Merge "Refactor off COW header v3" into main
diff --git a/bootstat/bootstat.cpp b/bootstat/bootstat.cpp
index 3b8866e..2d55e5a 100644
--- a/bootstat/bootstat.cpp
+++ b/bootstat/bootstat.cpp
@@ -461,6 +461,14 @@
     {"reboot,smpl_timeout,pmic,main", 229},
     {"reboot,ota,.*", 230},
     {"reboot,periodic,.*", 231},
+    {"reboot,early,abl", 232},
+    {"reboot,early,bl2", 233},
+    {"reboot,longkey,pmic_cold", 234},
+    {"reboot,longkey,master_dc", 235},
+    {"reboot,ocp2,pmic,if", 236},
+    {"reboot,ocp,pmic,if", 237},
+    {"reboot,fship", 238},
+    {"reboot,ocp,.*", 239},
 };
 
 // Converts a string value representing the reason the system booted to an
diff --git a/debuggerd/common/include/dump_type.h b/debuggerd/common/include/dump_type.h
index a3e171b..82ef7b6 100644
--- a/debuggerd/common/include/dump_type.h
+++ b/debuggerd/common/include/dump_type.h
@@ -28,26 +28,24 @@
   kDebuggerdTombstoneProto,
 };
 
-inline std::ostream& operator<<(std::ostream& stream, const DebuggerdDumpType& rhs) {
-  switch (rhs) {
+inline const char* get_dump_type_name(const DebuggerdDumpType& dump_type) {
+  switch (dump_type) {
     case kDebuggerdNativeBacktrace:
-      stream << "kDebuggerdNativeBacktrace";
-      break;
+      return "kDebuggerdNativeBacktrace";
     case kDebuggerdTombstone:
-      stream << "kDebuggerdTombstone";
-      break;
+      return "kDebuggerdTombstone";
     case kDebuggerdJavaBacktrace:
-      stream << "kDebuggerdJavaBacktrace";
-      break;
+      return "kDebuggerdJavaBacktrace";
     case kDebuggerdAnyIntercept:
-      stream << "kDebuggerdAnyIntercept";
-      break;
+      return "kDebuggerdAnyIntercept";
     case kDebuggerdTombstoneProto:
-      stream << "kDebuggerdTombstoneProto";
-      break;
+      return "kDebuggerdTombstoneProto";
     default:
-      stream << "[unknown]";
+      return "[unknown]";
   }
+}
 
+inline std::ostream& operator<<(std::ostream& stream, const DebuggerdDumpType& rhs) {
+  stream << get_dump_type_name(rhs);
   return stream;
 }
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 19ff7eb..c3e1302 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -114,7 +114,7 @@
                R"(#\d\d pc [0-9a-f]+\s+ \S+ (\(offset 0x[0-9a-f]+\) )?\()" frame_name R"(\+)");
 
 static void tombstoned_intercept(pid_t target_pid, unique_fd* intercept_fd, unique_fd* output_fd,
-                                 InterceptStatus* status, DebuggerdDumpType intercept_type) {
+                                 InterceptResponse* response, DebuggerdDumpType intercept_type) {
   intercept_fd->reset(socket_local_client(kTombstonedInterceptSocketName,
                                           ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_SEQPACKET));
   if (intercept_fd->get() == -1) {
@@ -155,18 +155,15 @@
     FAIL() << "failed to send output fd to tombstoned: " << strerror(errno);
   }
 
-  InterceptResponse response;
-  rc = TEMP_FAILURE_RETRY(read(intercept_fd->get(), &response, sizeof(response)));
+  rc = TEMP_FAILURE_RETRY(read(intercept_fd->get(), response, sizeof(*response)));
   if (rc == -1) {
     FAIL() << "failed to read response from tombstoned: " << strerror(errno);
   } else if (rc == 0) {
     FAIL() << "failed to read response from tombstoned (EOF)";
-  } else if (rc != sizeof(response)) {
-    FAIL() << "received packet of unexpected length from tombstoned: expected " << sizeof(response)
+  } else if (rc != sizeof(*response)) {
+    FAIL() << "received packet of unexpected length from tombstoned: expected " << sizeof(*response)
            << ", received " << rc;
   }
-
-  *status = response.status;
 }
 
 static bool pac_supported() {
@@ -225,9 +222,10 @@
     FAIL() << "crasher hasn't been started";
   }
 
-  InterceptStatus status;
-  tombstoned_intercept(crasher_pid, &this->intercept_fd, output_fd, &status, intercept_type);
-  ASSERT_EQ(InterceptStatus::kRegistered, status);
+  InterceptResponse response = {};
+  tombstoned_intercept(crasher_pid, &this->intercept_fd, output_fd, &response, intercept_type);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
 }
 
 void CrasherTest::FinishIntercept(int* result) {
@@ -1744,9 +1742,10 @@
     pid_t pid = 123'456'789 + i;
 
     unique_fd intercept_fd, output_fd;
-    InterceptStatus status;
-    tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
-    ASSERT_EQ(InterceptStatus::kRegistered, status);
+    InterceptResponse response = {};
+    tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+    ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+        << "Error message: " << response.error_message;
 
     {
       unique_fd tombstoned_socket, input_fd;
@@ -1778,9 +1777,10 @@
       pid_t pid = pid_base + dump;
 
       unique_fd intercept_fd, output_fd;
-      InterceptStatus status;
-      tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
-      ASSERT_EQ(InterceptStatus::kRegistered, status);
+      InterceptResponse response = {};
+      tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+      ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+          << "Error messeage: " << response.error_message;
 
       // Pretend to crash, and then immediately close the socket.
       unique_fd sockfd(socket_local_client(kTombstonedCrashSocketName,
@@ -1811,9 +1811,10 @@
       pid_t pid = pid_base + dump;
 
       unique_fd intercept_fd, output_fd;
-      InterceptStatus status;
-      tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
-      ASSERT_EQ(InterceptStatus::kRegistered, status);
+      InterceptResponse response = {};
+      tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+      ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+          << "Error message: " << response.error_message;
 
       {
         unique_fd tombstoned_socket, input_fd;
@@ -1838,16 +1839,17 @@
   }
 }
 
-TEST(tombstoned, java_trace_intercept_smoke) {
+TEST(tombstoned, intercept_java_trace_smoke) {
   // Using a "real" PID is a little dangerous here - if the test fails
   // or crashes, we might end up getting a bogus / unreliable stack
   // trace.
   const pid_t self = getpid();
 
   unique_fd intercept_fd, output_fd;
-  InterceptStatus status;
-  tombstoned_intercept(self, &intercept_fd, &output_fd, &status, kDebuggerdJavaBacktrace);
-  ASSERT_EQ(InterceptStatus::kRegistered, status);
+  InterceptResponse response = {};
+  tombstoned_intercept(self, &intercept_fd, &output_fd, &response, kDebuggerdJavaBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
 
   // First connect to tombstoned requesting a native tombstone. This
   // should result in a "regular" FD and not the installed intercept.
@@ -1869,25 +1871,96 @@
   ASSERT_STREQ("java", outbuf);
 }
 
-TEST(tombstoned, multiple_intercepts) {
+TEST(tombstoned, intercept_multiple_dump_types) {
   const pid_t fake_pid = 1'234'567;
   unique_fd intercept_fd, output_fd;
-  InterceptStatus status;
-  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &status, kDebuggerdJavaBacktrace);
-  ASSERT_EQ(InterceptStatus::kRegistered, status);
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdJavaBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
 
   unique_fd intercept_fd_2, output_fd_2;
-  tombstoned_intercept(fake_pid, &intercept_fd_2, &output_fd_2, &status, kDebuggerdNativeBacktrace);
-  ASSERT_EQ(InterceptStatus::kFailedAlreadyRegistered, status);
+  tombstoned_intercept(fake_pid, &intercept_fd_2, &output_fd_2, &response,
+                       kDebuggerdNativeBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+}
+
+TEST(tombstoned, intercept_bad_pid) {
+  const pid_t fake_pid = -1;
+  unique_fd intercept_fd, output_fd;
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdNativeBacktrace);
+  ASSERT_EQ(InterceptStatus::kFailed, response.status)
+      << "Error message: " << response.error_message;
+  ASSERT_MATCH(response.error_message, "bad pid");
+}
+
+TEST(tombstoned, intercept_bad_dump_types) {
+  const pid_t fake_pid = 1'234'567;
+  unique_fd intercept_fd, output_fd;
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response,
+                       static_cast<DebuggerdDumpType>(20));
+  ASSERT_EQ(InterceptStatus::kFailed, response.status)
+      << "Error message: " << response.error_message;
+  ASSERT_MATCH(response.error_message, "bad dump type \\[unknown\\]");
+
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdAnyIntercept);
+  ASSERT_EQ(InterceptStatus::kFailed, response.status)
+      << "Error message: " << response.error_message;
+  ASSERT_MATCH(response.error_message, "bad dump type kDebuggerdAnyIntercept");
+
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstoneProto);
+  ASSERT_EQ(InterceptStatus::kFailed, response.status)
+      << "Error message: " << response.error_message;
+  ASSERT_MATCH(response.error_message, "bad dump type kDebuggerdTombstoneProto");
+}
+
+TEST(tombstoned, intercept_already_registered) {
+  const pid_t fake_pid = 1'234'567;
+  unique_fd intercept_fd1, output_fd1;
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdTombstone);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  unique_fd intercept_fd2, output_fd2;
+  tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdTombstone);
+  ASSERT_EQ(InterceptStatus::kFailedAlreadyRegistered, response.status)
+      << "Error message: " << response.error_message;
+  ASSERT_MATCH(response.error_message, "already registered, type kDebuggerdTombstone");
+}
+
+TEST(tombstoned, intercept_tombstone_proto_matched_to_tombstone) {
+  const pid_t fake_pid = 1'234'567;
+
+  unique_fd intercept_fd, output_fd;
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  const char data[] = "tombstone_proto";
+  unique_fd tombstoned_socket, input_fd;
+  ASSERT_TRUE(
+      tombstoned_connect(fake_pid, &tombstoned_socket, &input_fd, kDebuggerdTombstoneProto));
+  ASSERT_TRUE(android::base::WriteFully(input_fd.get(), data, sizeof(data)));
+  tombstoned_notify_completion(tombstoned_socket.get());
+
+  char outbuf[sizeof(data)];
+  ASSERT_TRUE(android::base::ReadFully(output_fd.get(), outbuf, sizeof(outbuf)));
+  ASSERT_STREQ("tombstone_proto", outbuf);
 }
 
 TEST(tombstoned, intercept_any) {
   const pid_t fake_pid = 1'234'567;
 
   unique_fd intercept_fd, output_fd;
-  InterceptStatus status;
-  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &status, kDebuggerdNativeBacktrace);
-  ASSERT_EQ(InterceptStatus::kRegistered, status);
+  InterceptResponse response = {};
+  tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdNativeBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
 
   const char any[] = "any";
   unique_fd tombstoned_socket, input_fd;
@@ -1900,6 +1973,77 @@
   ASSERT_STREQ("any", outbuf);
 }
 
+TEST(tombstoned, intercept_any_failed_with_multiple_intercepts) {
+  const pid_t fake_pid = 1'234'567;
+
+  InterceptResponse response = {};
+  unique_fd intercept_fd1, output_fd1;
+  tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdNativeBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  unique_fd intercept_fd2, output_fd2;
+  tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdJavaBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  unique_fd tombstoned_socket, input_fd;
+  ASSERT_FALSE(tombstoned_connect(fake_pid, &tombstoned_socket, &input_fd, kDebuggerdAnyIntercept));
+}
+
+TEST(tombstoned, intercept_multiple_verify_intercept) {
+  // Need to use our pid for java since that will verify the pid.
+  const pid_t fake_pid = getpid();
+
+  InterceptResponse response = {};
+  unique_fd intercept_fd1, output_fd1;
+  tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdNativeBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  unique_fd intercept_fd2, output_fd2;
+  tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdJavaBacktrace);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  unique_fd intercept_fd3, output_fd3;
+  tombstoned_intercept(fake_pid, &intercept_fd3, &output_fd3, &response, kDebuggerdTombstone);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
+
+  const char native_data[] = "native";
+  unique_fd tombstoned_socket1, input_fd1;
+  ASSERT_TRUE(
+      tombstoned_connect(fake_pid, &tombstoned_socket1, &input_fd1, kDebuggerdNativeBacktrace));
+  ASSERT_TRUE(android::base::WriteFully(input_fd1.get(), native_data, sizeof(native_data)));
+  tombstoned_notify_completion(tombstoned_socket1.get());
+
+  char native_outbuf[sizeof(native_data)];
+  ASSERT_TRUE(android::base::ReadFully(output_fd1.get(), native_outbuf, sizeof(native_outbuf)));
+  ASSERT_STREQ("native", native_outbuf);
+
+  const char java_data[] = "java";
+  unique_fd tombstoned_socket2, input_fd2;
+  ASSERT_TRUE(
+      tombstoned_connect(fake_pid, &tombstoned_socket2, &input_fd2, kDebuggerdJavaBacktrace));
+  ASSERT_TRUE(android::base::WriteFully(input_fd2.get(), java_data, sizeof(java_data)));
+  tombstoned_notify_completion(tombstoned_socket2.get());
+
+  char java_outbuf[sizeof(java_data)];
+  ASSERT_TRUE(android::base::ReadFully(output_fd2.get(), java_outbuf, sizeof(java_outbuf)));
+  ASSERT_STREQ("java", java_outbuf);
+
+  const char tomb_data[] = "tombstone";
+  unique_fd tombstoned_socket3, input_fd3;
+  ASSERT_TRUE(tombstoned_connect(fake_pid, &tombstoned_socket3, &input_fd3, kDebuggerdTombstone));
+  ASSERT_TRUE(android::base::WriteFully(input_fd3.get(), tomb_data, sizeof(tomb_data)));
+  tombstoned_notify_completion(tombstoned_socket3.get());
+
+  char tomb_outbuf[sizeof(tomb_data)];
+  ASSERT_TRUE(android::base::ReadFully(output_fd3.get(), tomb_outbuf, sizeof(tomb_outbuf)));
+  ASSERT_STREQ("tombstone", tomb_outbuf);
+}
+
 TEST(tombstoned, interceptless_backtrace) {
   // Generate 50 backtraces, and then check to see that we haven't created 50 new tombstones.
   auto get_tombstone_timestamps = []() -> std::map<int, time_t> {
@@ -2132,10 +2276,11 @@
 TEST(tombstoned, proto_intercept) {
   const pid_t self = getpid();
   unique_fd intercept_fd, output_fd;
-  InterceptStatus status;
 
