2025/09/08 18:26:45 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/08 18:26:45 binaries are different, continuing fuzzing 2025/09/08 18:26:45 adding modified_functions to focus areas: ["vfio_device_fops_unl_ioctl"] 2025/09/08 18:26:45 adding directly modified files to focus areas: ["drivers/vfio/vfio_main.c"] 2025/09/08 18:26:46 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/08 18:27:44 runner 3 connected 2025/09/08 18:27:51 executor cover filter: 0 PCs 2025/09/08 18:27:51 runner 0 connected 2025/09/08 18:27:51 runner 7 connected 2025/09/08 18:27:51 runner 1 connected 2025/09/08 18:27:51 runner 0 connected 2025/09/08 18:27:52 runner 6 connected 2025/09/08 18:27:52 runner 8 connected 2025/09/08 18:27:52 runner 2 connected 2025/09/08 18:27:52 runner 9 connected 2025/09/08 18:27:52 runner 5 connected 2025/09/08 18:27:52 runner 4 connected 2025/09/08 18:27:53 runner 1 connected 2025/09/08 18:27:53 runner 2 connected 2025/09/08 18:27:53 runner 3 connected 2025/09/08 18:27:55 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/08 18:27:55 base: machine check complete 2025/09/08 18:27:59 initializing coverage information... 2025/09/08 18:28:05 discovered 7699 source files, 338653 symbols 2025/09/08 18:28:05 coverage filter: vfio_device_fops_unl_ioctl: [vfio_device_fops_unl_ioctl] 2025/09/08 18:28:05 coverage filter: drivers/vfio/vfio_main.c: [drivers/vfio/vfio_main.c] 2025/09/08 18:28:05 area "symbols": 55 PCs in the cover filter 2025/09/08 18:28:05 area "files": 463 PCs in the cover filter 2025/09/08 18:28:05 area "": 0 PCs in the cover filter 2025/09/08 18:28:05 executor cover filter: 0 PCs 2025/09/08 18:28:07 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/08 18:28:07 new: machine check complete 2025/09/08 18:28:11 new: adding 2265 seeds 2025/09/08 18:28:18 triaged 97.2% of the corpus 2025/09/08 18:28:18 starting bug reproductions 2025/09/08 18:28:18 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/08 18:28:48 triaged 100.0% of the corpus 2025/09/08 18:31:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 694, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9463, "distributor delayed": 369, "distributor undelayed": 369, "distributor violated": 0, "exec candidate": 2265, "exec collide": 3767, "exec fuzz": 7227, "exec gen": 393, "exec hints": 1119, "exec inject": 0, "exec minimize": 9277, "exec retries": 0, "exec seeds": 1928, "exec smash": 8094, "exec total [base]": 19418, "exec total [new]": 42719, "exec triage": 1914, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 763, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 139, "max signal": 9806, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4935, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 808, "no exec duration": 16003000000, "no exec requests": 18, "pending": 0, "prog exec time": 240, "reproducing": 0, "rpc recv": 1432341692, "rpc sent": 66458992, "signal": 9049, "smash jobs": 602, "triage jobs": 22, "vm output": 227162, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:36:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 938, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10920, "distributor delayed": 475, "distributor undelayed": 475, "distributor violated": 0, "exec candidate": 2265, "exec collide": 9186, "exec fuzz": 17617, "exec gen": 918, "exec hints": 3657, "exec inject": 0, "exec minimize": 13584, "exec retries": 0, "exec seeds": 2750, "exec smash": 21073, "exec total [base]": 34498, "exec total [new]": 80293, "exec triage": 2503, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 302, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 85, "max signal": 11231, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7001, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1071, "no exec duration": 16003000000, "no exec requests": 18, "pending": 0, "prog exec time": 232, "reproducing": 0, "rpc recv": 2531571668, "rpc sent": 170656384, "signal": 10434, "smash jobs": 209, "triage jobs": 8, "vm output": 378761, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:41:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 1110, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11788, "distributor delayed": 542, "distributor undelayed": 542, "distributor violated": 0, "exec candidate": 2265, "exec collide": 15222, "exec fuzz": 28940, "exec gen": 1468, "exec hints": 10140, "exec inject": 0, "exec minimize": 17247, "exec retries": 0, "exec seeds": 3303, "exec smash": 27381, "exec total [base]": 48689, "exec total [new]": 115686, "exec triage": 2979, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 31, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 12, "max signal": 12162, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8725, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1277, "no exec duration": 16003000000, "no exec requests": 18, "pending": 0, "prog exec time": 236, "reproducing": 0, "rpc recv": 3612875128, "rpc sent": 261445168, "signal": 11243, "smash jobs": 12, "triage jobs": 7, "vm output": 644493, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:46:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 1208, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12540, "distributor delayed": 587, "distributor undelayed": 587, "distributor violated": 0, "exec candidate": 2265, "exec collide": 22898, "exec fuzz": 43462, "exec gen": 2262, "exec hints": 12621, "exec inject": 0, "exec minimize": 19299, "exec retries": 0, "exec seeds": 3599, "exec smash": 29937, "exec total [base]": 60806, "exec total [new]": 146304, "exec triage": 3225, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 12985, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9717, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1388, "no exec duration": 16003000000, "no exec requests": 18, "pending": 0, "prog exec time": 282, "reproducing": 0, "rpc recv": 4457230212, "rpc sent": 349239344, "signal": 11962, "smash jobs": 8, "triage jobs": 9, "vm output": 882528, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:51:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 10, "corpus": 1296, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12902, "distributor delayed": 625, "distributor undelayed": 625, "distributor violated": 0, "exec candidate": 2265, "exec collide": 31106, "exec fuzz": 58880, "exec gen": 3100, "exec hints": 13692, "exec inject": 0, "exec minimize": 21131, "exec retries": 0, "exec seeds": 3870, "exec smash": 32178, "exec total [base]": 72556, "exec total [new]": 176396, "exec triage": 3438, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13352, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10639, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1482, "no exec duration": 16003000000, "no exec requests": 18, "pending": 0, "prog exec time": 361, "reproducing": 0, "rpc recv": 5238740888, "rpc sent": 439797856, "signal": 12369, "smash jobs": 5, "triage jobs": 3, "vm output": 1206328, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:56:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 12, "corpus": 1362, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 13083, "distributor delayed": 663, "distributor undelayed": 663, "distributor violated": 0, "exec candidate": 2265, "exec collide": 39874, "exec fuzz": 75485, "exec gen": 3987, "exec hints": 14889, "exec inject": 0, "exec minimize": 22141, "exec retries": 0, "exec seeds": 4068, "exec smash": 33742, "exec total [base]": 84554, "exec total [new]": 206816, "exec triage": 3627, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 25, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13558, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11126, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1567, "no exec duration": 16014000000, "no exec requests": 19, "pending": 0, "prog exec time": 281, "reproducing": 0, "rpc recv": 5935240728, "rpc sent": 532250152, "signal": 12583, "smash jobs": 11, "triage jobs": 7, "vm output": 1503623, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/08 18:58:48 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/08 18:58:48 syz-diff (new): kernel context loop terminated 2025/09/08 18:58:48 syz-diff (base): kernel context loop terminated 2025/09/08 18:58:48 diff fuzzing terminated 2025/09/08 18:58:48 bug reporting terminated 2025/09/08 18:58:48 status reporting terminated 2025/09/08 18:58:48 fuzzing is finished 2025/09/08 18:58:48 status at the end: Title On-Base On-Patched