2025/12/11 19:40:07 extracted 322796 text symbol hashes for base and 322796 for patched 2025/12/11 19:40:07 binaries are different, continuing fuzzing 2025/12/11 19:40:07 adding modified_functions to focus areas: ["adl_get_event_constraints" "adl_hw_config" "arl_h_get_event_constraints" "arl_h_hw_config" "cmt_get_event_constraints" "core_pmu_enable_all" "core_pmu_hw_config" "glc_get_event_constraints" "glp_get_event_constraints" "hsw_get_event_constraints" "hsw_hw_config" "icl_get_event_constraints" "icl_update_topdown_event" "intel_get_event_constraints" "intel_pmu_check_period" "intel_pmu_cpu_starting" "intel_pmu_disable_event" "intel_pmu_enable_all" "intel_pmu_enable_event" "intel_pmu_handle_irq" "intel_pmu_hw_config" "intel_pmu_nhm_enable_all" "intel_pmu_read_event" "intel_pmu_snapshot_arch_branch_stack" "intel_pmu_snapshot_branch_stack" "intel_tfa_pmu_enable_all" "mtl_get_event_constraints" "tfa_get_event_constraints" "tnt_get_event_constraints"] 2025/12/11 19:40:07 adding directly modified files to focus areas: ["arch/x86/events/perf_event.h"] 2025/12/11 19:40:07 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/12/11 19:41:07 runner 8 connected 2025/12/11 19:41:08 runner 2 connected 2025/12/11 19:41:08 runner 0 connected 2025/12/11 19:41:14 runner 3 connected 2025/12/11 19:41:14 initializing coverage information... 2025/12/11 19:41:14 runner 1 connected 2025/12/11 19:41:14 runner 0 connected 2025/12/11 19:41:15 runner 6 connected 2025/12/11 19:41:15 executor cover filter: 0 PCs 2025/12/11 19:41:15 runner 4 connected 2025/12/11 19:41:15 runner 7 connected 2025/12/11 19:41:15 runner 1 connected 2025/12/11 19:41:16 runner 5 connected 2025/12/11 19:41:16 runner 2 connected 2025/12/11 19:41:18 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/11 19:41:18 base: machine check complete 2025/12/11 19:41:20 discovered 7609 source files, 333750 symbols 2025/12/11 19:41:20 coverage filter: adl_get_event_constraints: [adl_get_event_constraints] 2025/12/11 19:41:20 coverage filter: adl_hw_config: [adl_hw_config] 2025/12/11 19:41:20 coverage filter: arl_h_get_event_constraints: [arl_h_get_event_constraints] 2025/12/11 19:41:20 coverage filter: arl_h_hw_config: [arl_h_hw_config] 2025/12/11 19:41:20 coverage filter: cmt_get_event_constraints: [cmt_get_event_constraints] 2025/12/11 19:41:20 coverage filter: core_pmu_enable_all: [core_pmu_enable_all] 2025/12/11 19:41:20 coverage filter: core_pmu_hw_config: [core_pmu_hw_config] 2025/12/11 19:41:20 coverage filter: glc_get_event_constraints: [glc_get_event_constraints] 2025/12/11 19:41:20 coverage filter: glp_get_event_constraints: [glp_get_event_constraints] 2025/12/11 19:41:20 coverage filter: hsw_get_event_constraints: [hsw_get_event_constraints] 2025/12/11 19:41:20 coverage filter: hsw_hw_config: [hsw_hw_config] 2025/12/11 19:41:20 coverage filter: icl_get_event_constraints: [icl_get_event_constraints] 2025/12/11 19:41:20 coverage filter: icl_update_topdown_event: [icl_update_topdown_event] 2025/12/11 19:41:20 coverage filter: intel_get_event_constraints: [intel_get_event_constraints] 2025/12/11 19:41:20 coverage filter: intel_pmu_check_period: [intel_pmu_check_period] 2025/12/11 19:41:20 coverage filter: intel_pmu_cpu_starting: [intel_pmu_cpu_starting] 2025/12/11 19:41:20 coverage filter: intel_pmu_disable_event: [intel_pmu_disable_event] 2025/12/11 19:41:20 coverage filter: intel_pmu_enable_all: [__intel_pmu_enable_all intel_pmu_enable_all] 2025/12/11 19:41:20 coverage filter: intel_pmu_enable_event: [intel_pmu_enable_event] 2025/12/11 19:41:20 coverage filter: intel_pmu_handle_irq: [intel_pmu_handle_irq] 2025/12/11 19:41:20 coverage filter: intel_pmu_hw_config: [intel_pmu_hw_config] 2025/12/11 19:41:20 coverage filter: intel_pmu_nhm_enable_all: [intel_pmu_nhm_enable_all] 2025/12/11 19:41:20 coverage filter: intel_pmu_read_event: [intel_pmu_read_event] 2025/12/11 