-  tombstoned_intercept(self, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
-  ASSERT_EQ(InterceptStatus::kRegistered, status);
+  InterceptResponse response = {};
+  tombstoned_intercept(self, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+  ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+      << "Error message: " << response.error_message;
 
   unique_fd tombstoned_socket, text_fd, proto_fd;
   ASSERT_TRUE(
diff --git a/debuggerd/protocol.h b/debuggerd/protocol.h
index b60cf5b..212d6dc 100644
--- a/debuggerd/protocol.h
+++ b/debuggerd/protocol.h
@@ -65,7 +65,7 @@
 };
 
 enum class InterceptStatus : uint8_t {
-  // Returned when an intercept of a different type has already been
+  // Returned when an intercept of the same type has already been
   // registered (and is active) for a given PID.
   kFailedAlreadyRegistered,
   // Returned in all other failure cases.
diff --git a/debuggerd/tombstoned/intercept_manager.cpp b/debuggerd/tombstoned/intercept_manager.cpp
index 613e6f5..ac7b431 100644
--- a/debuggerd/tombstoned/intercept_manager.cpp
+++ b/debuggerd/tombstoned/intercept_manager.cpp
@@ -19,7 +19,10 @@
 #include <inttypes.h>
 #include <sys/types.h>
 
+#include <limits>
+#include <memory>
 #include <unordered_map>
+#include <utility>
 
 #include <event2/event.h>
 #include <event2/listener.h>
@@ -36,8 +39,7 @@
 using android::base::unique_fd;
 
 static void intercept_close_cb(evutil_socket_t sockfd, short event, void* arg) {
-  auto intercept = reinterpret_cast<Intercept*>(arg);
-  InterceptManager* intercept_manager = intercept->intercept_manager;
+  std::unique_ptr<Intercept> intercept(reinterpret_cast<Intercept*>(arg));
 
   CHECK_EQ(sockfd, intercept->sockfd.get());
 
@@ -46,131 +48,108 @@
 
   // Ownership of intercept differs based on whether we've registered it with InterceptManager.
   if (!intercept->registered) {
-    delete intercept;
-  } else {
-    auto it = intercept_manager->intercepts.find(intercept->intercept_pid);
-    if (it == intercept_manager->intercepts.end()) {
-      LOG(FATAL) << "intercept close callback called after intercept was already removed?";
-    }
-    if (it->second.get() != intercept) {
-      LOG(FATAL) << "intercept close callback has different Intercept from InterceptManager?";
-    }
-
-    const char* reason;
-    if ((event & EV_TIMEOUT) != 0) {
-      reason = "due to timeout";
-    } else {
-      reason = "due to input";
-    }
-
-    LOG(INFO) << "intercept for pid " << intercept->intercept_pid << " and type "
-              << intercept->dump_type << " terminated: " << reason;
-    intercept_manager->intercepts.erase(it);
+    LOG(WARNING) << "intercept for pid " << intercept->pid << " and type " << intercept->dump_type
+                 << " closed before being registered.";
+    return;
   }
+
+  const char* reason = (event & EV_TIMEOUT) ? "due to timeout" : "due to input";
+  LOG(INFO) << "intercept for pid " << intercept->pid << " and type " << intercept->dump_type
+            << " terminated: " << reason;
 }
 
-static bool is_intercept_request_valid(const InterceptRequest& request) {
-  if (request.pid <= 0 || request.pid > std::numeric_limits<pid_t>::max()) {
-    return false;
+void InterceptManager::Unregister(Intercept* intercept) {
+  CHECK(intercept->registered);
+  auto pid_entry = intercepts.find(intercept->pid);
+  if (pid_entry == intercepts.end()) {
+    LOG(FATAL) << "No intercepts found for pid " << intercept->pid;
+  }
+  auto& dump_type_hash = pid_entry->second;
+  auto dump_type_entry = dump_type_hash.find(intercept->dump_type);
+  if (dump_type_entry == dump_type_hash.end()) {
+    LOG(FATAL) << "Unknown intercept " << intercept->pid << " " << intercept->dump_type;
+  }
+  if (intercept != dump_type_entry->second) {
+    LOG(FATAL) << "Mismatch pointer trying to unregister intercept " << intercept->pid << " "
+               << intercept->dump_type;
   }
 
-  if (request.dump_type < 0 || request.dump_type > kDebuggerdJavaBacktrace) {
-    return false;
+  dump_type_hash.erase(dump_type_entry);
+  if (dump_type_hash.empty()) {
+    intercepts.erase(pid_entry);
   }
-
-  return true;
 }
 
 static void intercept_request_cb(evutil_socket_t sockfd, short ev, void* arg) {
-  auto intercept = reinterpret_cast<Intercept*>(arg);
+  std::unique_ptr<Intercept> intercept(reinterpret_cast<Intercept*>(arg));
   InterceptManager* intercept_manager = intercept->intercept_manager;
 
   CHECK_EQ(sockfd, intercept->sockfd.get());
 
   if ((ev & EV_TIMEOUT) != 0) {
     LOG(WARNING) << "tombstoned didn't receive InterceptRequest before timeout";
-    goto fail;
+    return;
   } else if ((ev & EV_READ) == 0) {
     LOG(WARNING) << "tombstoned received unexpected event on intercept socket";
-    goto fail;
+    return;
   }
 
-  {
-    unique_fd rcv_fd;
-    InterceptRequest intercept_request;
-    ssize_t result =
-        ReceiveFileDescriptors(sockfd, &intercept_request, sizeof(intercept_request), &rcv_fd);
+  unique_fd rcv_fd;
+  InterceptRequest intercept_request;
+  ssize_t result =
+      ReceiveFileDescriptors(sockfd, &intercept_request, sizeof(intercept_request), &rcv_fd);
 
-    if (result == -1) {
-      PLOG(WARNING) << "failed to read from intercept socket";
-      goto fail;
-    } else if (result != sizeof(intercept_request)) {
-      LOG(WARNING) << "intercept socket received short read of length " << result << " (expected "
-                   << sizeof(intercept_request) << ")";
-      goto fail;
-    }
-
-    // Move the received FD to the upper half, in order to more easily notice FD leaks.
-    int moved_fd = fcntl(rcv_fd.get(), F_DUPFD, 512);
-    if (moved_fd == -1) {
-      LOG(WARNING) << "failed to move received fd (" << rcv_fd.get() << ")";
-      goto fail;
-    }
-    rcv_fd.reset(moved_fd);
-
-    // We trust the other side, so only do minimal validity checking.
-    if (!is_intercept_request_valid(intercept_request)) {
-      InterceptResponse response = {};
-      response.status = InterceptStatus::kFailed;
-      snprintf(response.error_message, sizeof(response.error_message), "invalid intercept request");
-      TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
-      goto fail;
-    }
-
-    intercept->intercept_pid = intercept_request.pid;
-    intercept->dump_type = intercept_request.dump_type;
-
-    // Check if it's already registered.
-    if (intercept_manager->intercepts.count(intercept_request.pid) > 0) {
-      InterceptResponse response = {};
-      response.status = InterceptStatus::kFailedAlreadyRegistered;
-      snprintf(response.error_message, sizeof(response.error_message),
-               "pid %" PRId32 " already intercepted, type %d", intercept_request.pid,
-               intercept_request.dump_type);
-      TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
-      LOG(WARNING) << response.error_message;
-      goto fail;
-    }
-
-    // Let the other side know that the intercept has been registered, now that we know we can't
-    // fail. tombstoned is single threaded, so this isn't racy.
-    InterceptResponse response = {};
-    response.status = InterceptStatus::kRegistered;
-    if (TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response))) == -1) {
-      PLOG(WARNING) << "failed to notify interceptor of registration";
-      goto fail;
-    }
-
-    intercept->output_fd = std::move(rcv_fd);
-    intercept_manager->intercepts[intercept_request.pid] = std::unique_ptr<Intercept>(intercept);
-    intercept->registered = true;
-
-    LOG(INFO) << "registered intercept for pid " << intercept_request.pid << " and type "
-              << intercept_request.dump_type;
-
-    // Register a different read event on the socket so that we can remove intercepts if the socket
-    // closes (e.g. if a user CTRL-C's the process that requested the intercept).
-    event_assign(intercept->intercept_event, intercept_manager->base, sockfd, EV_READ | EV_TIMEOUT,
-                 intercept_close_cb, arg);
-
-    struct timeval timeout = {.tv_sec = 10 * android::base::HwTimeoutMultiplier(), .tv_usec = 0};
-    event_add(intercept->intercept_event, &timeout);
+  if (result == -1) {
+    PLOG(WARNING) << "failed to read from intercept socket";
+    return;
+  }
+  if (result != sizeof(intercept_request)) {
+    LOG(WARNING) << "intercept socket received short read of length " << result << " (expected "
+                 << sizeof(intercept_request) << ")";
+    return;
   }
 
-  return;
+  // Move the received FD to the upper half, in order to more easily notice FD leaks.
+  int moved_fd = fcntl(rcv_fd.get(), F_DUPFD, 512);
+  if (moved_fd == -1) {
+    LOG(WARNING) << "failed to move received fd (" << rcv_fd.get() << ")";
+    return;
+  }
+  rcv_fd.reset(moved_fd);
 
-fail:
-  delete intercept;
+  // See if we can properly register the intercept.
+  InterceptResponse response = {};
+  if (!intercept_manager->CanRegister(intercept_request, response)) {
+    TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
+    LOG(WARNING) << response.error_message;
+    return;
+  }
+
+  // Let the other side know that the intercept has been registered, now that we know we can't
+  // fail. tombstoned is single threaded, so this isn't racy.
+  response.status = InterceptStatus::kRegistered;
+  if (TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response))) == -1) {
+    PLOG(WARNING) << "failed to notify interceptor of registration";
+    return;
+  }
+
+  intercept->pid = intercept_request.pid;
+  intercept->dump_type = intercept_request.dump_type;
+  intercept->output_fd = std::move(rcv_fd);
+  intercept_manager->Register(intercept.get());
+
+  LOG(INFO) << "registered intercept for pid " << intercept_request.pid << " and type "
+            << intercept_request.dump_type;
+
+  // Register a different read event on the socket so that we can remove intercepts if the socket
+  // closes (e.g. if a user CTRL-C's the process that requested the intercept).
+  event_assign(intercept->intercept_event, intercept_manager->base, sockfd, EV_READ | EV_TIMEOUT,
+               intercept_close_cb, arg);
+
+  // If no request comes in, then this will close the intercept and free the pointer.
+  struct timeval timeout = {.tv_sec = 10 * android::base::HwTimeoutMultiplier(), .tv_usec = 0};
+  event_add(intercept->intercept_event, &timeout);
+  intercept.release();
 }
 
 static void intercept_accept_cb(evconnlistener* listener, evutil_socket_t sockfd, sockaddr*, int,
@@ -187,41 +166,97 @@
   event_add(intercept_event, &timeout);
 }
 
+Intercept::~Intercept() {
+  event_free(intercept_event);
+  if (registered) {
+    CHECK(intercept_manager != nullptr);
+    intercept_manager->Unregister(this);
+  }
+}
+
 InterceptManager::InterceptManager(event_base* base, int intercept_socket) : base(base) {
   this->listener = evconnlistener_new(base, intercept_accept_cb, this, LEV_OPT_CLOSE_ON_FREE,
                                       /* backlog */ -1, intercept_socket);
 }
 
-bool dump_types_compatible(DebuggerdDumpType interceptor, DebuggerdDumpType dump) {
-  if (interceptor == dump) {
-    return true;
+static DebuggerdDumpType canonical_dump_type(const DebuggerdDumpType dump_type) {
+  // kDebuggerdTombstone and kDebuggerdTombstoneProto should be treated as
+  // a single dump_type for intercepts (kDebuggerdTombstone).
+  if (dump_type == kDebuggerdTombstoneProto) {
+    return kDebuggerdTombstone;
   }
-
-  if (interceptor == kDebuggerdTombstone && dump == kDebuggerdTombstoneProto) {
-    return true;
-  }
-
-  return false;
+  return dump_type;
 }
 
-bool InterceptManager::GetIntercept(pid_t pid, DebuggerdDumpType dump_type,
-                                    android::base::unique_fd* out_fd) {
-  auto it = this->intercepts.find(pid);
-  if (it == this->intercepts.end()) {
+Intercept* InterceptManager::Get(const pid_t pid, const DebuggerdDumpType dump_type) {
+  auto pid_entry = intercepts.find(pid);
+  if (pid_entry == intercepts.end()) {
+    return nullptr;
+  }
+
+  const auto& dump_type_hash = pid_entry->second;
+  auto dump_type_entry = dump_type_hash.find(canonical_dump_type(dump_type));
+  if (dump_type_entry == dump_type_hash.end()) {
+    if (dump_type != kDebuggerdAnyIntercept) {
+      return nullptr;
+    }
+    // If doing a dump with an any intercept, only allow an any to match
+    // a single intercept. If there are multiple dump types with intercepts
+    // then there would be no way to figure out which to use.
+    if (dump_type_hash.size() != 1) {
+      LOG(WARNING) << "Cannot intercept using kDebuggerdAnyIntercept: there is more than one "
+                      "intercept registered for pid "
+                   << pid;
+      return nullptr;
+    }
+    dump_type_entry = dump_type_hash.begin();
+  }
+  return dump_type_entry->second;
+}
+
+bool InterceptManager::CanRegister(const InterceptRequest& request, InterceptResponse& response) {
+  if (request.pid <= 0 || request.pid > std::numeric_limits<pid_t>::max()) {
+    response.status = InterceptStatus::kFailed;
+    snprintf(response.error_message, sizeof(response.error_message),
+             "invalid intercept request: bad pid %" PRId32, request.pid);
+    return false;
+  }
+  if (request.dump_type < 0 || request.dump_type > kDebuggerdJavaBacktrace) {
+    response.status = InterceptStatus::kFailed;
+    snprintf(response.error_message, sizeof(response.error_message),
+             "invalid intercept request: bad dump type %s", get_dump_type_name(request.dump_type));
     return false;
   }
 
-  if (dump_type == kDebuggerdAnyIntercept) {
-    LOG(INFO) << "found registered intercept of type " << it->second->dump_type
-              << " for requested type kDebuggerdAnyIntercept";
-  } else if (!dump_types_compatible(it->second->dump_type, dump_type)) {
-    LOG(WARNING) << "found non-matching intercept of type " << it->second->dump_type
-                 << " for requested type: " << dump_type;
+  if (Get(request.pid, request.dump_type) != nullptr) {
+    response.status = InterceptStatus::kFailedAlreadyRegistered;
+    snprintf(response.error_message, sizeof(response.error_message),
+             "pid %" PRId32 " already registered, type %s", request.pid,
+             get_dump_type_name(request.dump_type));
     return false;
   }
 
