x9a\x66\x4e\xb0\x1e\x74\xc6\x38\xcb\xe7\x5e\x9d\x16\x9a\x6e\x75\x07\xfb\xad\x9b\x36\xb9\x2a\x09\xa2\x4b\xea\xc7\x7e\x10\x63\x6a\x25\xaa\x20\xd0\x1d\xd3\x7b\x26\xff\xa9\x9e\x8b\xfa\x8f\x15\xb4\xc1\x9d\xca\xdc\xd9\xbe\x38\x3a\x11\xc7\x32\x71\x7e\x1d\xcb\x29\x68\xe8\x66\x9d\x08\x4a\xa1\x5d\x72\x69\xc1\x1c\x01\x1e\xb2\xb1\x39\x03\x98\x76\x6e\xce\xb6\x37\x8d\xf5\x8f\x0e\x79\x6e\xb4\x7a\xc5\xeb\x1c\xf5\x3b\x2c\x6b\x4b\x61\xd4\x0c\x0b\x4c\x00\x5d\x0a\xb8\x23\x84\xc4\x5a\xae\x49\x96\x99\xbc\x54\x26\x3e\xef\xc2\x9e\xd4\x03\xd3\x0b\x72\x68\x24\x25\x9e\x6c\x6e\xa2\x4c\x7b\x85\x60\xb8\x5b\xaa\x91\xab\xf3\x9e\xe1\xfb\xa0\xa5\xdc\xb5\xa8\x3d\xb8\xc8\x62\xc8\x83\xbd\xac\x30\x68\x4a\xb2\x89\x8a\x39\x1d\xd6\xff\x6f\x8b\x85\x1e\xbe\x75\x25\x73\xbd\x19\x95\xc8\x7b\xa3\xc6\xab\xf0\x39\x4d\xdc\x6f\x05\xed\x36\x0c\xec\xfa\x35\xae\xd4\xcf\xa3\x20\x1f\x55\x66\x62\x05\xf7\x07\xd0\x9f\x8f\xba\xa2\xc8\x8f\x7f\xf9\xb0\x6e\xf2\xdf\xa1\x70\x0f\x7b\x70\x26\xa3\xfd\x26\x95\x74\xeb\x22\xfe\x9a\x8f\x6a\x64\xdf\xea\x6e\x77\x9c\xb0\xa2\x81\xdb\x25\x93\xf2\xba\x8e\xa3\xda\x2b\x53\xce\xad\x01\xdb\xc4\x2f\x53\xee\x87\x1b\xa9\x57\xdb\xf5\xc9\xfc\x25\x64\x1f\x11\xbf\x27\x9b\x43\xdf\x39\x16\xf7\x43\x72\x96\x3d\xe3\x2a\xa0\x52\x8b\x51\x1c\xc0\xc4\xd8\x29\x53\xac\xd9\x5f\x2d\xf8\x49\x35\xb6\x09\xf1\xaf\x30\xc3\x52\x76\xa3\xfa\xbf\x5d\x2c\xa7\xc9\x81\x43\x63\xca\xb1\xb4\x8b\x7b\x9a\x96\xf9\x45\xe3\xd2\x41\x91\xb7\x0b\x5f\x03\xd0\xc4\xae\x30\xb1\x5e\x2f\x82\xca\x31\x8e\x8c\x9a\x5b\x2a\x22\x19\x96\x7a\x13\xbe\xfa\xce\xeb\x25\x10\x88\x67\x1f\x3d\x74\x7d\xa7\x2e\x52\xc9\xa2\x2e\x7a\xee\xbc\xc7\x7e\x1a\x02\x4e\xb6\x6a\xb0\x9e\xf0\x1a\x3a\xae\x32\x9a\xbf\x00\x35\xd1\xcf\x27\x91\x1d\x86\x76\xa9\x84\x31\x76\x5a\x11\x75\x3a\x57\x71\x95\x8d\xfc\xbb\x59\x84\x69\x71\xd2\xe2\xcf\x02\xd0\xc0\xe5\xa5\x50\xea\x98\xb9\x3e\x36\x7f\xe7\x3f\x1b\xd3\x0a\x09\xb1\x15\x20\x62\x31\x43\x60\x9d\x0c\x2f\xa3\xc8\xaa\x37\x6f\x44\x0a\xd2\x96\x3f\xbe\xb6\x67\x15\x09\xa7\x99\xa8\x52\x8c\xe0\x87\xab\xaf\x19\x96\x62\xb1\x10\x31\x42\x81\x7c\x17\x6a\x4e\x04\xb1\x5b\xc6\xd4\x73\xb4\x83\xd9\x41\x71\x76\xe0\xe2\x30\x91\x93\x8a\xc2\xfb\x9b\xa6\x16\xc7\x9c\x06\x99\xa0\x56\x8d\x22\xd6\x33\x62\xca\xa0\x6a\xdd\x24\x23\xcb\x71\x89\x5a\x18\x21\xdf\xab\x31\x78\x11\xc2\x75\x2b\x28\x4d\x9d\x55\xfc\x5c\xfd\xdc\x3c\x59\x9e\x1b\x91\x18\xc9\x9f\xb8\xd4\x7f\xd7\x61\xe6\xe7\x24\x29\xf5\x09\xc6\x74\x91\x3d\x2d\x36\xd5\x69\x80\x1f\x92\x84\x21\x24\x24\x55\x6e\x8c\xae\xd1\x68\x34\xeb\x07\x64\x17\x02\x3