2025/09/20 21:18:36 extracted 327343 text symbol hashes for base and 327343 for patched 2025/09/20 21:18:36 binaries are different, continuing fuzzing 2025/09/20 21:18:36 adding modified_functions to focus areas: ["msi_lib_init_dev_msi_info"] 2025/09/20 21:18:36 adding directly modified files to focus areas: ["arch/riscv/configs/defconfig" "arch/riscv/include/asm/irq.h" "arch/riscv/kvm/Kconfig" "arch/riscv/kvm/aia_imsic.c" "arch/riscv/kvm/mmu.c" "arch/riscv/kvm/vm.c" "drivers/iommu/Kconfig" "drivers/iommu/riscv/Makefile" "drivers/iommu/riscv/iommu-bits.h" "drivers/iommu/riscv/iommu-ir.c" "drivers/iommu/riscv/iommu.c" "drivers/iommu/riscv/iommu.h" "drivers/irqchip/irq-msi-lib.c" "drivers/vfio/Kconfig" "include/linux/irqdomain_defs.h"] 2025/09/20 21:18:37 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/20 21:19:35 runner 1 connected 2025/09/20 21:19:35 runner 0 connected 2025/09/20 21:19:35 runner 3 connected 2025/09/20 21:19:35 runner 0 connected 2025/09/20 21:19:35 runner 9 connected 2025/09/20 21:19:35 runner 4 connected 2025/09/20 21:19:35 runner 2 connected 2025/09/20 21:19:35 runner 7 connected 2025/09/20 21:19:35 runner 1 connected 2025/09/20 21:19:35 runner 3 connected 2025/09/20 21:19:36 runner 5 connected 2025/09/20 21:19:42 runner 6 connected 2025/09/20 21:19:42 executor cover filter: 0 PCs 2025/09/20 21:19:42 initializing coverage information... 2025/09/20 21:19:43 runner 8 connected 2025/09/20 21:19:43 runner 2 connected 2025/09/20 21:19:44 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/20 21:19:44 base: machine check complete 2025/09/20 21:19:48 discovered 7699 source files, 338738 symbols 2025/09/20 21:19:48 coverage filter: msi_lib_init_dev_msi_info: [msi_lib_init_dev_msi_info] 2025/09/20 21:19:48 coverage filter: arch/riscv/configs/defconfig: [] 2025/09/20 21:19:48 coverage filter: arch/riscv/include/asm/irq.h: [] 2025/09/20 21:19:48 coverage filter: arch/riscv/kvm/Kconfig: [] 2025/09/20 21:19:48 coverage filter: arch/riscv/kvm/aia_imsic.c: [] 2025/09/20 21:19:48 coverage filter: arch/riscv/kvm/mmu.c: [] 2025/09/20 21:19:48 coverage filter: arch/riscv/kvm/vm.c: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/Kconfig: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/riscv/Makefile: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/riscv/iommu-bits.h: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/riscv/iommu-ir.c: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/riscv/iommu.c: [] 2025/09/20 21:19:48 coverage filter: drivers/iommu/riscv/iommu.h: [] 2025/09/20 21:19:48 coverage filter: drivers/irqchip/irq-msi-lib.c: [drivers/irqchip/irq-msi-lib.c] 2025/09/20 21:19:48 coverage filter: drivers/vfio/Kconfig: [] 2025/09/20 21:19:48 coverage filter: include/linux/irqdomain_defs.h: [] 2025/09/20 21:19:48 area "symbols": 28 PCs in the cover filter 2025/09/20 21:19:48 area "files": 47 PCs in the cover filter 2025/09/20 21:19:48 area "": 0 PCs in the cover filter 2025/09/20 21:19:48 executor cover filter: 0 PCs 2025/09/20 21:19:49 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/20 21:19:49 new: machine check complete 2025/09/20 21:19:53 new: adding 2368 seeds 2025/09/20 21:20:09 triaged 97.1% of the corpus 2025/09/20 21:20:09 starting bug reproductions 2025/09/20 21:20:09 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/20 21:20:39 triaged 100.0% of the corpus 2025/09/20 21:23:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 716, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9751, "distributor delayed": 388, "distributor undelayed": 388, "distributor violated": 0, "exec candidate": 2368, "exec collide": 4403, "exec fuzz": 8258, "exec gen": 424, "exec hints": 1428, "exec inject": 0, "exec minimize": 9194, "exec retries": 0, "exec seeds": 2000, "exec smash": 9411, "exec total [base]": 20492, "exec total [new]": 46444, "exec triage": 1916, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 796, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 147, "max signal": 10147, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4965, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 814, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 193, "reproducing": 0, "rpc recv": 1386981896, "rpc sent": 75143776, "signal": 9256, "smash jobs": 639, "triage jobs": 10, "vm output": 235673, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:28:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1020, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 16, "coverage": 12081, "distributor delayed": 539, "distributor undelayed": 539, "distributor violated": 0, "exec candidate": 2368, "exec collide": 9732, "exec fuzz": 18395, "exec gen": 941, "exec hints": 4026, "exec inject": 0, "exec minimize": 14132, "exec retries": 0, "exec seeds": 2985, "exec smash": 21804, "exec