-  auto intercept = std::move(it->second);
-  this->intercepts.erase(it);
+  return true;
+}
+
+void InterceptManager::Register(Intercept* intercept) {
+  CHECK(!intercept->registered);
+  auto& dump_type_hash = intercepts[intercept->pid];
+  dump_type_hash[canonical_dump_type(intercept->dump_type)] = intercept;
+  intercept->registered = true;
+}
+
+bool InterceptManager::FindIntercept(pid_t pid, DebuggerdDumpType dump_type,
+                                     android::base::unique_fd* out_fd) {
+  Intercept* intercept = Get(pid, dump_type);
+  if (intercept == nullptr) {
+    return false;
+  }
+
+  if (dump_type != intercept->dump_type) {
+    LOG(INFO) << "found registered intercept of type " << intercept->dump_type
+              << " for requested type " << dump_type;
+  }
 
   LOG(INFO) << "found intercept fd " << intercept->output_fd.get() << " for pid " << pid
             << " and type " << intercept->dump_type;
@@ -230,5 +265,8 @@
   TEMP_FAILURE_RETRY(write(intercept->sockfd, &response, sizeof(response)));
   *out_fd = std::move(intercept->output_fd);
 
+  // Delete the intercept data, which will unregister the intercept and remove the timeout event.
+  delete intercept;
+
   return true;
 }
diff --git a/debuggerd/tombstoned/intercept_manager.h b/debuggerd/tombstoned/intercept_manager.h
index a11d565..dc13aa9 100644
--- a/debuggerd/tombstoned/intercept_manager.h
+++ b/debuggerd/tombstoned/intercept_manager.h
@@ -28,17 +28,17 @@
 #include "dump_type.h"
 
 struct InterceptManager;
+struct InterceptRequest;
+struct InterceptResponse;
 
 struct Intercept {
-  ~Intercept() {
-    event_free(intercept_event);
-  }
+  ~Intercept();
 
   InterceptManager* intercept_manager = nullptr;
   event* intercept_event = nullptr;
   android::base::unique_fd sockfd;
 
-  pid_t intercept_pid = -1;
+  pid_t pid = -1;
   android::base::unique_fd output_fd;
   bool registered = false;
   DebuggerdDumpType dump_type = kDebuggerdNativeBacktrace;
@@ -46,12 +46,17 @@
 
 struct InterceptManager {
   event_base* base;
-  std::unordered_map<pid_t, std::unique_ptr<Intercept>> intercepts;
+  std::unordered_map<pid_t, std::unordered_map<DebuggerdDumpType, Intercept*>> intercepts;
   evconnlistener* listener = nullptr;
 
   InterceptManager(event_base* _Nonnull base, int intercept_socket);
   InterceptManager(InterceptManager& copy) = delete;
   InterceptManager(InterceptManager&& move) = delete;
 
-  bool GetIntercept(pid_t pid, DebuggerdDumpType dump_type, android::base::unique_fd* out_fd);
+  bool CanRegister(const InterceptRequest& request, InterceptResponse& response);
+  Intercept* Get(const pid_t pid, const DebuggerdDumpType dump_type);
+  void Register(Intercept* intercept);
+  void Unregister(Intercept* intercept);
+
+  bool FindIntercept(pid_t pid, DebuggerdDumpType dump_type, android::base::unique_fd* out_fd);
 };
diff --git a/debuggerd/tombstoned/tombstoned.cpp b/debuggerd/tombstoned/tombstoned.cpp
index 50558f7..cf7904f 100644
--- a/debuggerd/tombstoned/tombstoned.cpp
+++ b/debuggerd/tombstoned/tombstoned.cpp
@@ -283,9 +283,7 @@
 
 static void perform_request(std::unique_ptr<Crash> crash) {
   unique_fd output_fd;
-  bool intercepted =
-      intercept_manager->GetIntercept(crash->crash_pid, crash->crash_type, &output_fd);
-  if (intercepted) {
+  if (intercept_manager->FindIntercept(crash->crash_pid, crash->crash_type, &output_fd)) {
     if (crash->crash_type == kDebuggerdTombstoneProto) {
       crash->output.proto = CrashArtifact::devnull();
     }
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 56b90b9..ac2a20f 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -1053,8 +1053,10 @@
             return false;
         }
         sparse_file_destroy(s);
+        buf->file_type = FB_BUFFER_SPARSE;
     } else {
         buf->image_size = sz;
+        buf->file_type = FB_BUFFER_FD;
     }
 
     lseek(fd.get(), 0, SEEK_SET);
@@ -1191,6 +1193,15 @@
         should_flash_in_userspace(source, partition)) {
         return;
     }
+
+    // If the image is sparse, moving the footer will simply corrupt the sparse
+    // format, so currently we don't support moving the footer on sparse files.
+    if (buf->file_type == FB_BUFFER_SPARSE) {
+        LOG(ERROR) << "Warning: skip copying " << partition << " image avb footer due to sparse "
+                   << "image.";
+        return;
+    }
+
     // If overflows and negative, it should be < buf->sz.
     int64_t partition_size = static_cast<int64_t>(get_partition_size(partition));
 
diff --git a/fastboot/fastboot.h b/fastboot/fastboot.h
index 2c40890..6a49970 100644
--- a/fastboot/fastboot.h
+++ b/fastboot/fastboot.h
@@ -57,7 +57,8 @@
 };
 
 struct fastboot_buffer {
-    enum fb_buffer_type type;
+    fb_buffer_type type;
+    fb_buffer_type file_type;
     std::vector<SparsePtr> files;
     int64_t sz;
     unique_fd fd;
diff --git a/fs_mgr/fs_mgr_overlayfs_control.cpp b/fs_mgr/fs_mgr_overlayfs_control.cpp
index 2cc0d2d..50d8280 100644
--- a/fs_mgr/fs_mgr_overlayfs_control.cpp
+++ b/fs_mgr/fs_mgr_overlayfs_control.cpp
@@ -144,7 +144,8 @@
     if (fs_mgr_overlayfs_already_mounted(mount_point)) {
         return true;
     }
-    auto fsrec_mount_point = overlay + "/" + android::base::Basename(mount_point) + "/";
+    const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+    auto fsrec_mount_point = overlay + "/" + base + "/";
 
     AutoSetFsCreateCon createcon(kOverlayfsFileContext);
     if (!createcon.Ok()) {
@@ -286,10 +287,10 @@
     }
 
     auto cleanup_all = mount_point.empty();
-    const auto partition_name = android::base::Basename(mount_point);
-    const auto oldpath = top + (cleanup_all ? "" : ("/" + partition_name));
+    const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+    const auto oldpath = top + (cleanup_all ? "" : ("/" + base));
     const auto newpath = cleanup_all ? overlay + "/." + kOverlayTopDir + ".teardown"
-                                     : top + "/." + partition_name + ".teardown";
+                                     : top + "/." + base + ".teardown";
     auto ret = fs_mgr_rm_all(newpath);
     if (!rename(oldpath.c_str(), newpath.c_str())) {
         if (change) *change = true;
diff --git a/fs_mgr/fs_mgr_overlayfs_mount.cpp b/fs_mgr/fs_mgr_overlayfs_mount.cpp
index 9f17c06..ae7ed4c 100644
--- a/fs_mgr/fs_mgr_overlayfs_mount.cpp
+++ b/fs_mgr/fs_mgr_overlayfs_mount.cpp
@@ -60,6 +60,7 @@
 
 constexpr char kLowerdirOption[] = "lowerdir=";
 constexpr char kUpperdirOption[] = "upperdir=";
+constexpr char kWorkdirOption[] = "workdir=";
 
 bool fs_mgr_is_dsu_running() {
     // Since android::gsi::CanBootIntoGsi() or android::gsi::MarkSystemAsGsi() is
@@ -89,6 +90,14 @@
     return {kScratchMountPoint, kCacheMountPoint};
 }
 
+std::string GetEncodedBaseDirForMountPoint(const std::string& mount_point) {
+    std::string normalized_path;
+    if (mount_point.empty() || !android::base::Realpath(mount_point, &normalized_path)) {
+        return "";
+    }
+    return android::base::StringReplace(normalized_path, "/", "@", true);
+}
+
 static bool fs_mgr_is_dir(const std::string& path) {
     struct stat st;
     return !stat(path.c_str(), &st) && S_ISDIR(st.st_mode);
@@ -202,21 +211,6 @@
     return has_shared_blocks;
 }
 
-static std::string fs_mgr_get_overlayfs_candidate(const std::string& mount_point) {
-    if (!fs_mgr_is_dir(mount_point)) return "";
-    const auto base = android::base::Basename(mount_point) + "/";
-    for (const auto& overlay_mount_point : OverlayMountPoints()) {
-        auto dir = overlay_mount_point + "/" + kOverlayTopDir + "/" + base;
-        auto upper = dir + kUpperName;
-        if (!fs_mgr_is_dir(upper)) continue;
-        auto work = dir + kWorkName;
-        if (!fs_mgr_is_dir(work)) continue;
-        if (access(work.c_str(), R_OK | W_OK)) continue;
-        return dir;
-    }
-    return "";
-}
-
 const std::string fs_mgr_mount_point(const std::string& mount_point) {
     if ("/"s != mount_point) return mount_point;
     return "/system";
@@ -225,16 +219,30 @@
 // default options for mount_point, returns empty string for none available.
 static std::string fs_mgr_get_overlayfs_options(const FstabEntry& entry) {
     const auto mount_point = fs_mgr_mount_point(entry.mount_point);
-    auto candidate = fs_mgr_get_overlayfs_candidate(mount_point);
-    if (candidate.empty()) return "";
-    auto ret = kLowerdirOption + mount_point + "," + kUpperdirOption + candidate + kUpperName +
-               ",workdir=" + candidate + kWorkName + android::fs_mgr::CheckOverlayfs().mount_flags;
-    for (const auto& flag : android::base::Split(entry.fs_options, ",")) {
-        if (android::base::StartsWith(flag, "context=")) {
-            ret += "," + flag;
-        }
+    if (!fs_mgr_is_dir(mount_point)) {
+        return "";
     }
-    return ret;
+    const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+    if (base.empty()) {
+        return "";
+    }
+    for (const auto& overlay_mount_point : OverlayMountPoints()) {
+        const auto dir = overlay_mount_point + "/" + kOverlayTopDir + "/" + base + "/";
+        const auto upper = dir + kUpperName;
+        const auto work = dir + kWorkName;
+        if (!fs_mgr_is_dir(upper) || !fs_mgr_is_dir(work) || access(work.c_str(), R_OK | W_OK)) {
+            continue;
+        }
+        auto ret = kLowerdirOption + mount_point + "," + kUpperdirOption + upper + "," +
+                   kWorkdirOption + work + android::fs_mgr::CheckOverlayfs().mount_flags;
+        for (const auto& flag : android::base::Split(entry.fs_options, ",")) {
+            if (android::base::StartsWith(flag, "context=")) {
+                ret += "," + flag;
+            }
+        }
+        return ret;
+    }
+    return "";
 }
 
 bool AutoSetFsCreateCon::Set(const std::string& context) {
@@ -373,54 +381,86 @@
 
     auto retval = true;
 
-    struct move_entry {
+    struct MoveEntry {
         std::string mount_point;
         std::string dir;
         bool shared_flag;
     };
-    std::vector<move_entry> move;
+
+    std::vector<MoveEntry> moved_mounts;
     auto parent_private = false;
     auto parent_made_private = false;
     auto dev_private = false;
     auto dev_made_private = false;
-    for (auto& entry : ReadMountinfoFromFile("/proc/self/mountinfo")) {
+
+    // There could be multiple mount entries with the same mountpoint.
+    // Group these entries together with stable_sort, and keep only the last entry of a group.
+    // Only move mount the last entry in an over mount group, because the other entries are
+    // overshadowed and only the filesystem mounted with the last entry participates in file
+    // pathname resolution.
+    auto mountinfo = ReadMountinfoFromFile("/proc/self/mountinfo");
+    std::stable_sort(mountinfo.begin(), mountinfo.end(), [](const auto& lhs, const auto& rhs) {
+        return lhs.mount_point < rhs.mount_point;
+    });
+    std::reverse(mountinfo.begin(), mountinfo.end());
+    auto erase_from = std::unique(
+            mountinfo.begin(), mountinfo.end(),
+            [](const auto& lhs, const auto& rhs) { return lhs.mount_point == rhs.mount_point; });
+    mountinfo.erase(erase_from, mountinfo.end());
+    std::reverse(mountinfo.begin(), mountinfo.end());
+    // mountinfo is reversed twice, so still is in lexical sorted order.
+
+    for (const auto& entry : mountinfo) {
         if ((entry.mount_point == mount_point) && !entry.shared_flag) {
             parent_private = true;
         }
         if ((entry.mount_point == "/dev") && !entry.shared_flag) {
             dev_private = true;
         }
+    }
 
+    // Need to make the original mountpoint MS_PRIVATE, so that the overlayfs can be MS_MOVE.
+    // This could happen if its parent mount is remounted later.
+    if (!parent_private) {
+        parent_made_private = fs_mgr_overlayfs_set_shared_mount(mount_point, false);
+    }
+
+    for (const auto& entry : mountinfo) {
+        // Find all immediate submounts.
         if (!android::base::StartsWith(entry.mount_point, mount_point + "/")) {
             continue;
         }
-        if (std::find_if(move.begin(), move.end(), [&entry](const auto& it) {
-                return android::base::StartsWith(entry.mount_point, it.mount_point + "/");
-            }) != move.end()) {
+        // Exclude duplicated or more specific entries.
+        if (std::find_if(moved_mounts.begin(), moved_mounts.end(), [&entry](const auto& it) {
+                return it.mount_point == entry.mount_point ||
+                       android::base::StartsWith(entry.mount_point, it.mount_point + "/");
+            }) != moved_mounts.end()) {
             continue;
         }
+        // mountinfo is in lexical order, so no need to worry about |entry| being a parent mount of
+        // entries of |moved_mounts|.
 