c\x99\x0e\x5d\x31\x10\xcb\x31\xde\xa8\x52\x79\xd4\x0b\xcc\x71\x4a\x67\x6a\x89\x39\x25\x15\x1b\x55\x0a\xab\xbe\x95\x48\xc4\xb7\x4b\x30\x91\x75\xf4\xea\xcf\xaf\x14\x61\xae\x52\x29\x3e\x44\xf9\x2f\xa2\x60\x67\xb5\x00\x84\xf9\xef\x98\x20\x19\xe0\xd3\x98\x05\x8d\x23\x84\x4f\x90\x0c\x28\xc1\x52\xd3\xee\xda\x42\x57\x8a\x0f\x1f\xf3\x00\x2c\x92\x9e\x6b\xca\x65\xeb\x03\x41\x77\x81\x44\xa1\x5e\xac\xfe\x4e\x1a\x63\xa4\xcd\xf1\xf2\x50\x48\xa2\x72\x61\xba\x43\x42\xee\x65\x69\xa3\xc6\x05\x3b\x5e\x52\xf4\xe1\x34\xa1\xe0\x3a\x15\x30\xcf\x5c\x0e\xb1\x78\x75\xe3\xba\x44\x16\x20\x71\xb4\x39\x45\x9b\xf1\x6e\xdb\x28\x50\x8b\xce\x3e\x9f\x69\xd8\x93\x0b\x05\x39\xc3\x9b\xb7\x4e\x63\xe4\x51\x0e\x91\x8b\x83\x49\xcc\xf6\x95\x9e\x57\x55\x05\x50\xa3\x57\xc3\x16\x49\xdd\x72\x8c\x3f\xe7\x7d\xc6\x92\x0f\x0d\x3f\x4e\xc5\xd6\x19\xb2\xf4\xc6\xeb\x90\xdf\xc1\x7b\x26\xd6\xb3\x01\x17\xa0\x7c\x18\xf4\xb7\xcc\x96\x05\x6a\x4f\xdc\x7d\xac\x68\x19\x8c\xb8\xbc\xc6\xc6\x4d\x49\x6a\xfa\x60\x81\x76\x8e\x8d\xd4\xf4\x35\xeb\x2e\xed\xd0\xb7\xb0\x8f\x14\x11\x4c\x13\xc4\xff\x50\xa9\x3d\x39\xaf\xac\x2d\x63\x3e\xf6\xeb\x33\xac\x93\x74\x04\x26\x2e\x35\x2f\x50\xf0\x67\x79\x15\x18\xea\x05\x88\x41\xab\xdd\x1f\x77\x09\x40\xbc\xa8\x96\xfd\xdb\x55\x0c\x9c\xe0\x9e\xdc\x6b\xd5\x22\xe3\x18\xe5\xca\x6b\xa0\x02\x59\x02\x97\x70\xd2\x9d\x1f\xc4\xe2\xa7\x4d\x7b\x33\xfb\xea\xca\x94\x5e\x14\x9f\x24\x1c\xc9\x33\x62\x4d\xba\x79\x5d\x33\xf2\xab\x07\x06\xbb\xc1\x7e\x23\x83\xf6\xc3\x2d\xf7\x65\xc1\x16\x26\x5b\x0e\xfb\x58\x5f\x58\x7b\xe9\x73\x2b\xeb\x0b\xed\x2e\x67\xce\xf0\xd1\xc4\x2b", 4096); *(uint64_t*)0x200010c8 = 0x20001000; *(uint32_t*)0x20001000 = 0; *(uint32_t*)0x20001004 = 0; *(uint32_t*)0x20001008 = 0; *(uint64_t*)0x200010d0 = 0x20001040; *(uint64_t*)0x200010d8 = 0x20001080; *(uint32_t*)0x200010e0 = 0x1000; *(uint32_t*)0x200010e4 = 3; *(uint32_t*)0x200010e8 = 8; *(uint32_t*)0x200010ec = 3; inject_fault(1); res = -1; res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); if (res == ZX_OK) { r[0] = *(uint32_t*)0x20001080; r[1] = *(uint32_t*)0x20001084; r[2] = *(uint32_t*)0x20001088; } break; case 1: *(uint64_t*)0x20011240 = 0x20001180; *(uint32_t*)0x20001180 = 0; memset((void*)0x20001184, 0, 3); *(uint8_t*)0x20001187 = 1; *(uint64_t*)0x20001188 = 0x3862fcb900000000; *(uint32_t*)0x20001190 = 0; *(uint64_t*)0x20011248 = 0x200011c0; *(uint32_t*)0x200011c0 = 0; *(uint64_t*)0x20011250 = 0x20001200; *(uint64_t*)0x20011258 = 0x20011200; *(uint32_t*)0x20011260 = 