total [base]": 35658, "exec total [new]": 84115, "exec triage": 2688, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 450, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 131, "max signal": 12439, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7194, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1158, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 246, "reproducing": 0, "rpc recv": 2609120032, "rpc sent": 159895400, "signal": 11586, "smash jobs": 305, "triage jobs": 14, "vm output": 361587, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:33:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1223, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 57, "coverage": 12962, "distributor delayed": 639, "distributor undelayed": 639, "distributor violated": 0, "exec candidate": 2368, "exec collide": 15134, "exec fuzz": 28410, "exec gen": 1490, "exec hints": 7786, "exec inject": 0, "exec minimize": 17618, "exec retries": 0, "exec seeds": 3661, "exec smash": 30389, "exec total [base]": 48843, "exec total [new]": 117158, "exec triage": 3258, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13428, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8822, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1402, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 284, "reproducing": 0, "rpc recv": 3715136756, "rpc sent": 234537424, "signal": 12431, "smash jobs": 11, "triage jobs": 7, "vm output": 502661, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:38:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 68, "corpus": 1347, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 83, "coverage": 13344, "distributor delayed": 703, "distributor undelayed": 703, "distributor violated": 0, "exec candidate": 2368, "exec collide": 22432, "exec fuzz": 41974, "exec gen": 2148, "exec hints": 8472, "exec inject": 0, "exec minimize": 20029, "exec retries": 0, "exec seeds": 4033, "exec smash": 33507, "exec total [base]": 60317, "exec total [new]": 145620, "exec triage": 3613, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13803, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9903, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1549, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 4677117944, "rpc sent": 308128384, "signal": 12764, "smash jobs": 9, "triage jobs": 7, "vm output": 712312, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:43:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1443, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 121, "coverage": 13590, "distributor delayed": 755, "distributor undelayed": 755, "distributor violated": 0, "exec candidate": 2368, "exec collide": 30106, "exec fuzz": 56548, "exec gen": 2932, "exec hints": 8637, "exec inject": 0, "exec minimize": 21472, "exec retries": 0, "exec seeds": 4320, "exec smash": 35947, "exec total [base]": 71201, "exec total [new]": 173269, "exec triage": 3896, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14100, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10575, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1666, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 325, "reproducing": 0, "rpc recv": 5508533640, "rpc sent": 389203576, "signal": 13000, "smash jobs": 5, "triage jobs": 2, "vm output": 937534, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:48:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 77, "corpus": 1509, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 149, "coverage": 13808, "distributor delayed": 784, "distributor undelayed": 784, "distributor violated": 0, "exec candidate": 2368, "exec collide": 38065, "exec fuzz": 71638, "exec gen": 3690, "exec hints": 8883, "exec inject": 0, "exec minimize": 22615, "exec retries": 0, "exec seeds": 4524, "exec smash": 37628, "exec total [base]": 81818, "exec total [new]": 200550, "exec triage": 4094, "executor restarts [base]": 31, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14410, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11118, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1751, "no exec duration": 21000000000, "no exec requests": 21, "pending": 0, "prog exec time": 327, "reproducing": 0, "rpc recv": 6282508588, "rpc sent": 474012392, "signal": 13213, "smash jobs": 4, "triage jobs": 4, "vm output": 1181862, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/20 21:50:39 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/20 21:50:39 syz-diff (new): kernel context loop terminated 2025/09/20 21:50:39 syz-diff (base): kernel context loop terminated 2025/09/20 21:50:39 diff fuzzing terminated 2025/09/20 21:50:39 status reporting terminated 2025/09/20 21:50:39 bug reporting terminated 2025/09/20 21:50:39 fuzzing is finished 2025/09/20 21:50:39 status at the end: Title On-Base On-Patched