         // use as the bound directory in /dev.
-        AutoSetFsCreateCon createcon;
-        auto new_context = fs_mgr_get_context(entry.mount_point);
-        if (new_context.empty() || !createcon.Set(new_context)) {
-            continue;
-        }
-        move_entry new_entry = {std::move(entry.mount_point), "/dev/TemporaryDir-XXXXXX",
-                                entry.shared_flag};
-        const auto target = mkdtemp(new_entry.dir.data());
-        if (!createcon.Restore()) {
-            return false;
-        }
-        if (!target) {
-            retval = false;
-            PERROR << "temporary directory for MS_BIND";
-            continue;
+        MoveEntry new_entry{entry.mount_point, "/dev/TemporaryDir-XXXXXX", entry.shared_flag};
+        {
+            AutoSetFsCreateCon createcon;
+            auto new_context = fs_mgr_get_context(entry.mount_point);
+            if (new_context.empty() || !createcon.Set(new_context)) {
+                continue;
+            }
+            const auto target = mkdtemp(new_entry.dir.data());
+            if (!target) {
+                retval = false;
+                PERROR << "temporary directory for MS_MOVE";
+                continue;
+            }
+            if (!createcon.Restore()) {
+                retval = false;
+                rmdir(new_entry.dir.c_str());
+                continue;
+            }
         }
 
-        if (!parent_private && !parent_made_private) {
-            parent_made_private = fs_mgr_overlayfs_set_shared_mount(mount_point, false);
-        }
         if (new_entry.shared_flag) {
             new_entry.shared_flag = fs_mgr_overlayfs_set_shared_mount(new_entry.mount_point, false);
         }
@@ -429,9 +469,10 @@
             if (new_entry.shared_flag) {
                 fs_mgr_overlayfs_set_shared_mount(new_entry.mount_point, true);
             }
+            rmdir(new_entry.dir.c_str());
             continue;
         }
-        move.emplace_back(std::move(new_entry));
+        moved_mounts.push_back(std::move(new_entry));
     }
 
     // hijack __mount() report format to help triage
@@ -455,7 +496,7 @@
     }
 
     // Move submounts back.
-    for (const auto& entry : move) {
+    for (const auto& entry : moved_mounts) {
         if (!dev_private && !dev_made_private) {
             dev_made_private = fs_mgr_overlayfs_set_shared_mount("/dev", false);
         }
@@ -650,22 +691,13 @@
             !fs_mgr_wants_overlayfs(&new_entry)) {
             continue;
         }
-        auto new_mount_point = fs_mgr_mount_point(entry.mount_point);
-        auto duplicate_or_more_specific = false;
-        for (auto it = candidates.begin(); it != candidates.end();) {
-            auto it_mount_point = fs_mgr_mount_point(it->mount_point);
-            if ((it_mount_point == new_mount_point) ||
-                (android::base::StartsWith(new_mount_point, it_mount_point + "/"))) {
-                duplicate_or_more_specific = true;
-                break;
-            }
-            if (android::base::StartsWith(it_mount_point, new_mount_point + "/")) {
-                it = candidates.erase(it);
-            } else {
-                ++it;
-            }
+        const auto new_mount_point = fs_mgr_mount_point(new_entry.mount_point);
+        if (std::find_if(candidates.begin(), candidates.end(), [&](const auto& it) {
+                return fs_mgr_mount_point(it.mount_point) == new_mount_point;
+            }) != candidates.end()) {
+            continue;
         }
-        if (!duplicate_or_more_specific) candidates.emplace_back(std::move(new_entry));
+        candidates.push_back(std::move(new_entry));
     }
     return candidates;
 }
@@ -699,7 +731,7 @@
         return false;
     }
     auto ret = true;
-    auto scratch_can_be_mounted = true;
+    auto scratch_can_be_mounted = !fs_mgr_overlayfs_already_mounted(kScratchMountPoint, false);
     for (const auto& entry : fs_mgr_overlayfs_candidate_list(*fstab)) {
         if (fs_mgr_is_verity_enabled(entry)) continue;
         auto mount_point = fs_mgr_mount_point(entry.mount_point);
diff --git a/fs_mgr/fs_mgr_overlayfs_mount.h b/fs_mgr/fs_mgr_overlayfs_mount.h
index f0afac1..98b9007 100644
--- a/fs_mgr/fs_mgr_overlayfs_mount.h
+++ b/fs_mgr/fs_mgr_overlayfs_mount.h
@@ -58,3 +58,4 @@
 bool fs_mgr_overlayfs_already_mounted(const std::string& mount_point, bool overlay_only = true);
 bool fs_mgr_wants_overlayfs(android::fs_mgr::FstabEntry* entry);
 android::fs_mgr::Fstab fs_mgr_overlayfs_candidate_list(const android::fs_mgr::Fstab& fstab);
+std::string GetEncodedBaseDirForMountPoint(const std::string& mount_point);
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 4b3a5d3..18892f9 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -88,17 +88,6 @@
     return entry.mount_point;
 }
 
-const FstabEntry* GetWrappedEntry(const Fstab& overlayfs_candidates, const FstabEntry& entry) {
-    auto mount_point = system_mount_point(entry);
-    auto it = std::find_if(overlayfs_candidates.begin(), overlayfs_candidates.end(),
-                           [&mount_point](const auto& entry) {
-                               return android::base::StartsWith(mount_point,
-                                                                system_mount_point(entry) + "/");
-                           });
-    if (it == overlayfs_candidates.end()) return nullptr;
-    return &(*it);
-}
-
 class MyLogger {
   public:
     explicit MyLogger(bool verbose) : verbose_(verbose) {}
@@ -196,9 +185,6 @@
     if (auto candidate_entry = GetEntryForMountPoint(&candidates, entry.mount_point)) {
         return candidate_entry->fs_type == entry.fs_type;
     }
-    if (GetWrappedEntry(candidates, entry)) {
-        return false;
-    }
     return true;
 }
 
@@ -252,11 +238,6 @@
         }
 
         const FstabEntry* entry = &*it;
-        if (auto wrap = GetWrappedEntry(candidates, *entry); wrap != nullptr) {
-            LOG(INFO) << "partition " << arg << " covered by overlayfs for " << wrap->mount_point
-                      << ", switching";
-            entry = wrap;
-        }
 
         // If it's already remounted, include it so it gets gracefully skipped
         // later on.
diff --git a/fs_mgr/liblp/Android.bp b/fs_mgr/liblp/Android.bp
index 996ffd7..24eebdf 100644
--- a/fs_mgr/liblp/Android.bp
+++ b/fs_mgr/liblp/Android.bp
@@ -93,8 +93,8 @@
     srcs: [
         "builder_test.cpp",
         "super_layout_builder_test.cpp",
-        "test_partition_opener.cpp",
         "utility_test.cpp",
+        ":TestPartitionOpener_group",
     ],
 }
 
