2025/09/09 23:46:55 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/09 23:46:55 binaries are different, continuing fuzzing 2025/09/09 23:46:55 adding modified_functions to focus areas: ["__vfio_pci_intx_unmask" "vfio_pci_set_intx_trigger"] 2025/09/09 23:46:55 adding directly modified files to focus areas: ["drivers/vfio/pci/vfio_pci_intrs.c"] 2025/09/09 23:46:56 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/09 23:47:54 runner 4 connected 2025/09/09 23:47:54 runner 2 connected 2025/09/09 23:47:54 runner 1 connected 2025/09/09 23:47:54 runner 0 connected 2025/09/09 23:47:54 runner 2 connected 2025/09/09 23:47:54 runner 5 connected 2025/09/09 23:47:54 runner 3 connected 2025/09/09 23:47:54 runner 7 connected 2025/09/09 23:47:55 runner 1 connected 2025/09/09 23:47:55 runner 6 connected 2025/09/09 23:47:55 runner 9 connected 2025/09/09 23:47:55 runner 8 connected 2025/09/09 23:47:55 runner 3 connected 2025/09/09 23:47:55 runner 0 connected 2025/09/09 23:48:00 executor cover filter: 0 PCs 2025/09/09 23:48:00 initializing coverage information... 2025/09/09 23:48:02 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/09 23:48:02 base: machine check complete 2025/09/09 23:48:05 discovered 7699 source files, 338653 symbols 2025/09/09 23:48:05 coverage filter: __vfio_pci_intx_unmask: [__vfio_pci_intx_unmask] 2025/09/09 23:48:05 coverage filter: vfio_pci_set_intx_trigger: [vfio_pci_set_intx_trigger] 2025/09/09 23:48:05 coverage filter: drivers/vfio/pci/vfio_pci_intrs.c: [drivers/vfio/pci/vfio_pci_intrs.c] 2025/09/09 23:48:05 area "symbols": 75 PCs in the cover filter 2025/09/09 23:48:05 area "files": 304 PCs in the cover filter 2025/09/09 23:48:05 area "": 0 PCs in the cover filter 2025/09/09 23:48:05 executor cover filter: 0 PCs 2025/09/09 23:48:06 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/09 23:48:06 new: machine check complete 2025/09/09 23:48:09 new: adding 2275 seeds 2025/09/09 23:48:27 triaged 98.8% of the corpus 2025/09/09 23:48:27 starting bug reproductions 2025/09/09 23:48:27 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/09 23:48:57 triaged 100.0% of the corpus 2025/09/09 23:51:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 754, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9924, "distributor delayed": 385, "distributor undelayed": 385, "distributor violated": 0, "exec candidate": 2275, "exec collide": 4687, "exec fuzz": 8958, "exec gen": 500, "exec hints": 1452, "exec inject": 0, "exec minimize": 9593, "exec retries": 0, "exec seeds": 2129, "exec smash": 10293, "exec total [base]": 21378, "exec total [new]": 48701, "exec triage": 2046, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 824, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 156, "max signal": 10331, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5087, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 871, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 245, "reproducing": 0, "rpc recv": 1561727716, "rpc sent": 78060240, "signal": 9499, "smash jobs": 655, "triage jobs": 13, "vm output": 243847, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/09 23:56:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1048, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 12134, "distributor delayed": 544, "distributor undelayed": 544, "distributor violated": 0, "exec candidate": 2275, "exec collide": 10207, "exec fuzz": 19046, "exec gen": 1026, "exec hints": 3913, "exec inject": 0, "exec minimize": 14420, "exec retries": 0, "exec seeds": 3081, "exec smash": 23014, "exec total [base]": 36423, "exec total [new]": 86581, "exec triage": 2832, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 392, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 94, "max signal": 12576, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7320, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1212, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 244, "reproducing": 0, "rpc recv": 2823473312, "rpc sent": 167359552, "signal": 11621, "smash jobs": 288, "triage jobs": 10, "vm output": 408708, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 00:01:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 59, "corpus": 1253, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 31, "coverage": 12747, "distributor delayed": 630, "distributor undelayed": 630, "distributor violated": 0, "exec candidate": 2275, "exec collide": 16308, "exec fuzz": 30399, "exec gen": 1607, "exec hints": 7124, "exec inject": 0, "exec minimize": 17933, "exec retries": 0, "exec seeds": 3760, "exec smash": 31183, "exec total [base]": 50015, "exec total [new]": 120696, "exec triage": 3335, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13224, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8953, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1432, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 401, "reproducing": 0, "rpc recv": 3992567260, "rpc sent": 254530568, "signal": 12191, "smash jobs": 12, "triage jobs": 1, "vm output": 576848, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 00:06:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1351, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 49, "coverage": 13098, "distributor delayed": 670, "distributor undelayed": 670, "distributor violated": 0, "exec candidate": 2275, "exec collide": 24460, "exec fuzz": 46384, "exec gen": 2427, "exec hints": 8911, "exec inject": 0, "exec minimize": 19723, "exec retries": 0, "exec seeds": 4059, "exec smash": 33799, "exec total [base]": 62606, "exec total [new]": 152405, "exec triage": 3598, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13676, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9835, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1548, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 4894722476, "rpc sent": 344913120, "signal": 12520, "smash jobs": 2, "triage jobs": 5, "vm output": 809710, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 00:11:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 78, "corpus": 1434, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 70, "coverage": 13431, "distributor delayed": 697, "distributor undelayed": 697, "distributor violated": 0, "exec candidate": 2275, "exec collide": 33053, "exec fuzz": 62598, "exec gen": 3290, "exec hints": 9928, "exec inject": 0, "exec minimize": 21104, "exec retries": 0, "exec seeds": 4308, "exec smash": 35844, "exec total [base]": 74681, "exec total [new]": 182970, "exec triage": 3802, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13911, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10501, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1637, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 336, "reproducing": 0, "rpc recv": 5724588008, "rpc sent": 436482168, "signal": 12809, "smash jobs": 5, "triage jobs": 1, "vm output": 1018480, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 00:16:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 81, "corpus": 1499, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 78, "coverage": 13599, "distributor delayed": 735, "distributor undelayed": 735, "distributor violated": 0, "exec candidate": 2275, "exec collide": 41718, "exec fuzz": 79134, "exec gen": 4174, "exec hints": 10395, "exec inject": 0, "exec minimize": 22319, "exec retries": 0, "exec seeds": 4503, "exec smash": 37503, "exec total [base]": 86343, "exec total [new]": 212793, "exec triage": 4003, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14130, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11107, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1720, "no exec duration": 21015000000, "no exec requests": 24, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 6531741884, "rpc sent": 526343864, "signal": 13004, "smash jobs": 1, "triage jobs": 3, "vm output": 1217139, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 00:18:57 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/10 00:18:58 syz-diff (base): kernel context loop terminated 2025/09/10 00:18:58 syz-diff (new): kernel context loop terminated 2025/09/10 00:18:58 diff fuzzing terminated 2025/09/10 00:18:58 status reporting terminated 2025/09/10 00:18:58 bug reporting terminated 2025/09/10 00:18:58 fuzzing is finished 2025/09/10 00:18:58 status at the end: Title On-Base On-Patched