19:41:20 coverage filter: intel_pmu_snapshot_arch_branch_stack: [intel_pmu_snapshot_arch_branch_stack] 2025/12/11 19:41:20 coverage filter: intel_pmu_snapshot_branch_stack: [__intel_pmu_snapshot_branch_stack intel_pmu_snapshot_branch_stack] 2025/12/11 19:41:20 coverage filter: intel_tfa_pmu_enable_all: [intel_tfa_pmu_enable_all] 2025/12/11 19:41:20 coverage filter: mtl_get_event_constraints: [mtl_get_event_constraints] 2025/12/11 19:41:20 coverage filter: tfa_get_event_constraints: [tfa_get_event_constraints] 2025/12/11 19:41:20 coverage filter: tnt_get_event_constraints: [tnt_get_event_constraints] 2025/12/11 19:41:20 coverage filter: arch/x86/events/perf_event.h: [] 2025/12/11 19:41:20 area "symbols": 1290 PCs in the cover filter 2025/12/11 19:41:20 area "files": 0 PCs in the cover filter 2025/12/11 19:41:20 area "": 0 PCs in the cover filter 2025/12/11 19:41:20 executor cover filter: 0 PCs 2025/12/11 19:41:22 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/11 19:41:22 new: machine check complete 2025/12/11 19:41:27 new: adding 2420 seeds 2025/12/11 19:41:41 triaged 97.0% of the corpus 2025/12/11 19:41:41 starting bug reproductions 2025/12/11 19:41:41 starting bug reproductions (max 6 VMs, 4 repros) 2025/12/11 19:42:11 triaged 100.0% of the corpus 2025/12/11 19:45:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 696, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 8, "coverage": 9162, "distributor delayed": 442, "distributor undelayed": 442, "distributor violated": 0, "exec candidate": 2420, "exec collide": 3964, "exec fuzz": 7516, "exec gen": 393, "exec hints": 1167, "exec inject": 0, "exec minimize": 8941, "exec retries": 0, "exec seeds": 1960, "exec smash": 8537, "exec total [base]": 16243, "exec total [new]": 44033, "exec triage": 1938, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 755, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 125, "max signal": 9544, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4825, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 811, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 183, "reproducing": 0, "rpc recv": 1168130656, "rpc sent": 58264224, "signal": 8653, "smash jobs": 624, "triage jobs": 6, "vm output": 217888, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 19:50:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 31, "corpus": 983, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 94, "coverage": 11999, "distributor delayed": 584, "distributor undelayed": 584, "distributor violated": 0, "exec candidate": 2420, "exec collide": 8979, "exec fuzz": 16946, "exec gen": 898, "exec hints": 3364, "exec inject": 0, "exec minimize": 13574, "exec retries": 0, "exec seeds": 2851, "exec smash": 20393, "exec total [base]": 28098, "exec total [new]": 79318, "exec triage": 2699, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 455, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 135, "max signal": 12435, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6968, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1148, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 263, "reproducing": 0, "rpc recv": 2077736096, "rpc sent": 133108952, "signal": 11504, "smash jobs": 312, "triage jobs": 8, "vm output": 355769, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 19:55:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1163, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 240, "coverage": 12996, "distributor delayed": 697, "distributor undelayed": 697, "distributor violated": 0, "exec candidate": 2420, "exec collide": 12879, "exec fuzz": 24248, "exec gen": 1261, "exec hints": 6411, "exec inject": 0, "exec minimize": 17146, "exec retries": 0, "exec seeds": 3456, "exec smash": 28298, "exec total [base]": 37237, "exec total [new]": 106594, "exec triage": 3278, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 109, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 29, "max signal": 13508, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8566, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1390, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 2976778348, "rpc sent": 196934952, "signal": 12418, "smash jobs": 62, "triage jobs": 18, "vm output": 509921, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 20:00:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1300, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 451, "coverage": 13447, "distributor delayed": 767, "distributor undelayed": 767, "distributor violated": 0, "exec candidate": 2420, "exec collide": 18429, "exec fuzz": 34556, "exec gen": 1850, "exec hints": 7944, "exec inject": 0, "exec minimize": 19549, "exec retries": 0, "exec seeds": 3874, "exec smash": 32143, "exec total [base]": 45665, "exec total [new]": 131608, "exec triage": 3646, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13964, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9712, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1546, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 3726959612, "rpc sent": 260979256, "signal": 12850, "smash jobs": 13, "triage jobs": 8, "vm output": 655260, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 20:05:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 80, "corpus": 1382, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 650, "coverage": 13665, "distributor delayed": 802, "distributor undelayed": 802, "distributor violated": 0, "exec candidate": 2420, "exec collide": 24733, "exec fuzz": 46334, "exec gen": 2523, "exec hints": 8353, "exec inject": 0, "exec minimize": 21031, "exec retries": 0, "exec seeds": 4119, "exec smash": 34272, "exec total [base]": 53253, "exec total [new]": 154844, "exec triage": 3862, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14197, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10383, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1639, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 387, "reproducing": 0, "rpc recv": 4330351860, "rpc sent": 327835624, "signal": 13038, "smash jobs": 6, "triage jobs": 4, "vm output": 777115, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 20:10:11 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 94, "corpus": 1448, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 810, "coverage": 13845, "distributor delayed": 845, "distributor undelayed": 845, "distributor violated": 0, "exec candidate": 2420, "exec collide": 30965, "exec fuzz": 58414, "exec gen": 3117, "exec hints": 8533, "exec inject": 0, "exec minimize": 22273, "exec retries": 0, "exec seeds": 4317, "exec smash": 35854, "exec total [base]": 60563, "exec total [new]": 177154, "exec triage": 4064, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14401, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10950, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1724, "no exec duration": 9020000000, "no exec requests": 13, "pending": 0, "prog exec time": 327, "reproducing": 0, "rpc recv": 4935775324, "rpc sent": 394183128, "signal": 13197, "smash jobs": 9, "triage jobs": 6, "vm output": 906550, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/11 20:12:11 fuzzer has not reached the modified code in 30m0s, aborting 2025/12/11 20:12:11 repro loop terminated 2025/12/11 20:12:11 base: rpc server terminaled 2025/12/11 20:12:11 new: rpc server terminaled 2025/12/11 20:12:11 base: pool terminated 2025/12/11 20:12:11 base: kernel context loop terminated 2025/12/11 20:12:11 new: pool terminated 2025/12/11 20:12:11 new: kernel context loop terminated 2025/12/11 20:12:11 diff fuzzing terminated 2025/12/11 20:12:11 bug reporting terminated 2025/12/11 20:12:11 status reporting terminated 2025/12/11 20:12:11 fuzzing is finished 2025/12/11 20:12:11 status at the end: Title On-Base On-Patched