@@ -122,3 +122,8 @@
     name: "vts_kernel_liblp_test",
     defaults: ["liblp_test_defaults"],
 }
+
+filegroup {
+   name: "TestPartitionOpener_group",
+   srcs: [ "test_partition_opener.cpp"],
+}
diff --git a/fs_mgr/liblp/fuzzer/Android.bp b/fs_mgr/liblp/fuzzer/Android.bp
new file mode 100644
index 0000000..a9e3509
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/Android.bp
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+cc_defaults {
+    name: "liblp_fuzz_defaults",
+    header_libs: [
+        "libstorage_literals_headers",
+    ],
+    shared_libs: [
+        "liblp",
+        "libbase",
+        "liblog",
+    ],
+    static_libs: [
+        "libcutils",
+    ],
+    include_dirs: [
+        "system/core/fs_mgr/liblp",
+    ],
+    fuzz_config: {
+        cc: [
+            "android-media-fuzzing-reports@google.com",
+        ],
+        componentid: 59148,
+        hotlists: ["4593311"],
+        description: "The fuzzers target the APIs of all liblp modules",
+        vector: "local_no_privileges_required",
+        service_privilege: "privileged",
+        users: "multi_user",
+        fuzzed_code_usage: "shipped"
+    }
+}
+
+cc_fuzz {
+    name: "liblp_builder_fuzzer",
+    srcs: ["liblp_builder_fuzzer.cpp"],
+    defaults: ["liblp_fuzz_defaults"],
+}
+
+cc_fuzz {
+    name: "liblp_super_layout_builder_fuzzer",
+    srcs: ["liblp_super_layout_builder_fuzzer.cpp"],
+    defaults: ["liblp_fuzz_defaults"],
+}
+
+python_binary_host {
+    name: "image_gen_rand",
+    srcs: ["image_gen_rand.py"],
+}
+
+genrule_defaults {
+    name: "test_data_gen_defaults",
+    tools: [
+        "image_gen_rand",
+    ],
+}
+
+// Fake dtb image.
+genrule {
+    name: "test_dtb",
+    defaults: ["test_data_gen_defaults"],
+    out: ["test_dtb.img"],
+    cmd: "$(location image_gen_rand) --seed dtb --length 1024 > $(out)",
+}
+
+// Fake bootconfig image.
+genrule {
+    name: "test_bootconfig",
+    defaults: ["test_data_gen_defaults"],
+    out: ["test_bootconfig.img"],
+    cmd: "$(location image_gen_rand) --seed bootconfig --length 1024 > $(out)",
+}
+
+// Fake vendor ramdisk with type "none".
+genrule {
+    name: "test_vendor_ramdisk_none",
+    defaults: ["test_data_gen_defaults"],
+    out: ["test_vendor_ramdisk_none.img"],
+    cmd: "$(location image_gen_rand) --seed vendor_ramdisk_none --length 1024 > $(out)",
+}
+
+// Fake vendor ramdisk with type "platform".
+genrule {
+    name: "test_vendor_ramdisk_platform",
+    defaults: ["test_data_gen_defaults"],
+    out: ["test_vendor_ramdisk_platform.img"],
+    cmd: "$(location image_gen_rand) --seed vendor_ramdisk_platform --length 1024 > $(out)",
+}
+
+// Fake replacement ramdisk.
+genrule {
+    name: "test_vendor_ramdisk_replace",
+    defaults: ["test_data_gen_defaults"],
+    out: ["test_vendor_ramdisk_replace.img"],
+    cmd: "$(location image_gen_rand) --seed replace --length 3072 > $(out)",
+}
+
+// Genrules for test vendor boot images.
+fastboot_sign_test_image = "$(location avbtool) add_hash_footer --salt 00 --image $(out) " +
+    "--partition_name vendor_boot --partition_size $$(( 1 * 1024 * 1024 ))"
+
+genrule_defaults {
+    name: "test_vendor_boot_gen_defaults",
+    defaults: ["test_data_gen_defaults"],
+    tools: [
+        "avbtool",
+        "mkbootimg",
+    ],
+}
+
+genrule {
+    name: "test_vendor_boot_v3",
+    defaults: ["test_vendor_boot_gen_defaults"],
+    out: ["test_vendor_boot_v3.img"],
+    srcs: [
+        ":test_dtb",
+        ":test_vendor_ramdisk_none",
+    ],
+    cmd: "$(location mkbootimg) --header_version 3 " +
+        "--vendor_ramdisk $(location :test_vendor_ramdisk_none) " +
+        "--dtb $(location :test_dtb) " +
+        "--vendor_boot $(out) && " +
+        fastboot_sign_test_image,
+}
+
+genrule {
+    name: "test_vendor_boot_v4_without_frag",
+    defaults: ["test_vendor_boot_gen_defaults"],
+    out: ["test_vendor_boot_v4_without_frag.img"],
+    srcs: [
+        ":test_dtb",
+        ":test_vendor_ramdisk_none",
+        ":test_bootconfig",
+    ],
+    cmd: "$(location mkbootimg) --header_version 4 " +
+        "--vendor_ramdisk $(location :test_vendor_ramdisk_none) " +
+        "--dtb $(location :test_dtb) " +
+        "--vendor_bootconfig $(location :test_bootconfig) " +
+        "--vendor_boot $(out) && " +
+        fastboot_sign_test_image,
+}
+
+genrule {
+    name: "test_vendor_boot_v4_with_frag",
+    defaults: ["test_vendor_boot_gen_defaults"],
+    out: ["test_vendor_boot_v4_with_frag.img"],
+    srcs: [
+        ":test_dtb",
+        ":test_vendor_ramdisk_none",
+        ":test_vendor_ramdisk_platform",
+        ":test_bootconfig",
+    ],
+    cmd: "$(location mkbootimg) --header_version 4 " +
+        "--dtb $(location :test_dtb) " +
+        "--vendor_bootconfig $(location :test_bootconfig) " +
+        "--ramdisk_type none --ramdisk_name none_ramdisk " +
+        "--vendor_ramdisk_fragment $(location :test_vendor_ramdisk_none) " +
+        "--ramdisk_type platform --ramdisk_name platform_ramdisk " +
+        "--vendor_ramdisk_fragment $(location :test_vendor_ramdisk_platform) " +
+        "--vendor_boot $(out) && " +
+        fastboot_sign_test_image,
+}
+
+cc_fuzz {
+    name: "liblp_apis_fuzzer",
+    srcs: [
+        "liblp_apis_fuzzer.cpp",
+        ":TestPartitionOpener_group",
+    ],
+    defaults: ["liblp_fuzz_defaults"],
+    shared_libs: [
+        "libsparse",
+    ],
+    data: [
+        ":test_dtb",
+        ":test_bootconfig",
+        ":test_vendor_ramdisk_none",
+        ":test_vendor_ramdisk_platform",
+        ":test_vendor_ramdisk_replace",
+        ":test_vendor_boot_v3",
+        ":test_vendor_boot_v4_without_frag",
+        ":test_vendor_boot_v4_with_frag",
+    ],
+    cflags: [
+      "-Wno-unused-parameter",
+   ],
+}
diff --git a/fs_mgr/liblp/fuzzer/README.md b/fs_mgr/liblp/fuzzer/README.md
new file mode 100644
index 0000000..f831e2e
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/README.md
@@ -0,0 +1,136 @@
+# Fuzzers for liblp
+## Table of contents
++  [liblp_builder_fuzzer](#Builder)
++  [liblp_super_layout_builder_fuzzer](#SuperBuilder)
++  [liblp_apis_fuzzer](#APIs)
+
+# <a  name="Builder"></a> Fuzzer for LiblpBuilder
+
+LiblpBuilder supports the following parameters:
+1. kAttributeTypes (parameter name: "attribute")
+2. blockDevSize (parameter name: "blockdev_size")
+3. metadataMaxSize (parameter name: "metadata_max_size")
+4. metadataSlotCount (parameter name: "metadata_slot_count")
+5. partitionName (parameter name: "partition_name")
+6. superBlockDeviceName (parameter name: "block_device_name")
+7. blockDeviceInfoSize (parameter name: "block_device_info_size")
+8. alignment (parameter name: "alignment")
+9. alignmentOffset (parameter name: "alignment_offset")
+10. logicalBlockSize (parameter name: "logical_block_size")
+11. maxMetadataSize (parameter name: "max_metadata_size")
+12. numSlots (parameter name: "metadata_slot_count")
+13. deviceIndex (parameter name: "device_index")
+14. start (parameter name: "start")
+15. end (parameter name: "end")
+16. addedGroupName (parameter name: "group_name")
+17. partitionGroupName (parameter name: "partition_name")
+18. numSectors (parameter name: "num_sectors")
+19. physicalSector (parameter name: "physical_sector")
+20. resizedPartitionSize (parameter name: "requested_size")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`kAttributeTypes`| 1.`LP_PARTITION_ATTR_NONE`,<br/> 2.`LP_PARTITION_ATTR_READONLY`,<br/> 3.`LP_PARTITION_ATTR_SLOT_SUFFIXED`,<br/> 4.`LP_PARTITION_ATTR_UPDATED`,<br/> 5.`LP_PARTITION_ATTR_DISABLED`|Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value from `0` to `100000`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`partitionName`| String |Value obtained from FuzzedDataProvider|
+|`superBlockDeviceName`| String |Value obtained from FuzzedDataProvider|
+|`blockDeviceInfoSize`| Integer |Value obtained from FuzzedDataProvider|
+|`alignment`| Integer |Value obtained from FuzzedDataProvider|
+|`alignmentOffset`| Integer |Value obtained from FuzzedDataProvider|
+|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|
+|`maxMetadataSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`numSlots`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`deviceIndex`| Integer |Value obtained from FuzzedDataProvider|
+|`start`| Integer |Value obtained from FuzzedDataProvider|
+|`end`| Integer |Value obtained from FuzzedDataProvider|
+|`partitionGroupName`| String |Value obtained from FuzzedDataProvider|
+|`numSectors`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`physicalSector`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`resizedPartitionSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+  $ mm -j$(nproc) liblp_builder_fuzzer
+```
+2. Run on device
+```
+  $ adb sync data
+  $ adb shell /data/fuzz/arm64/liblp_builder_fuzzer/liblp_builder_fuzzer
+```
+
+# <a  name="SuperBuilder"></a> Fuzzer for LiblpSuperLayoutBuilder
+
+SuperLayoutBuilder supports the following parameters:
+1. kAttributeTypes (parameter name: "attribute")
+2. blockDevSize (parameter name: "blockdev_size")
+3. metadataMaxSize (parameter name: "metadata_max_size")
+4. metadataSlotCount (parameter name: "metadata_slot_count")
+5. partitionName (parameter name: "partition_name")
+6. data (parameter name: "data")
+7. imageName (parameter name: "image_name")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`kAttributeTypes`| 1.`LP_PARTITION_ATTR_NONE`,<br/> 2.`LP_PARTITION_ATTR_READONLY`,<br/> 3.`LP_PARTITION_ATTR_SLOT_SUFFIXED`,<br/> 4.`LP_PARTITION_ATTR_UPDATED`,<br/> 5.`LP_PARTITION_ATTR_DISABLED`|Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value from `0` to `100000`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`partitionName`| String |Value obtained from FuzzedDataProvider|
+|`data`| String |Value obtained from FuzzedDataProvider|
+|`imageName`| String |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+  $ mm -j$(nproc) liblp_super_layout_builder_fuzzer
+```
+2. Run on device
+```
+  $ adb sync data
+  $ adb shell /data/fuzz/arm64/liblp_super_layout_builder_fuzzer/liblp_super_layout_builder_fuzzer
+```
+
+# <a  name="APIs"></a> Fuzzer for LiblpApis
+
+LiblpAPIs supports the following parameters:
+1. blockDeviceInfoSize (parameter name: "block_device_info_size")
+2. alignment (parameter name: "alignment")
+3. alignmentOffset (parameter name: "alignment_offset")
+4. logicalBlockSize (parameter name: "logical_block_size")
+5. blockDevSize (parameter name: "blockdev_size")
+6. metadataMaxSize (parameter name: "metadata_max_size")
+7. metadataSlotCount (parameter name: "metadata_slot_count")
+8. blockDeviceInfoName (parameter name: "block_device_info_name")
+9. numSectors (parameter name: "num_sectors")
+10. physicalSector (parameter name: "physical_sector")
+11. sparsify (parameter name: "sparsify")
+12. buffer (parameter name: "data")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`blockDeviceInfoSize`| Integer |Value obtained from FuzzedDataProvider|
+|`alignment`| Integer |Value obtained from FuzzedDataProvider|
+|`alignmentOffset`| Integer |Value obtained from FuzzedDataProvider|
+|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value in multiples of `LP_SECTOR_SIZE`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`blockDeviceInfoName`| String |Value obtained from FuzzedDataProvider|
+|`numSectors`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`physicalSector`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`alignment`| Bool |Value obtained from FuzzedDataProvider|
+|`alignment`| Vector |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+  $ mm -j$(nproc) liblp_apis_fuzzer
+```
+2. Run on device
+```
+  $ adb sync data
+  $ adb shell /data/fuzz/arm64/liblp_apis_fuzzer/liblp_apis_fuzzer
+```
diff --git a/fs_mgr/liblp/fuzzer/image_gen_rand.py b/fs_mgr/liblp/fuzzer/image_gen_rand.py
new file mode 100644
index 0000000..6e85472
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/image_gen_rand.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Write given number of random bytes, generated with optional seed.
+"""
+
+import random, argparse
+
+if __name__ == '__main__':
+  parser = argparse.ArgumentParser(description=__doc__)
+  parser.add_argument('--seed', help='Seed to random generator')
+  parser.add_argument('--length', type=int, required=True, help='Length of output')
+  args = parser.parse_args()
+
+  if args.seed:
+    random.seed(args.seed)
+
+  print(''.join(chr(random.randrange(0,0xff)) for _ in range(args.length)))
diff --git a/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp
new file mode 100644
index 0000000..b6fbc14
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/file.h>
+#include <fcntl.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/builder.h>
+#include <liblp/partition_opener.h>
+#include <linux/memfd.h>
+#include <sys/syscall.h>
+#include <writer.h>
+#include "images.h"
+#include "test_partition_opener.h"
+
+using namespace std;
+using namespace android;
+using namespace android::fs_mgr;
+using unique_fd = android::base::unique_fd;
+
+static constexpr size_t kDiskSize = 131072;
+static constexpr size_t kMetadataSize = 512;
+static constexpr size_t kMetadataSlots = 2;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kValidAlignment = 0;
+static constexpr uint32_t kValidAlignmentOffset = 0;
+static constexpr uint32_t kValidLogicalBlockSize = 4096;
+static constexpr uint32_t kMinMetadataSize = 0;
+static constexpr uint32_t kMaxMetadataSize = 10000;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinFactor = 0;
+static constexpr uint32_t kMaxFactor = 10;
+static constexpr uint32_t kMetadataGeometrySize = 4096;
+static constexpr uint64_t kValidNumSectors = 1901568;
+static constexpr uint64_t kValidPhysicalSector = 3608576;
+static constexpr uint64_t kMinSectorValue = 1;
+static constexpr uint64_t kMaxSectorValue = 1000000;
+static constexpr uint64_t kMaxBufferSize = 100000;
+
+const string kImageFile = "image_file";
+const string kSuperName = "super";
+const string kSystemPartitionName = "system";
+const string kPartitionName = "builder_partition";
+const string kSuperPartitionName = "super_partition";
+
+const string kSuffix[] = {"_a", "_b", "a", "b"};
+
+class LiplpApisFuzzer {
+  public:
+    LiplpApisFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+    void process();
+
+  private:
+    void setupBuilder();
+    BlockDeviceInfo getBlockDevice();
+    FuzzedDataProvider mFdp;
+    unique_ptr<MetadataBuilder> mBuilder;
+    string mBlockDeviceInfoName;
+    string mSuperPartitionName;
+    string mPartitionName;
+    const string mImagePaths[10] = {
+            "data/test_dtb.img",
+            "data/test_bootconfig.img",
+            "data/test_vendor_ramdisk_none.img",
+            "data/test_vendor_ramdisk_platform.img",
+            "data/test_vendor_ramdisk_replace.img",
+            "data/test_vendor_boot_v4_with_frag.img",
+            "data/test_vendor_boot_v4_without_frag.img",
+            "data/test_vendor_boot_v3.img",
+            "dev/null",
+            mFdp.ConsumeRandomLengthString(kMaxBytes),
+    };
+};
+
+BlockDeviceInfo LiplpApisFuzzer::getBlockDevice() {
+    mBlockDeviceInfoName =
+            mFdp.ConsumeBool() ? kSuperName : mFdp.ConsumeRandomLengthString(kMaxBytes);
+    uint64_t blockDeviceInfoSize =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kDiskSize;
+    uint32_t alignment = mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignment;
+    uint32_t alignmentOffset =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignmentOffset;
+    uint32_t logicalBlockSize =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidLogicalBlockSize;
+
+    BlockDeviceInfo superInfo{mBlockDeviceInfoName, blockDeviceInfoSize, alignment, alignmentOffset,
+                              logicalBlockSize};
+    return superInfo;
+}
+
+void LiplpApisFuzzer::setupBuilder() {
+    uint64_t randomBlockDevSize =
+            mFdp.ConsumeIntegralInRange<uint64_t>(kMinFactor, kMaxFactor) * LP_SECTOR_SIZE;
+    uint64_t blockDevSize = mFdp.ConsumeBool() ? randomBlockDevSize : kDiskSize;
+    uint32_t randomMetadataMaxSize =
+            mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataSize, kMaxMetadataSize);
+    uint32_t metadataMaxSize = mFdp.ConsumeBool() ? kMetadataSize : randomMetadataMaxSize;
+    uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+    mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+
+    if (mBuilder.get()) {
+        mBuilder->AddPartition(kSystemPartitionName, LP_PARTITION_ATTR_READONLY);
+
+        mPartitionName =
+                mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kPartitionName;
+        if (!mPartitionName.size()) {
+            mPartitionName = kPartitionName;
+        }
+        mSuperPartitionName = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes)
+                                                 : kSuperPartitionName;
+        if (!mSuperPartitionName.size()) {
+            mSuperPartitionName = kSuperPartitionName;
+        }
+
+        Partition* super = mBuilder->AddPartition(mSuperPartitionName, LP_PARTITION_ATTR_READONLY);
+        mBuilder->AddPartition(mPartitionName, LP_PARTITION_ATTR_READONLY);
+
+        int64_t numSectors = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(
+                                                          kMinSectorValue, kMaxSectorValue)
+                                                : kValidNumSectors;
+        int64_t physicalSector = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(
+                                                              kMinSectorValue, kMaxSectorValue)
+                                                    : kValidPhysicalSector;
+
+        mBuilder->AddLinearExtent(super, mBlockDeviceInfoName, numSectors, physicalSector);
+    }
+}
+
+void LiplpApisFuzzer::process() {
+    BlockDeviceInfo superInfo = getBlockDevice();
+    unique_fd fd(syscall(__NR_memfd_create, "image_file", MFD_ALLOW_SEALING));
+    setupBuilder();
+
+    TestPartitionOpener opener(
+            {{mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kSuperName, fd}},
+            {{mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kSuperName,
+              superInfo}});
+
+    if (mBuilder.get()) {
+        unique_ptr<LpMetadata> metadata = mBuilder->Export();
+        const LpMetadata& metadataValue = *metadata.get();
+
+        map<string, string> images = {};
+        if (mFdp.ConsumeBool()) {
+            images[mSuperPartitionName] = mFdp.PickValueInArray(mImagePaths);
+        }
+
+        while (mFdp.remaining_bytes()) {
+            auto invokeAPIs = mFdp.PickValueInArray<const function<void()>>({
+                    [&]() { WriteToImageFile(fd, metadataValue); },
+                    [&]() { WriteToImageFile(kImageFile.c_str(), metadataValue); },
+                    [&]() { FlashPartitionTable(opener, kSuperName, metadataValue); },
+                    [&]() {
+                        UpdatePartitionTable(opener, mPartitionName, metadataValue,
+                                             mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+                    },
+                    [&]() {
+                        ReadMetadata(mPartitionName, mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+                    },
+                    [&]() { FlashPartitionTable(mPartitionName, metadataValue); },
+                    [&]() {
+                        UpdatePartitionTable(mPartitionName, metadataValue,
+                                             mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+                    },
+                    [&]() {
+                        WriteToImageFile(kImageFile.c_str(), metadataValue,
+                                         metadata->geometry.logical_block_size, images,
+                                         mFdp.ConsumeBool() ? true : false /* sparsify */);
+                    },
+
+                    [&]() {
+                        WriteSplitImageFiles(kImageFile.c_str(), metadataValue,
+                                             metadata->geometry.logical_block_size, images,
+                                             mFdp.ConsumeBool() ? true : false /* sparsify */);
+                    },
+                    [&]() { ReadFromImageFile(kImageFile.c_str()); },
+                    [&]() { IsEmptySuperImage(kImageFile.c_str()); },
+                    [&]() {
+                        uint64_t bufferSize = mFdp.ConsumeIntegralInRange<uint64_t>(
+                                2 * kMetadataGeometrySize, kMaxBufferSize);
+                        vector<uint8_t> buffer = mFdp.ConsumeBytes<uint8_t>(kMaxBytes);
+                        buffer.resize(bufferSize);
+                        ReadFromImageBlob(buffer.data(), buffer.size());
+                    },
+                    [&]() {
+                        uint32_t groupVectorSize = metadata->groups.size();
+                        uint32_t randomGroupIndex =
+                                mFdp.ConsumeIntegralInRange<uint32_t>(0, groupVectorSize);
+                        GetPartitionGroupName(metadata->groups[randomGroupIndex]);
+                    },
+                    [&]() {
+                        uint32_t blockDeviceVectorSize = metadata->block_devices.size();
+                        uint32_t randomBlockDeviceIndex =
+                                mFdp.ConsumeIntegralInRange<uint32_t>(0, blockDeviceVectorSize);
+                        GetBlockDevicePartitionName(
+                                metadata->block_devices[randomBlockDeviceIndex]);
+                    },
+                    [&]() { GetMetadataSuperBlockDevice(metadataValue); },
+                    [&]() {
+                        string suffix = mFdp.ConsumeBool()
+                                                ? mFdp.PickValueInArray<string>(kSuffix)
+                                                : mFdp.ConsumeRandomLengthString(kMaxBytes);
+                        SlotNumberForSlotSuffix(suffix);
+                    },
+                    [&]() {
+                        auto entry = FindPartition(metadataValue, kSystemPartitionName);
+                        GetPartitionSize(metadataValue, *entry);
+                    },
+                    [&]() { GetPartitionSlotSuffix(mPartitionName); },
+                    [&]() { FindPartition(metadataValue, mPartitionName); },
+                    [&]() {
+                        uint32_t partitionVectorSize = metadata->partitions.size();
+                        uint32_t randomPartitionIndex =
+                                mFdp.ConsumeIntegralInRange<uint32_t>(0, partitionVectorSize);
+                        GetPartitionName(metadata->partitions[randomPartitionIndex]);
+                    },
+                    [&]() { GetTotalSuperPartitionSize(metadataValue); },
+                    [&]() { GetBlockDevicePartitionNames(metadataValue); },
+            });
+            invokeAPIs();
+        }
+        remove(kImageFile.c_str());
+    }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    LiplpApisFuzzer liplpApisFuzzer(data, size);
+    liplpApisFuzzer.process();
+    return 0;
+}
diff --git a/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp
new file mode 100644
index 0000000..e5fbe27
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp
@@ -0,0 +1,438 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/builder.h>
+#include <liblp/property_fetcher.h>
+#include <storage_literals/storage_literals.h>
+
+using namespace android::fs_mgr;
+using namespace std;
+using namespace android::storage_literals;
+
+static constexpr uint64_t kValidBlockSize = 4096 * 50;
+static constexpr uint64_t kBlockDeviceInfoSize = 1024 * 1024;
+static constexpr uint64_t kValidBlockDeviceInfoSize = 8_GiB;
+static constexpr uint64_t kValidMaxGroupSize = 40960;
+static constexpr uint64_t kMinBlockDevValue = 0;
+static constexpr uint64_t kMaxBlockDevValue = 100000;
+static constexpr uint64_t kMinSectorValue = 1;
+static constexpr uint64_t kMaxSectorValue = 1000000;
+static constexpr uint64_t kMinValue = 0;
+static constexpr uint64_t kMaxValue = 10000;
+static constexpr uint64_t kValidNumSectors = 1901568;
+static constexpr uint64_t kValidPhysicalSector = 3608576;
+static constexpr uint64_t kMinElements = 0;
+static constexpr uint64_t kMaxElements = 10;
+static constexpr uint32_t kValidAlignment = 786432;
+static constexpr uint32_t kValidMetadataSize = 40960;
+static constexpr uint32_t kValidAlignmentOffset = 229376;
+static constexpr uint32_t kValidLogicalBlockSize = 4096;
+static constexpr uint32_t kValidMaxMetadataSize = 65536;
+static constexpr uint32_t kMinMetadataValue = 0;
+static constexpr uint32_t kMaxMetadataValue = 10000;
+static constexpr uint32_t kZeroAlignment = 0;
+static constexpr uint32_t kZeroAlignmentOffset = 0;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinBuilder = 0;
+static constexpr uint32_t kMaxBuilder = 4;
+
+const uint64_t kAttributeTypes[] = {
+        LP_PARTITION_ATTR_NONE,    LP_PARTITION_ATTR_READONLY, LP_PARTITION_ATTR_SLOT_SUFFIXED,