0x14; *(uint32_t*)0x20011264 = 1; *(uint32_t*)0x20011268 = 0x10000; *(uint32_t*)0x2001126c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20011240, /*actual_bytes=*/0x20011280, /*actual_handles=*/0x200112c0); break; case 2: res = -1; res = syz_thread_self(); { int i; for(i = 0; i < 4; i++) { syz_thread_self(); } } if ((int)res != -1) r[3] = res; break; case 3: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); break; case 4: *(uint64_t*)0x20021400 = 0x20011340; *(uint32_t*)0x20011340 = 0; memset((void*)0x20011344, 0, 3); *(uint8_t*)0x20011347 = 1; *(uint64_t*)0x20011348 = 0x2cbadb1900000000; *(uint64_t*)0x20011350 = 0x80000000; *(uint64_t*)0x20011358 = -1; memset((void*)0x20011360, 0, 1); *(uint64_t*)0x20021408 = 0x20011380; *(uint64_t*)0x20021410 = 0x200113c0; *(uint64_t*)0x20021418 = 0x200213c0; *(uint32_t*)0x20021420 = 0x28; *(uint32_t*)0x20021424 = 0; *(uint32_t*)0x20021428 = 0x10000; *(uint32_t*)0x2002142c = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/0, /*options=*/0, /*deadline=*/0x7fffffffffffffff, /*args=*/0x20021400, /*actual_bytes=*/0x20021440, /*actual_handles=*/0x20021480); break; case 5: res = -1; res = ((intptr_t(*)(intptr_t))CAST(zx_deadline_after))(/*nanoseconds=*/-1); if (res == ZX_OK) r[4] = res; break; case 6: *(uint64_t*)0x20031580 = 0x200214c0; *(uint32_t*)0x200214c0 = 0; memset((void*)0x200214c4, 0, 3); *(uint8_t*)0x200214c7 = 1; *(uint64_t*)0x200214c8 = 0x135d628d00000000; *(uint32_t*)0x200214d0 = 7; *(uint32_t*)0x200214d4 = 5; *(uint64_t*)0x20031588 = 0x20021500; *(uint64_t*)0x20031590 = 0x20021540; *(uint64_t*)0x20031598 = 0x20031540; *(uint32_t*)0x200315a0 = 0x18; *(uint32_t*)0x200315a4 = 0; *(uint32_t*)0x200315a8 = 0x10000; *(uint32_t*)0x200315ac = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[0], /*options=*/0, /*deadline=*/r[4], /*args=*/0x20031580, /*actual_bytes=*/0x200315c0, /*actual_handles=*/0x20031600); break; case 7: ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_interrupt))(/*handle=*/r[1], /*vector=*/2); break; case 8: *(uint32_t*)0x20031640 = 0; memset((void*)0x20031644, 0, 3); *(uint8_t*)0x20031647 = 1; *(uint64_t*)0x20031648 = 0x208bcc9d00000000; *(uint64_t*)0x20031650 = 0x81; *(uint64_t*)0x20031658 = -1; memcpy((void*)0x20031660, "\xa5\x7c\x37\xf0\xaa\x5a\x79\x3d\x04\xcf\x12\x74\xe7\xe2\xc4\x9a\x49\xf9\xb0\x90\xd2\xdf\x74\x7c\x16\xd5\x3d\x3c\xf3\xc0\x0a\x94\xe6\x32\x4a\xb3\x20\x45\x1b\x9f\xd5\x21\x21\xec\x87\xb8\x94\xf7\xf2\x8d\x50\x90\x78\xb5\xaf\x1e\x03\x4f\xe2\x97\x9b\xad\xae", 63); ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_write))(/*handle=*/r[0], /*options=*/0, /*bytes=*/0x20031640, /*num_bytes=*/0x5f, /*handles=*/0x200316c0, /*num_handles=*/0); break; case 9: *(uint64_t*)0x200417c0 = 0x20031700; *(uint32_t*)0x20031700 = 0; memset((void*)0x20031704, 0, 3); *(uint8_t*)0x20031707 = 1; *(uint64_t*)0x20031708 = 0x62423faa00000000; *(uint64_t*)0x200417c8 = 0x20031740; *(uint64_t*)0x200417d0 = 0x20031780; *(uint64_t*)0x200417d8 = 0x20041780; *(uint32_t*)0x200417e0 = 0x10; *(uint32_t*)0x200417e4 = 0; *(uint32_t*)0x200417e8 = 0x10000; *(uint32_t*)0x200417ec = 0; ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call))(/*handle=*/r[2], /*options=*/0, /*deadline=*/r[4], /*args=*/0x200417c0, /*actual_bytes=*/0x20041800, /*actual_handles=*/0x20041840); break; case 10: memcpy((void*)0x20000000, "\xc4\xc1\xad\xe0\xa5\xb9\xa6\x63\x67\xc4\x62\x01\x3b\x6b\x0f\x0f\x76\xb7\xb7\x00\x00\x00\x98\xc4\xa2\x29\x2d\x12\x0f\x0f\x0b\xa0\x3e\x45\x0f\xd1\xec\x0f\x29\x26\xc4\x61\x9f\x7c\x53\x1a\x66\x0f\x3a\xdf\x39\x00", 52); syz_execute_func(/*text=*/0x20000000); break; case 11: syz_future_time(/*when=*/0); break; case 12: syz_job_default(); break; case 13: syz_mmap(/*addr=*/0x20ff9000, /*len=*/0x4000); break; case 14: syz_process_self(); break; case 15: syz_thread_self(); break; case 16: syz_vmar_root_self(); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :280:81: error: use of undeclared identifier 'zx_channel_call_etc' res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(zx_channel_call_etc))(/*handle=*/0, /*options=*/0x91, /*deadline=*/0, /*args=*/0x200010c0, /*actual_bytes=*/0x20001100, /*actual_handles=*/0x20001140); ^ :317:39: error: use of undeclared identifier 'zx_vcpu_enter' ((intptr_t(*)(intptr_t,intptr_t))CAST(zx_vcpu_enter))(/*handle=*/r[3], /*packet=*/0x20011300); ^ 2 errors generated. compiler invocation: /syzkaller/shared/fuchsia/prebuilt/third_party/clang/linux-x64/bin/clang [-o /tmp/syz-executor2794725245 -DGOOS_fuchsia=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -Wno-deprecated -target x86_64-fuchsia -ldriver -lfdio -lzircon --sysroot /syzkaller/shared/fuchsia/out/x64/zircon_toolchain/obj/zircon/public/sysroot/sysroot -I /syzkaller/shared/fuchsia/sdk/lib/fdio/include -I /syzkaller/shared/fuchsia/zircon/system/ulib/fidl/include -I /syzkaller/shared/fuchsia/src/lib/ddk/include -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.device.manager -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.nand -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.power.statecontrol -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/sdk/fidl/fuchsia.hardware.usb.peripheral -I /syzkaller/shared/fuchsia/out/x64/fidling/gen/zircon/vdso/zx -L /syzkaller/shared/fuchsia/out/x64/x64-shared -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-command-line-argument] --- FAIL: TestGenerate/fuchsia/amd64/4 (0.61s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/10 (1.82s) csource_test.go:148: --- FAIL: TestGenerate/fuchsia/amd64/12 (1.98s) csource_test.go:148: FAIL FAIL github.com/google/syzkaller/pkg/csource 53.879s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ok github.com/google/syzkaller/pkg/email/lore (cached) ok github.com/google/syzkaller/pkg/host 34.805s ok github.com/google/syzkaller/pkg/html (cached) ok github.com/google/syzkaller/pkg/ifuzz (cached) ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance 4.084s ok github.com/google/syzkaller/pkg/ipc 61.932s ok github.com/google/syzkaller/pkg/kconfig 0.729s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig 2.789s ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report 40.104s ok github.com/google/syzkaller/pkg/repro 2.790s ok github.com/google/syzkaller/pkg/runtest 87.155s ok github.com/google/syzkaller/pkg/serializer (cached) ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/subsystem/linux (cached) ok github.com/google/syzkaller/pkg/subsystem/lists (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog 15.808s ok github.com/google/syzkaller/prog/test 2.591s ok github.com/google/syzkaller/sys/linux (cached) ok github.com/google/syzkaller/sys/netbsd (cached) ok github.com/google/syzkaller/sys/openbsd (cached) ok github.com/google/syzkaller/syz-ci 10.717s ok github.com/google/syzkaller/syz-fuzzer 0.275s ok github.com/google/syzkaller/syz-hub 0.020s ok github.com/google/syzkaller/syz-hub/state 10.562s ok github.com/google/syzkaller/syz-manager 14.191s ok github.com/google/syzkaller/syz-verifier 12.357s ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/parser 0.009s ok github.com/google/syzkaller/tools/syz-trace2syz/proggen 2.833s ok github.com/google/syzkaller/vm 20.403s ok github.com/google/syzkaller/vm/isolated 11.772s ok github.com/google/syzkaller/vm/proxyapp 15.251s ok github.com/google/syzkaller/vm/vmimpl 12.264s FAIL