2025/09/23 18:28:01 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/23 18:28:02 binaries are different, continuing fuzzing 2025/09/23 18:28:02 adding modified_functions to focus areas: ["__vfio_pci_intx_unmask" "vfio_pci_set_intx_trigger"] 2025/09/23 18:28:02 adding directly modified files to focus areas: ["drivers/vfio/pci/vfio_pci_intrs.c"] 2025/09/23 18:28:03 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/23 18:29:00 runner 1 connected 2025/09/23 18:29:01 runner 2 connected 2025/09/23 18:29:01 runner 1 connected 2025/09/23 18:29:01 runner 3 connected 2025/09/23 18:29:01 runner 4 connected 2025/09/23 18:29:01 runner 6 connected 2025/09/23 18:29:01 runner 0 connected 2025/09/23 18:29:01 runner 0 connected 2025/09/23 18:29:01 runner 2 connected 2025/09/23 18:29:01 runner 9 connected 2025/09/23 18:29:01 runner 5 connected 2025/09/23 18:29:01 runner 3 connected 2025/09/23 18:29:01 runner 7 connected 2025/09/23 18:29:02 runner 8 connected 2025/09/23 18:29:08 initializing coverage information... 2025/09/23 18:29:08 executor cover filter: 0 PCs 2025/09/23 18:29:10 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/23 18:29:10 base: machine check complete 2025/09/23 18:29:13 discovered 7699 source files, 338653 symbols 2025/09/23 18:29:13 coverage filter: __vfio_pci_intx_unmask: [__vfio_pci_intx_unmask] 2025/09/23 18:29:13 coverage filter: vfio_pci_set_intx_trigger: [vfio_pci_set_intx_trigger] 2025/09/23 18:29:13 coverage filter: drivers/vfio/pci/vfio_pci_intrs.c: [drivers/vfio/pci/vfio_pci_intrs.c] 2025/09/23 18:29:13 area "symbols": 77 PCs in the cover filter 2025/09/23 18:29:13 area "files": 306 PCs in the cover filter 2025/09/23 18:29:13 area "": 0 PCs in the cover filter 2025/09/23 18:29:13 executor cover filter: 0 PCs 2025/09/23 18:29:14 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/23 18:29:14 new: machine check complete 2025/09/23 18:29:17 new: adding 2385 seeds 2025/09/23 18:29:34 triaged 97.1% of the corpus 2025/09/23 18:29:34 starting bug reproductions 2025/09/23 18:29:34 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/23 18:30:04 triaged 100.0% of the corpus 2025/09/23 18:33:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 768, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10372, "distributor delayed": 430, "distributor undelayed": 430, "distributor violated": 0, "exec candidate": 2385, "exec collide": 4531, "exec fuzz": 8636, "exec gen": 467, "exec hints": 1447, "exec inject": 0, "exec minimize": 10625, "exec retries": 0, "exec seeds": 2152, "exec smash": 9785, "exec total [base]": 22024, "exec total [new]": 49193, "exec triage": 2075, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 852, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 171, "max signal": 10828, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5733, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 875, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 196, "reproducing": 0, "rpc recv": 1548702644, "rpc sent": 80638288, "signal": 10009, "smash jobs": 667, "triage jobs": 14, "vm output": 273197, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 18:38:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 14, "corpus": 1050, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11967, "distributor delayed": 547, "distributor undelayed": 547, "distributor violated": 0, "exec candidate": 2385, "exec collide": 10077, "exec fuzz": 19121, "exec gen": 1034, "exec hints": 3882, "exec inject": 0, "exec minimize": 14955, "exec retries": 0, "exec seeds": 3098, "exec smash": 23001, "exec total [base]": 37538, "exec total [new]": 87418, "exec triage": 2774, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 429, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 103, "max signal": 12388, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7718, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1188, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 380, "reproducing": 0, "rpc recv": 2763549568, "rpc sent": 172797664, "signal": 11508, "smash jobs": 319, "triage jobs": 7, "vm output": 637409, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 18:43:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 31, "corpus": 1256, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12616, "distributor delayed": 643, "distributor undelayed": 643, "distributor violated": 0, "exec candidate": 2385, "exec collide": 16128, "exec fuzz": 30693, "exec gen": 1644, "exec hints": 7671, "exec inject": 0, "exec minimize": 17902, "exec retries": 0, "exec seeds": 3768, "exec smash": 31229, "exec total [base]": 51280, "exec total [new]": 121865, "exec triage": 3355, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13085, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9054, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1435, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 3826639572, "rpc sent": 252798488, "signal": 12136, "smash jobs": 17, "triage jobs": 6, "vm output": 1019805, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 18:48:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 39, "corpus": 1345, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12918, "distributor delayed": 691, "distributor undelayed": 691, "distributor violated": 0, "exec candidate": 2385, "exec collide": 24493, "exec fuzz": 46440, "exec gen": 2527, "exec hints": 9092, "exec inject": 0, "exec minimize": 19450, "exec retries": 0, "exec seeds": 4032, "exec smash": 33591, "exec total [base]": 63646, "exec total [new]": 152741, "exec triage": 3638, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13450, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9766, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1554, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 280, "reproducing": 0, "rpc recv": 4693844888, "rpc sent": 334591896, "signal": 12406, "smash jobs": 4, "triage jobs": 9, "vm output": 1362243, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 18:53:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1433, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13184, "distributor delayed": 727, "distributor undelayed": 727, "distributor violated": 0, "exec candidate": 2385, "exec collide": 32705, "exec fuzz": 62368, "exec gen": 3356, "exec hints": 10059, "exec inject": 0, "exec minimize": 20736, "exec retries": 0, "exec seeds": 4304, "exec smash": 35851, "exec total [base]": 75592, "exec total [new]": 182728, "exec triage": 3870, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13779, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10349, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1652, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 381, "reproducing": 0, "rpc recv": 5514602488, "rpc sent": 415649112, "signal": 12658, "smash jobs": 1, "triage jobs": 5, "vm output": 1676044, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 18:58:04 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1540, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 45, "coverage": 13511, "distributor delayed": 785, "distributor undelayed": 785, "distributor violated": 0, "exec candidate": 2385, "exec collide": 40400, "exec fuzz": 77025, "exec gen": 4137, "exec hints": 10541, "exec inject": 0, "exec minimize": 22454, "exec retries": 0, "exec seeds": 4628, "exec smash": 38422, "exec total [base]": 86867, "exec total [new]": 211237, "exec triage": 4151, "executor restarts [base]": 33, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14129, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11111, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1774, "no exec duration": 24061000000, "no exec requests": 36, "pending": 0, "prog exec time": 313, "reproducing": 0, "rpc recv": 6389772668, "rpc sent": 495320960, "signal": 12960, "smash jobs": 13, "triage jobs": 4, "vm output": 1956224, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 19:00:04 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/23 19:00:05 syz-diff (base): kernel context loop terminated 2025/09/23 19:00:05 syz-diff (new): kernel context loop terminated 2025/09/23 19:00:05 diff fuzzing terminated 2025/09/23 19:00:05 bug reporting terminated 2025/09/23 19:00:05 status reporting terminated 2025/09/23 19:00:05 fuzzing is finished 2025/09/23 19:00:05 status at the end: Title On-Base On-Patched