+        LP_PARTITION_ATTR_UPDATED, LP_PARTITION_ATTR_DISABLED,
+};
+
+const string kFuzzPartitionName = "fuzz_partition_name";
+const string kSuperPartitionName = "super_partition";
+const string kDeviceInfoName = "super";
+const string kDefaultGroupName = "default";
+
+class BuilderFuzzer {
+  public:
+    BuilderFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+    void process();
+
+  private:
+    FuzzedDataProvider mFdp;
+    void invokeBuilderAPIs();
+    void selectRandomBuilder(int32_t randomBuilder, string superBlockDeviceName);
+    void setupBuilder(string superBlockDeviceName);
+    void callChangePartitionGroup();
+    void callVerifyExtentsAgainstSourceMetadata();
+    vector<BlockDeviceInfo> mBlockDevices;
+    unique_ptr<MetadataBuilder> mBuilder;
+    string mResizePartitionName;
+    string mGroupNames[4] = {
+            "default",
+            "group_a",
+            "group_b",
+            mFdp.ConsumeRandomLengthString(kMaxBytes),
+    };
+    string mPartitionNames[5] = {
+            "system_a",
+            "vendor_a",
+            "system_b",
+            "vendor_b",
+            mFdp.ConsumeRandomLengthString(kMaxBytes),
+    };
+    Partition* mPartition;
+    Partition* mFuzzPartition;
+    Partition* mResizePartition;
+    template <typename T>
+    T getParamValue(T validValue) {
+        T parameter = validValue;
+        if (mFdp.ConsumeBool()) {
+            parameter = mFdp.ConsumeIntegralInRange<T>(kMinValue, kMaxValue);
+        }
+        return parameter;
+    }
+};
+
+void BuilderFuzzer::selectRandomBuilder(int32_t randomBuilder, string superBlockDeviceName) {
+    switch (randomBuilder) {
+        case 0: {
+            uint32_t maxMetadataSize = getParamValue(kValidMaxMetadataSize);
+            uint32_t numSlots = mFdp.ConsumeBool()
+                                        ? kMaxSlot
+                                        : mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+            mBuilder = MetadataBuilder::New(mBlockDevices, superBlockDeviceName, maxMetadataSize,
+                                            numSlots);
+            break;
+        }
+        case 1: {
+            uint64_t blockDevSize =
+                    mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);
+            uint32_t metadataMaxSize =
+                    mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);
+            uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+            mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+            break;
+        }
+        case 2: {
+            uint64_t blockDevSize = getParamValue(kValidBlockSize);
+            uint32_t metadataSize = getParamValue(kValidMetadataSize);
+            uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+            mBuilder = MetadataBuilder::New(blockDevSize, metadataSize, metadataSlotCount);
+            break;
+        }
+        case 3: {
+            string superPartitionName = mFdp.ConsumeBool()
+                                                ? kSuperPartitionName
+                                                : mFdp.ConsumeRandomLengthString(kMaxBytes);
+            mBuilder = MetadataBuilder::New(PartitionOpener(), superPartitionName,
+                                            mFdp.ConsumeIntegralInRange(0, 1) /* slot_number */);
+            break;
+        }
+        case 4: {
+            string superPartitionName = mFdp.ConsumeBool()
+                                                ? kSuperPartitionName
+                                                : mFdp.ConsumeRandomLengthString(kMaxBytes);
+            mBuilder = MetadataBuilder::New(
+                    superPartitionName,
+                    mFdp.ConsumeIntegralInRange<uint32_t>(0, 1) /* slot_number */);
+            break;
+        }
+    }
+}
+
+void BuilderFuzzer::setupBuilder(string superBlockDeviceName) {
+    uint64_t blockDeviceInfoSize =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kValidBlockDeviceInfoSize;
+    uint32_t alignment = mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignment;
+    uint32_t alignmentOffset =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignmentOffset;
+    uint32_t logicalBlockSize =
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidLogicalBlockSize;
+    BlockDeviceInfo super(superBlockDeviceName, blockDeviceInfoSize, alignment, alignmentOffset,
+                          logicalBlockSize);
+    mBlockDevices.push_back(super);
+
+    mBuilder->AddGroup(kDefaultGroupName, mFdp.ConsumeIntegral<uint64_t>() /* max_size */);
+    mPartition = mBuilder->AddPartition(kSuperPartitionName, LP_PARTITION_ATTR_READONLY);
+
+    mFuzzPartition = mBuilder->AddPartition(kFuzzPartitionName, kDefaultGroupName,
+                                            LP_PARTITION_ATTR_READONLY);
+
+    string mResizePartitionName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+    if (!mResizePartitionName.size()) {
+        mResizePartitionName = "resize_partition";
+    }
+    mResizePartition = mBuilder->AddPartition(mResizePartitionName, kDefaultGroupName,
+                                              LP_PARTITION_ATTR_READONLY);
+
+    string changePartitionDeviceInfoName =
+            mFdp.ConsumeBool() ? kDeviceInfoName : mFdp.ConsumeRandomLengthString(kMaxBytes);
+    BlockDeviceInfo changePartitionDeviceInfo(
+            changePartitionDeviceInfoName,
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kBlockDeviceInfoSize /* size */,
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+                               : kZeroAlignmentOffset /* alignment */,
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+                               : kZeroAlignmentOffset /* alignment_offset */,
+            mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+                               : kValidLogicalBlockSize /* logical_block_size */);
+    mBlockDevices.push_back(changePartitionDeviceInfo);
+}
+
+void BuilderFuzzer::callChangePartitionGroup() {
+    string group1 = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : "group1";
+    uint64_t group1Size = getParamValue(0);
+
+    string group2 = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : "group2";
+    uint64_t group2Size = getParamValue(0);
+
+    bool group1Added = mBuilder->AddGroup(group1, group1Size);
+    bool group2Added = mBuilder->AddGroup(group2, group2Size);
+
+    string changeGroupPartitionName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+    if (changeGroupPartitionName.size() && group1Added && group2Added) {
+        Partition* changeGroupPartition = mBuilder->AddPartition(changeGroupPartitionName, group1,
+                                                                 LP_PARTITION_ATTR_READONLY);
+        if (changeGroupPartition) {
+            mBuilder->ChangePartitionGroup(changeGroupPartition, group2);
+        }
+    }
+}
+
+void BuilderFuzzer::callVerifyExtentsAgainstSourceMetadata() {
+    uint64_t sourceBlockDevSize = getParamValue(kValidBlockSize);
+    uint32_t sourceMetadataMaxSize = getParamValue(kValidMetadataSize);
+    uint32_t sourceSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);
+    auto sourceBuilder =
+            MetadataBuilder::New(sourceBlockDevSize, sourceMetadataMaxSize, sourceSlotCount);
+
+    uint64_t targetBlockDevSize = getParamValue(kValidBlockSize);
+    uint32_t targetMetadataMaxSize = getParamValue(kValidMetadataSize);
+    uint32_t targetSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);
+    auto targetBuilder =
+            MetadataBuilder::New(targetBlockDevSize, targetMetadataMaxSize, targetSlotCount);
+
+    if (sourceBuilder && targetBuilder) {
+        int64_t sourceGroups = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+        for (int64_t idx = 0; idx < sourceGroups; ++idx) {
+            sourceBuilder->AddGroup(
+                    mFdp.PickValueInArray(mGroupNames),
+                    mFdp.ConsumeBool() ? kValidMaxGroupSize : mFdp.ConsumeIntegral<uint64_t>());
+        }
+
+        int64_t sourcePartitions = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+        for (int64_t idx = 0; idx < sourcePartitions; ++idx) {
+            sourceBuilder->AddPartition(mFdp.PickValueInArray(mPartitionNames),
+                                        LP_PARTITION_ATTR_READONLY);
+        }
+
+        int64_t targetGroups = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+        for (int64_t idx = 0; idx < targetGroups; ++idx) {
+            targetBuilder->AddGroup(
+                    mFdp.PickValueInArray(mGroupNames),
+                    mFdp.ConsumeBool() ? kValidMaxGroupSize : mFdp.ConsumeIntegral<uint64_t>());
+        }
+
+        int64_t targetPartitions = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+        for (int64_t idx = 0; idx < targetPartitions; ++idx) {
+            targetBuilder->AddPartition(mFdp.PickValueInArray(mPartitionNames),
+                                        LP_PARTITION_ATTR_READONLY);
+        }
+
+        MetadataBuilder::VerifyExtentsAgainstSourceMetadata(
+                *sourceBuilder, mFdp.ConsumeBool() ? 0 : 1 /* source_slot_number */, *targetBuilder,
+                mFdp.ConsumeBool() ? 0 : 1 /* target_slot_number */,
+                vector<string>{"system", "vendor", mFdp.ConsumeRandomLengthString(kMaxBytes)});
+    }
+}
+
+void BuilderFuzzer::invokeBuilderAPIs() {
+    string superBlockDeviceName =
+            mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kDeviceInfoName;
+    uint32_t randomBuilder = mFdp.ConsumeIntegralInRange<uint32_t>(kMinBuilder, kMaxBuilder);
+    selectRandomBuilder(randomBuilder, superBlockDeviceName);
+
+    if (mBuilder.get()) {
+        setupBuilder(superBlockDeviceName);
+
+        while (mFdp.remaining_bytes()) {
+            auto invokeAPIs = mFdp.PickValueInArray<const function<void()>>({
+                    [&]() { callChangePartitionGroup(); },
+                    [&]() {
+                        string addedGroupName = mFdp.PickValueInArray(mGroupNames);
+                        mBuilder->AddGroup(addedGroupName,
+                                           mFdp.ConsumeIntegralInRange<uint64_t>(
+                                                   kMinValue, kMaxValue) /* max_size */);
+                    },
+                    [&]() {
+                        string partitionName = mFdp.PickValueInArray(mPartitionNames);
+                        Partition* addedPartition = mBuilder->AddPartition(
+                                partitionName, mFdp.PickValueInArray(kAttributeTypes));
+                    },
+                    [&]() {
+                        int64_t numSectors = mFdp.ConsumeBool()
+                                                     ? mFdp.ConsumeIntegralInRange<uint64_t>(
+                                                               kMinSectorValue, kMaxSectorValue)
+                                                     : kValidNumSectors;
+                        int64_t physicalSector = mFdp.ConsumeBool()
+                                                         ? mFdp.ConsumeIntegralInRange<uint64_t>(
+                                                                   kMinSectorValue, kMaxSectorValue)
+                                                         : kValidPhysicalSector;
+
+                        int64_t numExtents =
+                                mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+                        bool extentAdded = false;
+                        for (int64_t i = 0; i <= numExtents; ++i) {
+                            extentAdded = mBuilder->AddLinearExtent(mFuzzPartition, kDeviceInfoName,
+                                                                    numSectors, physicalSector);
+                        }
+
+                        if (extentAdded) {
+                            unique_ptr<LpMetadata> metadata = mBuilder->Export();
+                            uint64_t alignedSize =
+                                    mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+                            mFuzzPartition->GetBeginningExtents(LP_SECTOR_SIZE * numExtents);
+                        }
+                    },
+                    [&]() { callVerifyExtentsAgainstSourceMetadata(); },
+                    [&]() { mBuilder->ListPartitionsInGroup(mFdp.PickValueInArray(mGroupNames)); },
+                    [&]() {
+                        int64_t maxSize = mFdp.ConsumeIntegral<uint64_t>();
+                        mBuilder->ChangeGroupSize(mFdp.PickValueInArray(mGroupNames), maxSize);
+                    },
+                    [&]() {
+                        string deviceInfoName = mFdp.ConsumeBool()
+                                                        ? kDeviceInfoName
+                                                        : mFdp.ConsumeRandomLengthString(kMaxBytes);
+                        mBuilder->GetBlockDeviceInfo(deviceInfoName, &mBlockDevices[1]);
+                    },
+                    [&]() {
+                        string deviceInfoName = mFdp.ConsumeBool()
+                                                        ? kDeviceInfoName
+                                                        : mFdp.ConsumeRandomLengthString(kMaxBytes);
+                        mBuilder->UpdateBlockDeviceInfo(deviceInfoName, mBlockDevices[1]);
+                    },
+                    [&]() {
+                        unique_ptr<LpMetadata> metadata = mBuilder->Export();
+                        mBuilder->ImportPartitions(*metadata.get(),
+                                                   {mFdp.PickValueInArray(mPartitionNames)});
+                    },
+                    [&]() { mBuilder->HasBlockDevice(mFdp.PickValueInArray(mPartitionNames)); },
+                    [&]() { mBuilder->SetVirtualABDeviceFlag(); },
+                    [&]() { mBuilder->SetAutoSlotSuffixing(); },
+                    [&]() { mBuilder->ListGroups(); },
+                    [&]() { mBuilder->UsedSpace(); },
+                    [&]() { mBuilder->RequireExpandedMetadataHeader(); },
+                    [&]() {
+                        uint64_t resizedPartitionSize = getParamValue(0);
+                        mBuilder->ResizePartition(mResizePartition, resizedPartitionSize);
+                    },
+                    [&]() {
+                        uint32_t sourceSlot = mFdp.ConsumeBool() ? 0 : 1;
+                        uint32_t targetSlot = mFdp.ConsumeBool() ? 0 : 1;
+                        PartitionOpener partitionOpener;
+                        string sourcePartition =
+                                mFdp.ConsumeBool() ? kFuzzPartitionName : kDeviceInfoName;
+
+                        MetadataBuilder::NewForUpdate(partitionOpener, sourcePartition, sourceSlot,
+                                                      targetSlot);
+                        partitionOpener.GetDeviceString(mFdp.PickValueInArray(mPartitionNames));
+                    },
+                    [&]() {
+                        unique_ptr<LpMetadata> metadata = mBuilder->Export();
+                        MetadataBuilder::New(*metadata.get());
+                    },
+                    [&]() { mBuilder->AllocatableSpace(); },
+                    [&]() {
+                        PartitionOpener pOpener;
+                        string superPartitionName =
+                                mFdp.ConsumeBool() ? kSuperPartitionName
+                                                   : mFdp.ConsumeRandomLengthString(kMaxBytes);
+                        pOpener.Open(superPartitionName, O_RDONLY);
+                        pOpener.GetInfo(superPartitionName, &mBlockDevices[0]);
+                    },
+                    [&]() {
+                        PartitionOpener pOpener;
+                        string superPartitionName =
+                                mFdp.ConsumeBool() ? kSuperPartitionName
+                                                   : mFdp.ConsumeRandomLengthString(kMaxBytes);
+                        pOpener.Open(superPartitionName, O_RDONLY);
+                        pOpener.GetDeviceString(superPartitionName);
+                    },
+                    [&]() {
+                        Interval::Intersect(
+                                Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+                                         mFdp.ConsumeIntegral<uint64_t>() /* start */,
+                                         mFdp.ConsumeIntegral<uint64_t>()) /* end */,
+                                Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+                                         mFdp.ConsumeIntegral<uint64_t>() /* start */,
+                                         mFdp.ConsumeIntegral<uint64_t>() /* end */));
+                    },
+                    [&]() {
+                        vector<Interval> intervalVectorA;
+                        int64_t internalVectorAElements =
+                                mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+                        for (int64_t idx = 0; idx < internalVectorAElements; ++idx) {
+                            intervalVectorA.push_back(
+                                    Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+                                             mFdp.ConsumeIntegral<uint64_t>() /* start */,
+                                             mFdp.ConsumeIntegral<uint64_t>() /* end */));
+                        }
+
+                        vector<Interval> intervalVectorB;
+                        int64_t internalVectorBElements =
+                                mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+                        for (int64_t idx = 0; idx < internalVectorBElements; ++idx) {
+                            intervalVectorB.push_back(
+                                    Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+                                             mFdp.ConsumeIntegral<uint64_t>() /* start */,
+                                             mFdp.ConsumeIntegral<uint64_t>() /* end */));
+                        }
+
+                        Interval::Intersect(intervalVectorA, intervalVectorB);
+                    },
+                    [&]() {
+                        uint64_t numSectors =
+                                mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+                        uint32_t deviceIndex =
+                                mFdp.ConsumeIntegralInRange<uint32_t>(kMinValue, kMaxValue);
+                        uint64_t physicalSector =
+                                mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+                        LinearExtent extent(numSectors, deviceIndex, physicalSector);
+                        extent.AsInterval();
+                    },
+                    [&]() {
+                        IPropertyFetcher::OverrideForTesting(std::make_unique<PropertyFetcher>());
+                    },
+            });
+            invokeAPIs();
+        }
+        if (mFdp.ConsumeBool()) {
+            mBuilder->RemoveGroupAndPartitions(mFdp.PickValueInArray(mGroupNames));
+        } else {
+            string removePartition = mFdp.PickValueInArray(mPartitionNames);
+            mBuilder->RemovePartition(removePartition);
+        }
+    }
+}
+
+void BuilderFuzzer::process() {
+    invokeBuilderAPIs();
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    BuilderFuzzer builderFuzzer(data, size);
+    builderFuzzer.process();
+    return 0;
+}
diff --git a/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp
new file mode 100644
index 0000000..887093c
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <android-base/unique_fd.h>
+#include <fcntl.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/metadata_format.h>
+#include <liblp/super_layout_builder.h>
+#include <linux/memfd.h>
+#include <storage_literals/storage_literals.h>
+#include <sys/syscall.h>
+
+using namespace android::fs_mgr;
+using namespace std;
+using unique_fd = android::base::unique_fd;
+using namespace android::storage_literals;
+
+static constexpr uint64_t kSuperLayoutValidBlockDevSize = 4_MiB;
+static constexpr uint64_t kMinBlockDevValue = 0;
+static constexpr uint64_t kMaxBlockDevValue = 100000;
+static constexpr uint64_t kMinElements = 0;
+static constexpr uint64_t kMaxElements = 10;
+static constexpr uint32_t kSuperLayoutValidMetadataSize = 8_KiB;
+static constexpr uint32_t kMinMetadataValue = 0;
+static constexpr uint32_t kMaxMetadataValue = 10000;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinOpen = 0;
+static constexpr uint32_t kMaxOpen = 2;
+
+const uint64_t kAttributeTypes[] = {
+        LP_PARTITION_ATTR_NONE,    LP_PARTITION_ATTR_READONLY, LP_PARTITION_ATTR_SLOT_SUFFIXED,
+        LP_PARTITION_ATTR_UPDATED, LP_PARTITION_ATTR_DISABLED,
+};
+
+class SuperLayoutBuilderFuzzer {
+  public:
+    SuperLayoutBuilderFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+    void process();
+
+  private:
+    FuzzedDataProvider mFdp;
+    void invokeSuperLayoutBuilderAPIs();
+    void callRandomOpen(int32_t open);
+    void addMultiplePartitions(int32_t numPartitions);
+    void setupSuperLayoutBuilder(string fuzzPartitionName);
+    SuperLayoutBuilder mSuperLayoutBuilder;
+    unique_ptr<MetadataBuilder> mSuperBuilder;
+    unique_ptr<LpMetadata> mMetadata;
+    bool mOpenSuccess = false;
+};
+
+void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder(string fuzzPartitionName) {
+    uint64_t randomBlockDevSize =
+            mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);
+    uint64_t blockDevSize = mFdp.ConsumeBool() ? kSuperLayoutValidBlockDevSize : randomBlockDevSize;
+    uint32_t randomMetadataMaxSize =
+            mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);
+    uint32_t metadataMaxSize =
+            mFdp.ConsumeBool() ? kSuperLayoutValidMetadataSize : randomMetadataMaxSize;
+    uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+    mSuperBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+
+    if (mSuperBuilder.get()) {
+        if (mFdp.ConsumeBool()) {
+            int32_t numPartitions =
+                    mFdp.ConsumeIntegralInRange<int32_t>(kMinElements, kMaxElements);
+            addMultiplePartitions(numPartitions);
+        }
+
+        uint32_t randomOpen = mFdp.ConsumeIntegralInRange<uint32_t>(kMinOpen, kMaxOpen);
+        callRandomOpen(randomOpen);
+
+        if (!fuzzPartitionName.size()) {
+            fuzzPartitionName = "builder_partition";
+        }
+    }
+}
+
+void SuperLayoutBuilderFuzzer::addMultiplePartitions(int32_t numPartitions) {
+    for (int32_t idx = 0; idx < numPartitions; ++idx) {
+        string partitionName = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes)
+                                                  : "builder_partition";
+        mSuperBuilder->AddPartition(partitionName, mFdp.PickValueInArray(kAttributeTypes));
+    }
+}
+
+void SuperLayoutBuilderFuzzer::callRandomOpen(int32_t open) {
+    mMetadata = mSuperBuilder->Export();
+    switch (open) {
+        case 0: {
+            vector<uint8_t> imageData = mFdp.ConsumeBytes<uint8_t>(kMaxBytes);
+            mOpenSuccess = mSuperLayoutBuilder.Open((void*)(imageData.data()), imageData.size());
+            break;
+        }
+        case 1: {
+            mOpenSuccess = mSuperLayoutBuilder.Open(*mMetadata.get());
+            break;
+        }
+        case 2: {
+            unique_fd fd(syscall(__NR_memfd_create, "image_file", 0));
+            WriteToImageFile(fd, *mMetadata.get());
+            mOpenSuccess = mSuperLayoutBuilder.Open(fd);
+            break;
+        }
+    }
+}
+
+void SuperLayoutBuilderFuzzer::invokeSuperLayoutBuilderAPIs() {
+    string imageName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+    string fuzzPartitionName =
+            mFdp.ConsumeBool() ? "builder_partition" : mFdp.ConsumeRandomLengthString(kMaxBytes);
+    setupSuperLayoutBuilder(fuzzPartitionName);
+    if (mOpenSuccess) {
+        while (mFdp.remaining_bytes()) {
+            auto invokeSuperAPIs = mFdp.PickValueInArray<const function<void()>>({
+                    [&]() { mSuperLayoutBuilder.GetImageLayout(); },
+                    [&]() {
+                        mSuperLayoutBuilder.AddPartition(fuzzPartitionName, imageName,
+                                                         mFdp.ConsumeIntegral<uint64_t>());
+                    },
+            });
+            invokeSuperAPIs();
+        }
+    }
+}
+
+void SuperLayoutBuilderFuzzer::process() {
+    invokeSuperLayoutBuilderAPIs();
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    SuperLayoutBuilderFuzzer superLayoutBuilderFuzzer(data, size);
+    superLayoutBuilderFuzzer.process();
+    return 0;
+}
diff --git a/init/persistent_properties.cpp b/init/persistent_properties.cpp
index 8efb72c..e89244f 100644
--- a/init/persistent_properties.cpp
+++ b/init/persistent_properties.cpp
@@ -115,24 +115,6 @@
     }
 }
 
-PersistentProperties LoadPersistentPropertiesFromMemory() {
-    PersistentProperties persistent_properties;
-    __system_property_foreach(
-        [](const prop_info* pi, void* cookie) {
-            __system_property_read_callback(
-                pi,
-                [](void* cookie, const char* name, const char* value, unsigned serial) {
-                    if (StartsWith(name, "persist.")) {
-                        auto properties = reinterpret_cast<PersistentProperties*>(cookie);
-                        AddPersistentProperty(name, value, properties);
-                    }
-                },
-                cookie);
-        },
-        &persistent_properties);
-    return persistent_properties;
-}
-
 Result<std::string> ReadPersistentPropertyFile() {
     const std::string temp_filename = persistent_property_filename + ".tmp";
     if (access(temp_filename.c_str(), F_OK) == 0) {
@@ -221,6 +203,24 @@
     return {};
 }
 
+PersistentProperties LoadPersistentPropertiesFromMemory() {
+    PersistentProperties persistent_properties;
+    __system_property_foreach(
+            [](const prop_info* pi, void* cookie) {
+                __system_property_read_callback(
+                        pi,
+                        [](void* cookie, const char* name, const char* value, unsigned serial) {
+                            if (StartsWith(name, "persist.")) {
+                                auto properties = reinterpret_cast<PersistentProperties*>(cookie);
+                                AddPersistentProperty(name, value, properties);
+                            }
+                        },
+                        cookie);
+            },
+            &persistent_properties);
+    return persistent_properties;
+}
+
 // Persistent properties are not written often, so we rather not keep any data in memory and read
 // then rewrite the persistent property file for each update.
 void WritePersistentProperty(const std::string& name, const std::string& value) {
diff --git a/init/persistent_properties.h b/init/persistent_properties.h
index a6f80e6..7e9d438 100644
--- a/init/persistent_properties.h
+++ b/init/persistent_properties.h
@@ -29,6 +29,7 @@
                            PersistentProperties* persistent_properties);
 PersistentProperties LoadPersistentProperties();
 void WritePersistentProperty(const std::string& name, const std::string& value);
+PersistentProperties LoadPersistentPropertiesFromMemory();
 
 // Exposed only for testing
 Result<PersistentProperties> LoadPersistentPropertyFile();
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 38cbea3..b08a904 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1400,8 +1400,6 @@
             // Apply staged and persistent properties
             bool has_staged_prop = false;
             auto const staged_prefix = std::string_view("next_boot.");
-            auto const staged_persist_prefix = std::string_view("next_boot.persist.");
-            auto persist_props_map = std::unordered_map<std::string, std::string>();
 
             auto persistent_properties = LoadPersistentProperties();
             for (const auto& property_record : persistent_properties.properties()) {
@@ -1412,23 +1410,16 @@
                   has_staged_prop = true;
                   auto actual_prop_name = prop_name.substr(staged_prefix.size());
                   InitPropertySet(actual_prop_name, prop_value);
-                  if (StartsWith(prop_name, staged_persist_prefix)) {
-                    persist_props_map[actual_prop_name] = prop_value;
-                  }
-                } else if (!persist_props_map.count(prop_name)) {
+                } else {
                   InitPropertySet(prop_name, prop_value);
                 }
             }
 
             // Update persist prop file if there are staged props
             if (has_staged_prop) {
-                PersistentProperties updated_persist_props;
-                for (auto const& [prop_name, prop_value] : persist_props_map) {
-                    AddPersistentProperty(prop_name, prop_value, &updated_persist_props);
-                }
-
+                PersistentProperties props = LoadPersistentPropertiesFromMemory();
                 // write current updated persist prop file
-                auto result = WritePersistentPropertyFile(updated_persist_props);
+                auto result = WritePersistentPropertyFile(props);
                 if (!result.ok()) {
                     LOG(ERROR) << "Could not store persistent property: " << result.error();
                 }
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 9095b85..1f211dd 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -503,10 +503,6 @@
                         << ") failed";
         }
     }
-
-    if (auto result = WriteFile("/sys/fs/selinux/checkreqprot", "0"); !result.ok()) {
-        LOG(FATAL) << "Unable to write to /sys/fs/selinux/checkreqprot: " << result.error();
-    }
 }
 
 constexpr size_t kKlogMessageSize = 1024;
diff --git a/libvndksupport/linker.cpp b/libvndksupport/linker.cpp
index ad4fb31..b2b257e 100644
--- a/libvndksupport/linker.cpp
+++ b/libvndksupport/linker.cpp
@@ -75,7 +75,7 @@
         }
         return handle;
     } else {
-        ALOGD("Loading %s from current namespace instead of sphal namespace.", name);
+        ALOGW("Loading %s from current namespace instead of sphal namespace.", name);
         return dlopen(name, flag);
     }
 }
diff --git a/trusty/keymaster/fuzz/Android.bp b/trusty/keymaster/fuzz/Android.bp
index 5f24bc6..b10f727 100644
--- a/trusty/keymaster/fuzz/Android.bp
+++ b/trusty/keymaster/fuzz/Android.bp
@@ -26,7 +26,9 @@
         "-DTRUSTY_APP_FILENAME=\"keymaster.syms.elf\"",
     ],
     fuzz_config: {
-       cc: ["trong@google.com"],
+       cc: ["trong@google.com", "drysdale@google.com"],
+       componentid: 1084733,
+       hotlists: ["4271696"],
     },
 
     // The initial corpus for this fuzzer was derived by dumping messages from
diff --git a/trusty/keymint/fuzz/Android.bp b/trusty/keymint/fuzz/Android.bp
new file mode 100644
index 0000000..de73db7
--- /dev/null
+++ b/trusty/keymint/fuzz/Android.bp
@@ -0,0 +1,37 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_fuzz {
+    name: "trusty_keymint_fuzzer",
+    defaults: ["trusty_fuzzer_defaults"],
+    srcs: [":trusty_tipc_fuzzer"],
+    cflags: [
+        "-DTRUSTY_APP_PORT=\"com.android.trusty.keymint\"",
+        "-DTRUSTY_APP_UUID=\"5f902ace-5e5c-4cd8-ae54-87b88c22ddaf\"",
+        "-DTRUSTY_APP_FILENAME=\"keymint_app.syms.elf\"",
+    ],
+    fuzz_config: {
+       cc: ["drysdale@google.com"],
+       componentid: 1084733,
+       hotlists: ["4271696"],
+    },
+
+    // The initial corpus for this fuzzer was derived by dumping messages from
+    // the HAL service while running the VTS tests for KeyMint.
+    corpus: ["corpus/*"],
+}
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0
new file mode 100644
index 0000000..18fce25
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0
@@ -0,0 +1 @@
+‚€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0
new file mode 100644
index 0000000..906f640
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0
@@ -0,0 +1 @@
+‚@
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0
new file mode 100644
index 0000000..d629eaa
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0
@@ -0,0 +1 @@
+‚Cfoo
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0
new file mode 100644
index 0000000..3aa32ab
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0
@@ -0,0 +1 @@
+‚X@TÄd𙽛£%r³õ«ã1:áézœ¹ð7êXØÿ$éÓûõv`ô4‡¨ÂÝrc«ØJ!Rq¯»3?ZD
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1
new file mode 100644
index 0000000..1937534
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1
@@ -0,0 +1,2 @@
+‚X@–vŠE)Y¼0j›Iꄻ: Š<q*÷Ö㺧
+#ï}øê“4CT$dñ¬ô"‚£YOƒÇ¨SÖò­;	eP´
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0
new file mode 100644
index 0000000..0490f22
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1
new file mode 100644
index 0000000..ea95a46
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2
new file mode 100644
index 0000000..ffe61a4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3
new file mode 100644
index 0000000..1e27673
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0
new file mode 100644
index 0000000..8ab6a9b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1
new file mode 100644
index 0000000..dfac273
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2
new file mode 100644
index 0000000..3f0d405
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3
new file mode 100644
index 0000000..aef020a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0
new file mode 100644
index 0000000..1036580
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1
new file mode 100644
index 0000000..b0ead45
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2
new file mode 100644
index 0000000..8375478
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3
new file mode 100644
index 0000000..32224ee
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0
new file mode 100644
index 0000000..0d3285a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1
new file mode 100644
index 0000000..73a0a5b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2
new file mode 100644
index 0000000..135ba17
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3
new file mode 100644
index 0000000..827854e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0
new file mode 100644
index 0000000..668b59c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1
new file mode 100644
index 0000000..e20dcdb
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2
new file mode 100644
index 0000000..b23c619
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3
new file mode 100644
index 0000000..0a51e01
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0
new file mode 100644
index 0000000..be73ca3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1
new file mode 100644
index 0000000..625ce23
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2
new file mode 100644
index 0000000..5ae5b06
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3
new file mode 100644
index 0000000..665818c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0
new file mode 100644
index 0000000..021de9d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1
new file mode 100644
index 0000000..85394c2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2
new file mode 100644
index 0000000..1c07c9f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3
new file mode 100644
index 0000000..03094b3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0
new file mode 100644
index 0000000..3fda800
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1
new file mode 100644
index 0000000..9bedcf6
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2
new file mode 100644
index 0000000..49f8faf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3
new file mode 100644
index 0000000..38f360c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0
new file mode 100644
index 0000000..16388b3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1
new file mode 100644
index 0000000..5238d4a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2
new file mode 100644
index 0000000..ce98ac3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3
new file mode 100644
index 0000000..b0bdc3e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0
new file mode 100644
index 0000000..58cfa24
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1
new file mode 100644
index 0000000..ffe3bb3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2
new file mode 100644
index 0000000..93f7d1c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3
new file mode 100644
index 0000000..ad6744f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0
new file mode 100644
index 0000000..ce8515f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1
new file mode 100644
index 0000000..dd1d192
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2
new file mode 100644
index 0000000..c82d9a1
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3
new file mode 100644
index 0000000..93246f8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0
new file mode 100644
index 0000000..8865ca7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1
new file mode 100644
index 0000000..36369f7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0
new file mode 100644
index 0000000..ffcffbf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0
new file mode 100644
index 0000000..3741bdf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1
new file mode 100644
index 0000000..74f74cd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2
new file mode 100644
index 0000000..0ed4888
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3
new file mode 100644
index 0000000..e933e1c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0
new file mode 100644
index 0000000..88c2106
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1
new file mode 100644
index 0000000..004c63a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2
new file mode 100644
index 0000000..939c477
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3
new file mode 100644
index 0000000..2a7a322
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0
new file mode 100644
index 0000000..4d4ed45
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1
new file mode 100644
index 0000000..5a5d90d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2
new file mode 100644
index 0000000..d966664
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3
new file mode 100644
index 0000000..746a2df
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0
new file mode 100644
index 0000000..fbde04e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1
new file mode 100644
index 0000000..a8ec9fe
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2
new file mode 100644
index 0000000..e00aa32
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3
new file mode 100644
index 0000000..1c414e4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0
new file mode 100644
index 0000000..6ce48a5
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1
new file mode 100644
index 0000000..623ba78
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2
new file mode 100644
index 0000000..3e1a756
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3
new file mode 100644
index 0000000..9fda99a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0
new file mode 100644
index 0000000..9d8c18f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1
new file mode 100644
index 0000000..c88132a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2
new file mode 100644
index 0000000..8b735f4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3
new file mode 100644
index 0000000..33148a1
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0
new file mode 100644
index 0000000..a43a7fc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0
new file mode 100644
index 0000000..66898a7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1
new file mode 100644
index 0000000..9c2b989
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2
new file mode 100644
index 0000000..8b2a6dd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3
new file mode 100644
index 0000000..60bb113
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0
new file mode 100644
index 0000000..e68e281
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0
@@ -0,0 +1 @@
+‚‚X4just some garbage data which is not a valid key blob‚‚:oÿý¦Hclientid‚:oÿýCGappdata
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1
new file mode 100644
index 0000000..6b94220
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0
new file mode 100644
index 0000000..8c41bfd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1
new file mode 100644
index 0000000..69305d2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2
new file mode 100644
index 0000000..c09cc84
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3
new file mode 100644
index 0000000..63d07cb
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0
new file mode 100644
index 0000000..5d7d27a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1
new file mode 100644
index 0000000..79515cc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2
new file mode 100644
index 0000000..c5f577c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3
new file mode 100644
index 0000000..c93b24c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0
new file mode 100644
index 0000000..cf90447
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1
new file mode 100644
index 0000000..02233d7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2
new file mode 100644
index 0000000..f39c953
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3
new file mode 100644
index 0000000..438b2be
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0
new file mode 100644
index 0000000..3f81237
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1
new file mode 100644
index 0000000..3fad357
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2
new file mode 100644
index 0000000..5967cad
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3
new file mode 100644
index 0000000..705537b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0
new file mode 100644
index 0000000..204f7a8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0
@@ -0,0 +1 @@
+‚1„?TöÖÉDFfoobar€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1
new file mode 100644
index 0000000..239a31b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1
@@ -0,0 +1 @@
+‚1„;OiìÁÈ^Æ'Ffoobar€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2
new file mode 100644
index 0000000..88586f0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2
@@ -0,0 +1 @@
+‚1„Y—é͑.  Ffoobar€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3
new file mode 100644
index 0000000..06fb12a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3
@@ -0,0 +1 @@
+‚1„úbxA›N`Ffoobar€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0
new file mode 100644
index 0000000..9f819e8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0
@@ -0,0 +1 @@
+‚2„;*Æõ–(ÚÐ÷Yøaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1
new file mode 100644
index 0000000..305a056
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2
new file mode 100644
index 0000000..509b24b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2
@@ -0,0 +1 @@
+‚2„_ÛÈK5]rY÷aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3
new file mode 100644
index 0000000..75d713d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3
@@ -0,0 +1,2 @@
+‚2„;
+™E=¤®”þYùaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0
new file mode 100644
index 0000000..b96374f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1
new file mode 100644
index 0000000..e07515e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1
@@ -0,0 +1 @@
+‚3†Á6Ø.[‹LHello World!@€€€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2
new file mode 100644
index 0000000..fb70126
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3
new file mode 100644
index 0000000..2ec8700
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0
new file mode 100644
index 0000000..7f4913f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0
@@ -0,0 +1 @@
+‚4;zÁ«ʖ”ñ
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1
new file mode 100644
index 0000000..9a89501
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1
@@ -0,0 +1 @@
+‚4߆Â÷™6
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2
new file mode 100644
index 0000000..219dbb2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3
new file mode 100644
index 0000000..f3875ac
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3
@@ -0,0 +1 @@
+‚4 訢%˜Ÿ
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0
new file mode 100644
index 0000000..a0a6c55
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0
@@ -0,0 +1 @@
+‚A€
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0
new file mode 100644
index 0000000..775bb4b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0
@@ -0,0 +1 @@
+‚Bô
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0
new file mode 100644
index 0000000..8900169
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0
new file mode 100644
index 0000000..1d6adc0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0
new file mode 100644
index 0000000..05965d9
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0
new file mode 100644
index 0000000..00d3a67
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0
new file mode 100644
index 0000000..608e178
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0
new file mode 100644
index 0000000..2b4acb2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0
new file mode 100644
index 0000000..2cfcec8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0
new file mode 100644
index 0000000..7beac8c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0
new file mode 100644
index 0000000..57302ad
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0
new file mode 100644
index 0000000..4ecce85
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0
new file mode 100644
index 0000000..3d4a9d3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1
new file mode 100644
index 0000000..9a6182a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2
new file mode 100644
index 0000000..3375a2e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3
new file mode 100644
index 0000000..41359da
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0
new file mode 100644
index 0000000..0ebe5ae
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0
new file mode 100644
index 0000000..a797c20
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0
new file mode 100644
index 0000000..3691795
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0
new file mode 100644
index 0000000..dd5cbf3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0
new file mode 100644
index 0000000..4b79060
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0
new file mode 100644
index 0000000..e7eab4c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0
new file mode 100644
index 0000000..0072b55
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0
new file mode 100644
index 0000000..9a60d67
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0
new file mode 100644
index 0000000..88cba54
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0
new file mode 100644
index 0000000..deeb51f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0
new file mode 100644
index 0000000..15f1535
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0
new file mode 100644
index 0000000..291df50
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0
new file mode 100644
index 0000000..75cefc8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0
new file mode 100644
index 0000000..ce61cd9
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0
new file mode 100644
index 0000000..9aa2664
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0
new file mode 100644
index 0000000..151c1f4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0
new file mode 100644
index 0000000..0356eee
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0
new file mode 100644
index 0000000..26ea013
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0
new file mode 100644
index 0000000..c2ca980
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0
new file mode 100644
index 0000000..1d8f61e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0
new file mode 100644
index 0000000..98dd9b0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0
new file mode 100644
index 0000000..da79a71
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0
new file mode 100644
index 0000000..101d1be
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0
new file mode 100644
index 0000000..9297110
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0
new file mode 100644
index 0000000..4cfc804
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0
new file mode 100644
index 0000000..6fbc978
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0
new file mode 100644
index 0000000..4f73211
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0
new file mode 100644
index 0000000..eb9bc2a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0
new file mode 100644
index 0000000..8f40430
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0
new file mode 100644
index 0000000..242516e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0
new file mode 100644
index 0000000..72f2930
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0
new file mode 100644
index 0000000..7cb67c3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0
new file mode 100644
index 0000000..25251cc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0
new file mode 100644
index 0000000..42e4206
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0
new file mode 100644
index 0000000..b5ffa78
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0
new file mode 100644
index 0000000..c5f085b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0
new file mode 100644
index 0000000..598a377
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1
new file mode 100644
index 0000000..37f4af5
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2
new file mode 100644
index 0000000..5568f4b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3
new file mode 100644
index 0000000..34a5f23
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3
Binary files differ